Incorrect password hash funct used during migration

[Paurikova2]

…unct

Phases	MP	MM	MB	MR	JM	Total
ETA	0	0	0	0	0	0
Developing	2	0	0	0	0	0
Review	0	0	0	0	0	0
Total	-	-	-	-	-	0
ETA est.						0
ETA cust.	-	-	-	-	-	0

Problem description

During migration, the password is already hashed; we do not want to hash it again.

Solutioin

Use a different hash function during migration.

Summary by CodeRabbit

• New Features

  • Enhanced user import functionality to allow setting a pre-hashed password with its hashing algorithm and salt during import.

• Tests

  • Updated tests to cover the new password, salt, and digest algorithm parameters and to verify that imported users have a password set.

[coderabbitai]

Walkthrough

The importEPerson method in ClarinEPersonImportController was updated to accept and process pre-hashed password parameters ("passwordHashStr", "digestAlgorithm", and "salt") from HTTP requests. The method now sets the hashed password directly on the EPerson entity. Corresponding integration tests were updated to include and verify these new parameters.

Changes

File(s)	Change Summary
dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/ClarinEPersonImportController.java	Modified importEPerson to accept passwordHashStr, digestAlgorithm, and salt parameters; updated password handling logic and method signature to throw DecoderException.
dspace-server-webapp/src/test/java/org/dspace/app/rest/ClarinEPersonImportControllerIT.java	Updated test to send new passwordHashStr, salt, and digestAlgorithm parameters and assert that the EPerson has a password set.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant Controller
    participant EPersonService
    participant Database

    Client->>Controller: POST /api/clarin/import/eperson (with passwordHashStr, salt, digestAlgorithm)
    Controller->>Controller: Parse request parameters
    Controller->>EPersonService: setPasswordHash(ePerson, PasswordHash)
    EPersonService->>Database: Update EPerson with hashed password
    Controller-->>Client: Return EPersonRest response

Loading

Poem

A rabbit hopped with code to share,
Now passwords hashed with extra care.
Salt and algorithm join the dance,
Security given a stronger chance.
Tests now check if all is set—
A safer warren, you can bet!
🐇🔑

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cb7588c and b440ead.

📒 Files selected for processing (2)

• dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/ClarinEPersonImportController.java (5 hunks)
• dspace-server-webapp/src/test/java/org/dspace/app/rest/ClarinEPersonImportControllerIT.java (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/ClarinEPersonImportController.java
• dspace-server-webapp/src/test/java/org/dspace/app/rest/ClarinEPersonImportControllerIT.java

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: dspace-dependencies / docker-build (linux/amd64, ubuntu-latest, true)
• GitHub Check: Run Integration Tests
• GitHub Check: Run Unit Tests

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Pull Request Overview

This PR updates the ClarinEPerson import flow to accept and apply an already-hashed password, avoiding double-hashing during migration.

• Controller now reads password, salt, and digestAlgorithm parameters and uses PasswordHash.
• Integration test is extended to send hash-related parameters and assert that a password is set.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/ClarinEPersonImportController.java	Read hashed password inputs, construct PasswordHash, and call ePersonService.setPasswordHash.
dspace-server-webapp/src/test/java/org/dspace/app/rest/ClarinEPersonImportControllerIT.java	Send password, salt, and digestAlgorithm in the test request and verify hasPasswordSet.

Comments suppressed due to low confidence (3)

dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/ClarinEPersonImportController.java:79

• Propagating DecoderException directly will surface internal details to clients; consider catching it and throwing an UnprocessableEntityException to return a 422 with a clear message.

            throws AuthorizeException, SQLException, DecoderException {

dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/ClarinEPersonImportController.java:103

• Public API behavior has changed—update the method JavaDoc to document the new password, salt, and digestAlgorithm parameters and their expected formats.

        //the password is already hashed in the request

dspace-server-webapp/src/test/java/org/dspace/app/rest/ClarinEPersonImportControllerIT.java:95

• The test only checks that a password is set; add assertions to verify that the stored salt and digest algorithm on the created EPerson match the inputs.

            assertTrue(createdEperson.hasPasswordSet());

[coderabbitai]

Actionable comments posted: 5

🔭 Outside diff range comments (3)

dspace-server-webapp/src/test/java/org/dspace/app/rest/ClarinEPersonImportControllerIT.java (3)

77-95: Add test coverage for missing password parameters.

While the happy path is tested, consider adding test cases for error scenarios such as missing or invalid password parameters to ensure robust error handling.

Consider adding a test method like:

@Test
public void createEpersonWithMissingPasswordParametersTest() throws Exception {
    // Test that missing password parameters result in appropriate error response
    String authToken = getAuthToken(admin.getEmail(), password);
    
    getClient(authToken).perform(post("/api/clarin/import/eperson")
                    .content(mapper.writeValueAsBytes(data))
                    .contentType(contentType)
                    .param("lastActive", "2018-02-10T13:21:29.733")
                    // Intentionally omit password parameters
                    )
            .andExpect(status().isUnprocessableEntity());
}

---

52-99: Add comprehensive test coverage for error scenarios.

The current test only covers the happy path. Critical error scenarios should be tested to ensure robust error handling.

Add the following test methods to improve coverage:

@Test
public void createEpersonWithMissingPasswordParametersTest() throws Exception {
    // Test missing password parameters
    ObjectMapper mapper = new ObjectMapper();
    EPersonRest data = createBasicEPersonData();
    String authToken = getAuthToken(admin.getEmail(), password);

    getClient(authToken).perform(post("/api/clarin/import/eperson")
                    .content(mapper.writeValueAsBytes(data))
                    .contentType(contentType)
                    .param("projection", "full")
                    .param("selfRegistered", "true")
                    .param("lastActive", "2018-02-10T13:21:29.733"))
            .andExpect(status().isUnprocessableEntity());
}

@Test
public void createEpersonWithInvalidDigestAlgorithmTest() throws Exception {
    // Test invalid digest algorithm
    ObjectMapper mapper = new ObjectMapper();
    EPersonRest data = createBasicEPersonData();
    String authToken = getAuthToken(admin.getEmail(), password);

    getClient(authToken).perform(post("/api/clarin/import/eperson")
                    .content(mapper.writeValueAsBytes(data))
                    .contentType(contentType)
                    .param("projection", "full")
                    .param("selfRegistered", "true")
                    .param("lastActive", "2018-02-10T13:21:29.733")
                    .param("password", "test_hash")
                    .param("salt", "test_salt")
                    .param("digestAlgorithm", "INVALID_ALGORITHM"))
            .andExpected(status().isUnprocessableEntity());
}

private EPersonRest createBasicEPersonData() {
    EPersonRest data = new EPersonRest();
    MetadataRest metadataRest = new MetadataRest();
    data.setEmail("createtest@example.com");
    data.setCanLogIn(true);
    MetadataValueRest surname = new MetadataValueRest();
    surname.setValue("Doe");
    metadataRest.put("eperson.lastname", surname);
    MetadataValueRest firstname = new MetadataValueRest();
    firstname.setValue("John");
    metadataRest.put("eperson.firstname", firstname);
    data.setMetadata(metadataRest);
    return data;
}

---

102-144: Update second test method to include password parameters.

The createEpersonDifferentLastActiveFormatTest method doesn't include the new password parameters, which means it's testing a different code path than the main functionality and may fail.

Update the test to include password parameters for consistency:

         try {
             getClient(authToken).perform(post("/api/clarin/import/eperson")
                             .content(mapper.writeValueAsBytes(data))
                             .contentType(contentType)
                             .param("projection", "full")
                             .param("selfRegistered", "true")
-                            .param("lastActive", "2018-02-10T13:21:29.733"))
+                            .param("lastActive", "2018-02-10T13:21:29.733")
+                            .param("password", "test_hashed_password_value")
+                            .param("salt", "test_salt_value")
+                            .param("digestAlgorithm", "SHA-512"))
                     .andExpect(status().isOk())

Also add the password verification assertion:

             assertEquals(createdEperson.getFirstName(), "John");
             assertEquals(createdEperson.getLastName(), "Doe");
+            assertTrue(createdEperson.hasPasswordSet());

🧹 Nitpick comments (5)

dspace-server-webapp/src/test/java/org/dspace/app/rest/ClarinEPersonImportControllerIT.java (2)

102-144: Consider adding password parameters to the second test method.

The createEpersonDifferentLastActiveFormatTest method doesn't include the new password-related parameters, which means it tests a different code path. Consider whether this test should also include password parameters for comprehensive coverage of the migration functionality.

 getClient(authToken).perform(post("/api/clarin/import/eperson")
                 .content(mapper.writeValueAsBytes(data))
                 .contentType(contentType)
                 .param("projection", "full")
                 .param("selfRegistered", "true")
-                .param("lastActive", "2018-02-10T13:21:29.733"))
+                .param("lastActive", "2018-02-10T13:21:29.733")
+                .param("password", "5b62ec4a3492ec34f1e659e93a6c204c8a72b2f53d1a60e83f48bdb2e5718ebf")
+                .param("salt", "7f9d4e63bde7a0d546d8e6f4e32870f3")
+                .param("digestAlgorithm", "SHA-512"))

And add the password assertion:

 assertEquals(createdEperson.getFirstName(), "John");
 assertEquals(createdEperson.getLastName(), "Doe");
+assertTrue(createdEperson.hasPasswordSet());

---

78-81: Security concern: Hardcoded sensitive test data.

The test contains hardcoded password hash and salt values, which could be considered sensitive information in test code.

Consider using more generic or clearly fake test values to avoid any potential security concerns:

-                            .param("password",
-                                    "5b62ec4a3492ec34f1e659e93a6c204c8a72b2f53d1a60e83f48bdb2e5718ebf")
-                            .param("salt", "7f9d4e63bde7a0d546d8e6f4e32870f3")
+                            .param("password", "test_hashed_password_value_for_migration")
+                            .param("salt", "test_salt_value_for_migration")

dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/ClarinEPersonImportController.java (3)

24-24: Remove unused import.

The DecoderException import is added but never used in the current implementation.

-import org.apache.commons.codec.DecoderException;

---

79-79: Remove unused exception declaration.

The method declares throws DecoderException but doesn't throw this exception anywhere in the implementation.

-    public EPersonRest importEPerson(HttpServletRequest request)
-            throws AuthorizeException, SQLException, DecoderException {
+    public EPersonRest importEPerson(HttpServletRequest request)
+            throws AuthorizeException, SQLException {

---

63-75: Update method documentation.

The method documentation doesn't mention the new password-related parameters that are now required for the import functionality.

 /**
  * Endpoint for import eperson.
  * The mapping for requested endpoint, for example
  * <pre>
  * {@code
  * https://<dspace.server.url>/api/clarin/import/eperson
  * }
  * </pre>
+ * @param request request containing eperson data and pre-hashed password parameters
+ *                (password, digestAlgorithm, salt) for migration purposes
- * @param request request
  * @return created eperson converted to rest
  * @throws AuthorizeException if authorization error
  * @throws SQLException       if database error
  */

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ad83d4d and cb7588c.

📒 Files selected for processing (2)

• dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/ClarinEPersonImportController.java (5 hunks)
• dspace-server-webapp/src/test/java/org/dspace/app/rest/ClarinEPersonImportControllerIT.java (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: dspace-dependencies / docker-build (linux/amd64, ubuntu-latest, true)
• GitHub Check: Run Unit Tests
• GitHub Check: Run Integration Tests

🔇 Additional comments (13)

dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/ClarinEPersonImportController.java (8)

24-24: LGTM - Appropriate import addition.

The DecoderException import is correctly added to support the PasswordHash constructor that may throw this exception.

---

36-36: LGTM - Required import for password hash functionality.

The PasswordHash import is necessary for the new pre-hashed password handling logic.

---

103-105: LGTM - Correct implementation for pre-hashed password handling.

The implementation correctly addresses the migration issue by:

1. Creating a PasswordHash object with the pre-hashed data
2. Setting it directly on the EPerson without re-hashing
3. Including a clear comment explaining the purpose

This prevents the double-hashing problem described in the PR objectives.

---

79-79: Verify the DecoderException is actually thrown.

The method signature was updated to include DecoderException, but reviewing the PasswordHash constructor usage, it's unclear if this exception is actually thrown in the current implementation path.

---

24-24: LGTM: Appropriate import for DecoderException.

The DecoderException import is correctly added to support the throws clause in the method signature.

---

36-36: LGTM: PasswordHash import added for pre-hashed password handling.

The PasswordHash import is correctly added to support the new password handling functionality.

---

79-79: LGTM: Method signature updated with appropriate exception.

The DecoderException is properly added to the throws clause to handle potential decoding errors from the PasswordHash constructor.

---

104-105: Good implementation for avoiding double hashing.

The implementation correctly creates a PasswordHash object with pre-hashed data and sets it directly on the EPerson, which addresses the PR objective of avoiding re-hashing already hashed passwords during migration.

dspace-server-webapp/src/test/java/org/dspace/app/rest/ClarinEPersonImportControllerIT.java (5)

77-81: LGTM - Test parameters align with controller changes.

The test correctly includes the new password-related parameters that match the controller's expected input format. The parameter values appear to be valid test data representing a pre-hashed password with SHA-512 algorithm.

---

95-95: LGTM - Appropriate assertion for password verification.

The test correctly verifies that the EPerson has a password set using hasPasswordSet(), which confirms the new password import functionality is working as expected.

---

77-81: LGTM: Test properly includes pre-hashed password parameters.

The test correctly includes the new password, salt, and digestAlgorithm parameters that align with the controller changes. The test values appear to be realistic representations of hashed password data.

---

95-95: LGTM: Appropriate assertion for password verification.

The assertion correctly verifies that the created EPerson has a password set, which is essential for confirming the pre-hashed password functionality works as expected.

---

95-95: Good test assertion for password verification.

The assertion correctly verifies that the imported EPerson has a password set, which validates the core functionality.

[milanmajchrak]

Why not validating request parameters as coderabbit suggested?

[Paurikova2]

Why not validating request parameters as coderabbit suggested?

@milanmajchrak Is this question for me? because you approved this PR, i am not sure...

[vidiecan]

comment/rename