Meishin/LoginSystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '472-confirm-email-recovery' of https://github.com/AuthMe-Team/AuthMeReloaded

Browse Source
This commit is contained in:
ljacqu 2016-09-16 23:45:54 +02:00
commit 0aa02b70f0
23 changed files with 503 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/main/java/fr/xephi/authme/cache/SessionManager.java vendored
View File

@ -11,13 +11,14 @@ import java.util.Iterator;
import java.util.Map; import java.util.Map;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
import static fr.xephi.authme.util.Utils.MILLIS_PER_MINUTE;
/** /**
* Manages sessions, allowing players to be automatically logged in if they join again * Manages sessions, allowing players to be automatically logged in if they join again
* within a configurable amount of time. * within a configurable amount of time.
*/ */
public class SessionManager implements SettingsDependent, HasCleanup { public class SessionManager implements SettingsDependent, HasCleanup {
private static final int MINUTE_IN_MILLIS = 60_000;
// Player -> expiration of session in milliseconds // Player -> expiration of session in milliseconds
private final Map<String, Long> sessions = new ConcurrentHashMap<>(); private final Map<String, Long> sessions = new ConcurrentHashMap<>();
@ -52,7 +53,7 @@ public class SessionManager implements SettingsDependent, HasCleanup {
*/ */
public void addSession(String name) { public void addSession(String name) {
if (enabled) { if (enabled) {
long timeout = System.currentTimeMillis() + timeoutInMinutes * MINUTE_IN_MILLIS; long timeout = System.currentTimeMillis() + timeoutInMinutes * MILLIS_PER_MINUTE;
sessions.put(name.toLowerCase(), timeout); sessions.put(name.toLowerCase(), timeout);
} }
} }

7
src/main/java/fr/xephi/authme/cache/TempbanManager.java vendored
View File

@ -18,14 +18,13 @@ import java.util.Map;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
import static fr.xephi.authme.settings.properties.SecuritySettings.TEMPBAN_MINUTES_BEFORE_RESET; import static fr.xephi.authme.settings.properties.SecuritySettings.TEMPBAN_MINUTES_BEFORE_RESET;
import static fr.xephi.authme.util.Utils.MILLIS_PER_MINUTE;
/** /**
* Manager for handling temporary bans. * Manager for handling temporary bans.
*/ */
public class TempbanManager implements SettingsDependent, HasCleanup { public class TempbanManager implements SettingsDependent, HasCleanup {
private static final long MINUTE_IN_MILLISECONDS = 60_000;
private final Map<String, Map<String, TimedCounter>> ipLoginFailureCounts; private final Map<String, Map<String, TimedCounter>> ipLoginFailureCounts;
private final BukkitService bukkitService; private final BukkitService bukkitService;
private final Messages messages; private final Messages messages;
@ -113,7 +112,7 @@ public class TempbanManager implements SettingsDependent, HasCleanup {
final String reason = messages.retrieveSingle(MessageKey.TEMPBAN_MAX_LOGINS); final String reason = messages.retrieveSingle(MessageKey.TEMPBAN_MAX_LOGINS);
final Date expires = new Date(); final Date expires = new Date();
long newTime = expires.getTime() + (length * MINUTE_IN_MILLISECONDS); long newTime = expires.getTime() + (length * MILLIS_PER_MINUTE);
expires.setTime(newTime); expires.setTime(newTime);
bukkitService.scheduleSyncDelayedTask(new Runnable() { bukkitService.scheduleSyncDelayedTask(new Runnable() {
@ -133,7 +132,7 @@ public class TempbanManager implements SettingsDependent, HasCleanup {
this.isEnabled = settings.getProperty(SecuritySettings.TEMPBAN_ON_MAX_LOGINS); this.isEnabled = settings.getProperty(SecuritySettings.TEMPBAN_ON_MAX_LOGINS);
this.threshold = settings.getProperty(SecuritySettings.MAX_LOGIN_TEMPBAN); this.threshold = settings.getProperty(SecuritySettings.MAX_LOGIN_TEMPBAN);
this.length = settings.getProperty(SecuritySettings.TEMPBAN_LENGTH); this.length = settings.getProperty(SecuritySettings.TEMPBAN_LENGTH);
this.resetThreshold = settings.getProperty(TEMPBAN_MINUTES_BEFORE_RESET) * MINUTE_IN_MILLISECONDS; this.resetThreshold = settings.getProperty(TEMPBAN_MINUTES_BEFORE_RESET) * MILLIS_PER_MINUTE;
} }
@Override @Override

1
src/main/java/fr/xephi/authme/command/CommandInitializer.java
View File

@ -384,6 +384,7 @@ public class CommandInitializer {
.detailedDescription("Recover your account using an Email address by sending a mail containing " + .detailedDescription("Recover your account using an Email address by sending a mail containing " +
"a new password.") "a new password.")
.withArgument("email", "Email address", false) .withArgument("email", "Email address", false)
.withArgument("code", "Recovery code", true)
.permission(PlayerPermission.RECOVER_EMAIL) .permission(PlayerPermission.RECOVER_EMAIL)
.executableCommand(RecoverEmailCommand.class) .executableCommand(RecoverEmailCommand.class)
.build(); .build();

57
src/main/java/fr/xephi/authme/command/executable/email/RecoverEmailCommand.java
View File

@ -11,12 +11,17 @@ import fr.xephi.authme.output.MessageKey;
import fr.xephi.authme.security.PasswordSecurity; import fr.xephi.authme.security.PasswordSecurity;
import fr.xephi.authme.security.RandomString; import fr.xephi.authme.security.RandomString;
import fr.xephi.authme.security.crypts.HashedPassword; import fr.xephi.authme.security.crypts.HashedPassword;
import fr.xephi.authme.settings.properties.EmailSettings; import fr.xephi.authme.service.RecoveryCodeManager;
import org.bukkit.entity.Player; import org.bukkit.entity.Player;
import javax.inject.Inject; import javax.inject.Inject;
import java.util.List; import java.util.List;
import static fr.xephi.authme.settings.properties.EmailSettings.RECOVERY_PASSWORD_LENGTH;
/**
* Command for password recovery by email.
*/
public class RecoverEmailCommand extends PlayerCommand { public class RecoverEmailCommand extends PlayerCommand {
@Inject @Inject
@ -34,6 +39,9 @@ public class RecoverEmailCommand extends PlayerCommand {
@Inject @Inject
private SendMailSSL sendMailSsl; private SendMailSSL sendMailSsl;
@Inject
private RecoveryCodeManager recoveryCodeManager;
@Override @Override
public void runCommand(Player player, List<String> arguments) { public void runCommand(Player player, List<String> arguments) {
final String playerMail = arguments.get(0); final String playerMail = arguments.get(0);
@ -49,22 +57,55 @@ public class RecoverEmailCommand extends PlayerCommand {
return; return;
} }
PlayerAuth auth = dataSource.getAuth(playerName); PlayerAuth auth = dataSource.getAuth(playerName); // TODO: Create method to get email only
if (auth == null) { if (auth == null) {
commandService.send(player, MessageKey.REGISTER_EMAIL_MESSAGE); commandService.send(player, MessageKey.REGISTER_EMAIL_MESSAGE);
return; return;
} }
if (!playerMail.equalsIgnoreCase(auth.getEmail()) || "your@email.com".equalsIgnoreCase(auth.getEmail())) { final String email = auth.getEmail();
if (email == null || !email.equalsIgnoreCase(playerMail) || "your@email.com".equalsIgnoreCase(email)) {
commandService.send(player, MessageKey.INVALID_EMAIL); commandService.send(player, MessageKey.INVALID_EMAIL);
return; return;
} }
String thePass = RandomString.generate(commandService.getProperty(EmailSettings.RECOVERY_PASSWORD_LENGTH)); if (recoveryCodeManager.isRecoveryCodeNeeded()) {
HashedPassword hashNew = passwordSecurity.computeHash(thePass, playerName); // Process /email recovery addr@example.com
auth.setPassword(hashNew); if (arguments.size() == 1) {
dataSource.updatePassword(auth); createAndSendRecoveryCode(player, email);
sendMailSsl.sendPasswordMail(auth, thePass); } else {
// Process /email recovery addr@example.com 12394
processRecoveryCode(player, arguments.get(1), email);
}
} else {
generateAndSendNewPassword(player, email);
}
}
private void createAndSendRecoveryCode(Player player, String email) {
String recoveryCode = recoveryCodeManager.generateCode(player.getName());
sendMailSsl.sendRecoveryCode(player.getName(), email, recoveryCode);
commandService.send(player, MessageKey.RECOVERY_CODE_SENT);
}
private void processRecoveryCode(Player player, String code, String email) {
final String name = player.getName();
if (!recoveryCodeManager.isCodeValid(name, code)) {
commandService.send(player, MessageKey.INCORRECT_RECOVERY_CODE);
return;
}
generateAndSendNewPassword(player, email);
recoveryCodeManager.removeCode(name);
}
private void generateAndSendNewPassword(Player player, String email) {
String name = player.getName();
String thePass = RandomString.generate(commandService.getProperty(RECOVERY_PASSWORD_LENGTH));
HashedPassword hashNew = passwordSecurity.computeHash(thePass, name);
dataSource.updatePassword(name, hashNew);
sendMailSsl.sendPasswordMail(name, email, thePass);
commandService.send(player, MessageKey.RECOVERY_EMAIL_SENT_MESSAGE); commandService.send(player, MessageKey.RECOVERY_EMAIL_SENT_MESSAGE);
} }
} }

1
src/main/java/fr/xephi/authme/datasource/CacheDataSource.java
View File

@ -8,7 +8,6 @@ import com.google.common.util.concurrent.ListenableFuture;
import com.google.common.util.concurrent.ListeningExecutorService; import com.google.common.util.concurrent.ListeningExecutorService;
import com.google.common.util.concurrent.MoreExecutors; import com.google.common.util.concurrent.MoreExecutors;
import com.google.common.util.concurrent.ThreadFactoryBuilder; import com.google.common.util.concurrent.ThreadFactoryBuilder;
import fr.xephi.authme.ConsoleLogger; import fr.xephi.authme.ConsoleLogger;
import fr.xephi.authme.cache.auth.PlayerAuth; import fr.xephi.authme.cache.auth.PlayerAuth;
import fr.xephi.authme.cache.auth.PlayerCache; import fr.xephi.authme.cache.auth.PlayerCache;

41
src/main/java/fr/xephi/authme/mail/SendMailSSL.java
View File

@ -2,9 +2,9 @@ package fr.xephi.authme.mail;
import fr.xephi.authme.AuthMe; import fr.xephi.authme.AuthMe;
import fr.xephi.authme.ConsoleLogger; import fr.xephi.authme.ConsoleLogger;
import fr.xephi.authme.cache.auth.PlayerAuth;
import fr.xephi.authme.settings.Settings; import fr.xephi.authme.settings.Settings;
import fr.xephi.authme.settings.properties.EmailSettings; import fr.xephi.authme.settings.properties.EmailSettings;
import fr.xephi.authme.settings.properties.SecuritySettings;
import fr.xephi.authme.util.BukkitService; import fr.xephi.authme.util.BukkitService;
import fr.xephi.authme.util.StringUtils; import fr.xephi.authme.util.StringUtils;
import org.apache.commons.mail.EmailConstants; import org.apache.commons.mail.EmailConstants;
@ -53,16 +53,17 @@ public class SendMailSSL {
/** /**
* Sends an email to the user with his new password. * Sends an email to the user with his new password.
* *
* @param auth the player auth of the player * @param name the name of the player
* @param mailAddress the player's email
* @param newPass the new password * @param newPass the new password
*/ */
public void sendPasswordMail(final PlayerAuth auth, final String newPass) { public void sendPasswordMail(String name, String mailAddress, String newPass) {
if (!hasAllInformation()) { if (!hasAllInformation()) {
ConsoleLogger.warning("Cannot perform email registration: not all email settings are complete"); ConsoleLogger.warning("Cannot perform email registration: not all email settings are complete");
return; return;
} }
final String mailText = replaceMailTags(settings.getEmailMessage(), auth, newPass); final String mailText = replaceTagsForPasswordMail(settings.getPasswordEmailMessage(), name, newPass);
bukkitService.runTaskAsynchronously(new Runnable() { bukkitService.runTaskAsynchronously(new Runnable() {
@Override @Override
@ -70,7 +71,7 @@ public class SendMailSSL {
Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader()); Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
HtmlEmail email; HtmlEmail email;
try { try {
email = initializeMail(auth.getEmail()); email = initializeMail(mailAddress);
} catch (EmailException e) { } catch (EmailException e) {
ConsoleLogger.logException("Failed to create email with the given settings:", e); ConsoleLogger.logException("Failed to create email with the given settings:", e);
return; return;
@ -81,11 +82,11 @@ public class SendMailSSL {
File file = null; File file = null;
if (settings.getProperty(EmailSettings.PASSWORD_AS_IMAGE)) { if (settings.getProperty(EmailSettings.PASSWORD_AS_IMAGE)) {
try { try {
file = generateImage(auth.getNickname(), plugin, newPass); file = generateImage(name, plugin, newPass);
content = embedImageIntoEmailContent(file, email, content); content = embedImageIntoEmailContent(file, email, content);
} catch (IOException | EmailException e) { } catch (IOException | EmailException e) {
ConsoleLogger.logException( ConsoleLogger.logException(
"Unable to send new password as image for email " + auth.getEmail() + ":", e); "Unable to send new password as image for email " + mailAddress + ":", e);
} }
} }
@ -97,6 +98,20 @@ public class SendMailSSL {
}); });
} }
public void sendRecoveryCode(String name, String email, String code) {
String message = replaceTagsForRecoveryCodeMail(settings.getRecoveryCodeEmailMessage(),
name, code, settings.getProperty(SecuritySettings.RECOVERY_CODE_HOURS_VALID));
HtmlEmail htmlEmail;
try {
htmlEmail = initializeMail(email);
} catch (EmailException e) {
ConsoleLogger.logException("Failed to create email for recovery code:", e);
return;
}
sendEmail(message, htmlEmail);
}
private static File generateImage(String name, AuthMe plugin, String newPass) throws IOException { private static File generateImage(String name, AuthMe plugin, String newPass) throws IOException {
ImageGenerator gen = new ImageGenerator(newPass); ImageGenerator gen = new ImageGenerator(newPass);
File file = new File(plugin.getDataFolder(), name + "_new_pass.jpg"); File file = new File(plugin.getDataFolder(), name + "_new_pass.jpg");
@ -149,13 +164,21 @@ public class SendMailSSL {
} }
} }
private String replaceMailTags(String mailText, PlayerAuth auth, String newPass) { private String replaceTagsForPasswordMail(String mailText, String name, String newPass) {
return mailText return mailText
.replace("<playername />", auth.getNickname()) .replace("<playername />", name)
.replace("<servername />", plugin.getServer().getServerName()) .replace("<servername />", plugin.getServer().getServerName())
.replace("<generatedpass />", newPass); .replace("<generatedpass />", newPass);
} }
private String replaceTagsForRecoveryCodeMail(String mailText, String name, String code, int hoursValid) {
return mailText
.replace("<playername />", name)
.replace("<servername />", plugin.getServer().getServerName())
.replace("<recoverycode />", code)
.replace("<hoursvalid />", String.valueOf(hoursValid));
}
private void setPropertiesForPort(HtmlEmail email, int port) throws EmailException { private void setPropertiesForPort(HtmlEmail email, int port) throws EmailException {
switch (port) { switch (port) {
case 587: case 587:

6
src/main/java/fr/xephi/authme/output/MessageKey.java
View File

@ -147,7 +147,11 @@ public enum MessageKey {
KICK_FOR_ADMIN_REGISTER("kicked_admin_registered"), KICK_FOR_ADMIN_REGISTER("kicked_admin_registered"),
INCOMPLETE_EMAIL_SETTINGS("incomplete_email_settings"); INCOMPLETE_EMAIL_SETTINGS("incomplete_email_settings"),
RECOVERY_CODE_SENT("recovery_code_sent"),
INCORRECT_RECOVERY_CODE("recovery_code_incorrect");
private String key; private String key;
private String[] tags; private String[] tags;

2
src/main/java/fr/xephi/authme/process/register/AsyncRegister.java
View File

@ -149,7 +149,7 @@ public class AsyncRegister implements AsynchronousProcess {
} }
database.updateEmail(auth); database.updateEmail(auth);
database.updateSession(auth); database.updateSession(auth);
sendMailSsl.sendPasswordMail(auth, password); sendMailSsl.sendPasswordMail(name, email, password);
syncProcessManager.processSyncEmailRegister(player); syncProcessManager.processSyncEmailRegister(player);
} }

99
src/main/java/fr/xephi/authme/service/RecoveryCodeManager.java Normal file
View File

@ -0,0 +1,99 @@
package fr.xephi.authme.service;
import com.google.common.annotations.VisibleForTesting;
import fr.xephi.authme.initialization.SettingsDependent;
import fr.xephi.authme.security.RandomString;
import fr.xephi.authme.settings.Settings;
import fr.xephi.authme.settings.properties.SecuritySettings;
import javax.inject.Inject;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import static fr.xephi.authme.settings.properties.SecuritySettings.RECOVERY_CODE_HOURS_VALID;
import static fr.xephi.authme.util.Utils.MILLIS_PER_HOUR;
/**
* Manager for recovery codes.
*/
public class RecoveryCodeManager implements SettingsDependent {
private Map<String, ExpiringEntry> recoveryCodes = new ConcurrentHashMap<>();
private int recoveryCodeLength;
private long recoveryCodeExpirationMillis;
@Inject
RecoveryCodeManager(Settings settings) {
reload(settings);
}
/**
* @return whether recovery codes are enabled or not
*/
public boolean isRecoveryCodeNeeded() {
return recoveryCodeLength > 0 && recoveryCodeExpirationMillis > 0;
}
/**
* Generates the recovery code for the given player.
*
* @param player the player to generate a code for
* @return the generated code
*/
public String generateCode(String player) {
String code = RandomString.generateHex(recoveryCodeLength);
recoveryCodes.put(player, new ExpiringEntry(code, System.currentTimeMillis() + recoveryCodeExpirationMillis));
return code;
}
/**
* Checks whether the supplied code is valid for the given player.
*
* @param player the player to check for
* @param code the code to check
* @return true if the code matches and has not expired, false otherwise
*/
public boolean isCodeValid(String player, String code) {
ExpiringEntry entry = recoveryCodes.get(player);
if (entry != null) {
return code != null && code.equals(entry.getCode());
}
return false;
}
/**
* Removes the player's recovery code if present.
*
* @param player the player
*/
public void removeCode(String player) {
recoveryCodes.remove(player);
}
@Override
public void reload(Settings settings) {
recoveryCodeLength = settings.getProperty(SecuritySettings.RECOVERY_CODE_LENGTH);
recoveryCodeExpirationMillis = settings.getProperty(RECOVERY_CODE_HOURS_VALID) * MILLIS_PER_HOUR;
}
/**
* Entry with an expiration.
*/
@VisibleForTesting
static final class ExpiringEntry {
private final String code;
private final long expiration;
ExpiringEntry(String code, long expiration) {
this.code = code;
this.expiration = expiration;
}
String getCode() {
return System.currentTimeMillis() < expiration ? code : null;
}
}
}

63
src/main/java/fr/xephi/authme/settings/Settings.java
View File

@ -4,16 +4,14 @@ import com.github.authme.configme.SettingsManager;
import com.github.authme.configme.knownproperties.PropertyEntry; import com.github.authme.configme.knownproperties.PropertyEntry;
import com.github.authme.configme.migration.MigrationService; import com.github.authme.configme.migration.MigrationService;
import com.github.authme.configme.resource.PropertyResource; import com.github.authme.configme.resource.PropertyResource;
import com.google.common.base.Charsets;
import com.google.common.io.Files; import com.google.common.io.Files;
import fr.xephi.authme.ConsoleLogger; import fr.xephi.authme.ConsoleLogger;
import fr.xephi.authme.settings.properties.PluginSettings; import fr.xephi.authme.settings.properties.PluginSettings;
import fr.xephi.authme.settings.properties.RegistrationSettings;
import fr.xephi.authme.util.StringUtils; import fr.xephi.authme.util.StringUtils;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.List; import java.util.List;
import static fr.xephi.authme.util.FileUtils.copyFileFromResource; import static fr.xephi.authme.util.FileUtils.copyFileFromResource;
@ -26,8 +24,9 @@ public class Settings extends SettingsManager {
private final File pluginFolder; private final File pluginFolder;
/** The file with the localized messages based on {@link PluginSettings#MESSAGES_LANGUAGE}. */ /** The file with the localized messages based on {@link PluginSettings#MESSAGES_LANGUAGE}. */
private File messagesFile; private File messagesFile;
private List<String> welcomeMessage; private String[] welcomeMessage;
private String emailMessage; private String passwordEmailMessage;
private String recoveryCodeEmailMessage;
/** /**
* Constructor. * Constructor.
@ -67,8 +66,17 @@ public class Settings extends SettingsManager {
* *
* @return The email message * @return The email message
*/ */
public String getEmailMessage() { public String getPasswordEmailMessage() {
return emailMessage; return passwordEmailMessage;
}
/**
* Return the text to use when someone requests to receive a recovery code.
*
* @return The email message
*/
public String getRecoveryCodeEmailMessage() {
return recoveryCodeEmailMessage;
} }
/** /**
@ -76,14 +84,15 @@ public class Settings extends SettingsManager {
* *
* @return The welcome message * @return The welcome message
*/ */
public List<String> getWelcomeMessage() { public String[] getWelcomeMessage() {
return welcomeMessage; return welcomeMessage;
} }
private void loadSettingsFromFiles() { private void loadSettingsFromFiles() {
messagesFile = buildMessagesFile(); messagesFile = buildMessagesFile();
welcomeMessage = readWelcomeMessage(); passwordEmailMessage = readFile("email.html");
emailMessage = readEmailMessage(); recoveryCodeEmailMessage = readFile("recovery_code_email.html");
welcomeMessage = readFile("welcome.txt").split("\n");
} }
@Override @Override
@ -114,30 +123,22 @@ public class Settings extends SettingsManager {
return StringUtils.makePath("messages", "messages_" + language + ".yml"); return StringUtils.makePath("messages", "messages_" + language + ".yml");
} }
private List<String> readWelcomeMessage() { /**
if (getProperty(RegistrationSettings.USE_WELCOME_MESSAGE)) { * Reads a file from the plugin folder or copies it from the JAR to the plugin folder.
final File welcomeFile = new File(pluginFolder, "welcome.txt"); *
final Charset charset = Charset.forName("UTF-8"); * @param filename the file to read
if (copyFileFromResource(welcomeFile, "welcome.txt")) { * @return the file's contents
try { */
return Files.readLines(welcomeFile, charset); private String readFile(String filename) {
} catch (IOException e) { final File file = new File(pluginFolder, filename);
ConsoleLogger.logException("Failed to read file '" + welcomeFile.getPath() + "':", e); if (copyFileFromResource(file, filename)) {
}
}
}
return new ArrayList<>(0);
}
private String readEmailMessage() {
final File emailFile = new File(pluginFolder, "email.html");
final Charset charset = Charset.forName("UTF-8");
if (copyFileFromResource(emailFile, "email.html")) {
try { try {
return Files.toString(emailFile, charset); return Files.toString(file, Charsets.UTF_8);
} catch (IOException e) { } catch (IOException e) {
ConsoleLogger.logException("Failed to read file '" + emailFile.getPath() + "':", e); ConsoleLogger.logException("Failed to read file '" + filename + "':", e);
} }
} else {
ConsoleLogger.warning("Failed to copy file '" + filename + "' from JAR");
} }
return ""; return "";
} }

8
src/main/java/fr/xephi/authme/settings/properties/SecuritySettings.java
View File

@ -109,6 +109,14 @@ public class SecuritySettings implements SettingsHolder {
public static final Property<Integer> TEMPBAN_MINUTES_BEFORE_RESET = public static final Property<Integer> TEMPBAN_MINUTES_BEFORE_RESET =
newProperty("Security.tempban.minutesBeforeCounterReset", 480); newProperty("Security.tempban.minutesBeforeCounterReset", 480);
@Comment("Number of characters a recovery code should have (0 to disable)")
public static final Property<Integer> RECOVERY_CODE_LENGTH =
newProperty("Security.recoveryCode.length", 8);
@Comment("How many hours is a recovery code valid for?")
public static final Property<Integer> RECOVERY_CODE_HOURS_VALID =
newProperty("Security.recoveryCode.validForHours", 4);
private SecuritySettings() { private SecuritySettings() {
} }

5
src/main/java/fr/xephi/authme/util/Utils.java
View File

@ -11,6 +11,11 @@ import java.util.regex.Pattern;
*/ */
public final class Utils { public final class Utils {
/** Number of milliseconds in a minute. */
public static final long MILLIS_PER_MINUTE = 60_000L;
/** Number of milliseconds in an hour. */
public static final long MILLIS_PER_HOUR = 60 * MILLIS_PER_MINUTE;
private Utils() { private Utils() {
} }

5
src/main/resources/config.yml
View File

@ -338,6 +338,11 @@ Security:
# How many minutes before resetting the count for failed logins by IP and username # How many minutes before resetting the count for failed logins by IP and username
# Default: 480 minutes (8 hours) # Default: 480 minutes (8 hours)
minutesBeforeCounterReset: 480 minutesBeforeCounterReset: 480
recoveryCode:
# Number of characters a recovery code should have (0 to disable)
length: 8
# How many hours is a recovery code valid for?
validForHours: 4
Converter: Converter:
Rakamak: Rakamak:
# Rakamak file name # Rakamak file name

2
src/main/resources/messages/messages_en.yml
View File

@ -70,3 +70,5 @@ accounts_owned_self: 'You own %count accounts:'
accounts_owned_other: 'The player %name has %count accounts:' accounts_owned_other: 'The player %name has %count accounts:'
kicked_admin_registered: 'An admin just registered you; please log in again' kicked_admin_registered: 'An admin just registered you; please log in again'
incomplete_email_settings: 'Error: not all required settings are set for sending emails. Please contact an admin.' incomplete_email_settings: 'Error: not all required settings are set for sending emails. Please contact an admin.'
recovery_code_sent: 'A recovery code to reset your password has been sent to your email.'
recovery_code_incorrect: 'The recovery code is not correct! Use /email recovery [email] to generate a new one'

9
src/main/resources/recovery_code_email.html Normal file
View File

@ -0,0 +1,9 @@
<h1>Dear <playername />,</h1>
<p>
You have requested to reset your password on <servername />. To reset it,
please use the recovery code <recoverycode />: /email recover [email] <recoverycode />.
</p>
<p>
The code expires in <hoursvalid /> hours.
</p>

11
src/test/java/fr/xephi/authme/TestHelper.java
View File

@ -126,6 +126,17 @@ public final class TestHelper {
return logger; return logger;
} }
/**
* Set ConsoleLogger to use a new real logger.
*
* @return The real logger used by ConsoleLogger
*/
public static Logger setRealLogger() {
Logger logger = Logger.getAnonymousLogger();
ConsoleLogger.setLogger(logger);
return logger;
}
/** /**
* Check that a class only has a hidden, zero-argument constructor, preventing the * Check that a class only has a hidden, zero-argument constructor, preventing the
* instantiation of such classes (utility classes). Invokes the hidden constructor * instantiation of such classes (utility classes). Invokes the hidden constructor

131
src/test/java/fr/xephi/authme/command/executable/email/RecoverEmailCommandTest.java
View File

@ -9,26 +9,29 @@ import fr.xephi.authme.mail.SendMailSSL;
import fr.xephi.authme.output.MessageKey; import fr.xephi.authme.output.MessageKey;
import fr.xephi.authme.security.PasswordSecurity; import fr.xephi.authme.security.PasswordSecurity;
import fr.xephi.authme.security.crypts.HashedPassword; import fr.xephi.authme.security.crypts.HashedPassword;
import fr.xephi.authme.service.RecoveryCodeManager;
import fr.xephi.authme.settings.properties.EmailSettings; import fr.xephi.authme.settings.properties.EmailSettings;
import fr.xephi.authme.settings.properties.SecuritySettings;
import org.bukkit.entity.Player; import org.bukkit.entity.Player;
import org.junit.BeforeClass; import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.mockito.ArgumentCaptor;
import org.mockito.InjectMocks; import org.mockito.InjectMocks;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.runners.MockitoJUnitRunner; import org.mockito.runners.MockitoJUnitRunner;
import org.mockito.stubbing.Answer;
import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import static fr.xephi.authme.AuthMeMatchers.stringWithLength; import static fr.xephi.authme.AuthMeMatchers.stringWithLength;
import static org.junit.Assert.assertThat; import static org.junit.Assert.assertThat;
import static org.mockito.BDDMockito.given; import static org.mockito.BDDMockito.given;
import static org.mockito.Matchers.any;
import static org.mockito.Matchers.anyString; import static org.mockito.Matchers.anyString;
import static org.mockito.Matchers.argThat;
import static org.mockito.Matchers.eq; import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.mock; import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.only;
import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions; import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.mockito.Mockito.verifyZeroInteractions; import static org.mockito.Mockito.verifyZeroInteractions;
@ -58,6 +61,9 @@ public class RecoverEmailCommandTest {
@Mock @Mock
private SendMailSSL sendMailSsl; private SendMailSSL sendMailSsl;
@Mock
private RecoveryCodeManager recoveryCodeManager;
@BeforeClass @BeforeClass
public static void initLogger() { public static void initLogger() {
@ -124,7 +130,7 @@ public class RecoverEmailCommandTest {
given(sender.getName()).willReturn(name); given(sender.getName()).willReturn(name);
given(sendMailSsl.hasAllInformation()).willReturn(true); given(sendMailSsl.hasAllInformation()).willReturn(true);
given(playerCache.isAuthenticated(name)).willReturn(false); given(playerCache.isAuthenticated(name)).willReturn(false);
given(dataSource.getAuth(name)).willReturn(authWithEmail(DEFAULT_EMAIL)); given(dataSource.getAuth(name)).willReturn(newAuthWithEmail(DEFAULT_EMAIL));
// when // when
command.executeCommand(sender, Collections.singletonList(DEFAULT_EMAIL)); command.executeCommand(sender, Collections.singletonList(DEFAULT_EMAIL));
@ -144,7 +150,7 @@ public class RecoverEmailCommandTest {
given(sender.getName()).willReturn(name); given(sender.getName()).willReturn(name);
given(sendMailSsl.hasAllInformation()).willReturn(true); given(sendMailSsl.hasAllInformation()).willReturn(true);
given(playerCache.isAuthenticated(name)).willReturn(false); given(playerCache.isAuthenticated(name)).willReturn(false);
given(dataSource.getAuth(name)).willReturn(authWithEmail("raptor@example.org")); given(dataSource.getAuth(name)).willReturn(newAuthWithEmail("raptor@example.org"));
// when // when
command.executeCommand(sender, Collections.singletonList("wrong-email@example.com")); command.executeCommand(sender, Collections.singletonList("wrong-email@example.com"));
@ -156,6 +162,60 @@ public class RecoverEmailCommandTest {
verify(commandService).send(sender, MessageKey.INVALID_EMAIL); verify(commandService).send(sender, MessageKey.INVALID_EMAIL);
} }
@Test
public void shouldGenerateRecoveryCode() {
// given
String name = "Vultur3";
Player sender = mock(Player.class);
given(sender.getName()).willReturn(name);
given(sendMailSsl.hasAllInformation()).willReturn(true);
given(playerCache.isAuthenticated(name)).willReturn(false);
String email = "v@example.com";
given(dataSource.getAuth(name)).willReturn(newAuthWithEmail(email));
int codeLength = 7;
given(commandService.getProperty(SecuritySettings.RECOVERY_CODE_LENGTH)).willReturn(codeLength);
int hoursValid = 12;
given(commandService.getProperty(SecuritySettings.RECOVERY_CODE_HOURS_VALID)).willReturn(hoursValid);
String code = "a94f37";
given(recoveryCodeManager.isRecoveryCodeNeeded()).willReturn(true);
given(recoveryCodeManager.generateCode(name)).willReturn(code);
// when
command.executeCommand(sender, Collections.singletonList(email.toUpperCase()));
// then
verify(sendMailSsl).hasAllInformation();
verify(dataSource).getAuth(name);
verify(recoveryCodeManager).generateCode(name);
verify(commandService).send(sender, MessageKey.RECOVERY_CODE_SENT);
verify(sendMailSsl).sendRecoveryCode(name, email, code);
}
@Test
public void shouldSendErrorForInvalidRecoveryCode() {
// given
String name = "Vultur3";
Player sender = mock(Player.class);
given(sender.getName()).willReturn(name);
given(sendMailSsl.hasAllInformation()).willReturn(true);
given(playerCache.isAuthenticated(name)).willReturn(false);
String email = "vulture@example.com";
PlayerAuth auth = newAuthWithEmail(email);
given(dataSource.getAuth(name)).willReturn(auth);
given(commandService.getProperty(EmailSettings.RECOVERY_PASSWORD_LENGTH)).willReturn(20);
given(recoveryCodeManager.isRecoveryCodeNeeded()).willReturn(true);
given(recoveryCodeManager.isCodeValid(name, "bogus")).willReturn(false);
// when
command.executeCommand(sender, Arrays.asList(email, "bogus"));
// then
verify(sendMailSsl).hasAllInformation();
verify(dataSource, only()).getAuth(name);
verify(commandService).send(sender, MessageKey.INCORRECT_RECOVERY_CODE);
verifyNoMoreInteractions(sendMailSsl);
}
@Test @Test
public void shouldResetPasswordAndSendEmail() { public void shouldResetPasswordAndSendEmail() {
// given // given
@ -165,36 +225,67 @@ public class RecoverEmailCommandTest {
given(sendMailSsl.hasAllInformation()).willReturn(true); given(sendMailSsl.hasAllInformation()).willReturn(true);
given(playerCache.isAuthenticated(name)).willReturn(false); given(playerCache.isAuthenticated(name)).willReturn(false);
String email = "vulture@example.com"; String email = "vulture@example.com";
PlayerAuth auth = authWithEmail(email); String code = "A6EF3AC8";
PlayerAuth auth = newAuthWithEmail(email);
given(dataSource.getAuth(name)).willReturn(auth); given(dataSource.getAuth(name)).willReturn(auth);
given(commandService.getProperty(EmailSettings.RECOVERY_PASSWORD_LENGTH)).willReturn(20); given(commandService.getProperty(EmailSettings.RECOVERY_PASSWORD_LENGTH)).willReturn(20);
given(passwordSecurity.computeHash(anyString(), eq(name))) given(passwordSecurity.computeHash(anyString(), eq(name)))
.willAnswer(new Answer<HashedPassword>() { .willAnswer(invocation -> new HashedPassword((String) invocation.getArguments()[0]));
@Override given(recoveryCodeManager.isRecoveryCodeNeeded()).willReturn(true);
public HashedPassword answer(InvocationOnMock invocationOnMock) { given(recoveryCodeManager.isCodeValid(name, code)).willReturn(true);
return new HashedPassword((String) invocationOnMock.getArguments()[0]);
}
});
// when // when
command.executeCommand(sender, Collections.singletonList(email.toUpperCase())); command.executeCommand(sender, Arrays.asList(email, code));
// then // then
verify(sendMailSsl).hasAllInformation(); verify(sendMailSsl).hasAllInformation();
verify(dataSource).getAuth(name); verify(dataSource).getAuth(name);
verify(passwordSecurity).computeHash(anyString(), eq(name)); ArgumentCaptor<String> passwordCaptor = ArgumentCaptor.forClass(String.class);
verify(dataSource).updatePassword(auth); verify(passwordSecurity).computeHash(passwordCaptor.capture(), eq(name));
assertThat(auth.getPassword().getHash(), stringWithLength(20)); String generatedPassword = passwordCaptor.getValue();
verify(sendMailSsl).sendPasswordMail(eq(auth), argThat(stringWithLength(20))); assertThat(generatedPassword, stringWithLength(20));
verify(dataSource).updatePassword(eq(name), any(HashedPassword.class));
verify(recoveryCodeManager).removeCode(name);
verify(sendMailSsl).sendPasswordMail(name, email, generatedPassword);
verify(commandService).send(sender, MessageKey.RECOVERY_EMAIL_SENT_MESSAGE);
}
@Test
public void shouldGenerateNewPasswordWithoutRecoveryCode() {
// given
String name = "sh4rK";
Player sender = mock(Player.class);
given(sender.getName()).willReturn(name);
given(sendMailSsl.hasAllInformation()).willReturn(true);
given(playerCache.isAuthenticated(name)).willReturn(false);
String email = "shark@example.org";
PlayerAuth auth = newAuthWithEmail(email);
given(dataSource.getAuth(name)).willReturn(auth);
given(commandService.getProperty(EmailSettings.RECOVERY_PASSWORD_LENGTH)).willReturn(20);
given(passwordSecurity.computeHash(anyString(), eq(name)))
.willAnswer(invocation -> new HashedPassword((String) invocation.getArguments()[0]));
given(recoveryCodeManager.isRecoveryCodeNeeded()).willReturn(false);
// when
command.executeCommand(sender, Collections.singletonList(email));
// then
verify(sendMailSsl).hasAllInformation();
verify(dataSource).getAuth(name);
ArgumentCaptor<String> passwordCaptor = ArgumentCaptor.forClass(String.class);
verify(passwordSecurity).computeHash(passwordCaptor.capture(), eq(name));
String generatedPassword = passwordCaptor.getValue();
assertThat(generatedPassword, stringWithLength(20));
verify(dataSource).updatePassword(eq(name), any(HashedPassword.class));
verify(sendMailSsl).sendPasswordMail(name, email, generatedPassword);
verify(commandService).send(sender, MessageKey.RECOVERY_EMAIL_SENT_MESSAGE); verify(commandService).send(sender, MessageKey.RECOVERY_EMAIL_SENT_MESSAGE);
} }
private static PlayerAuth authWithEmail(String email) { private static PlayerAuth newAuthWithEmail(String email) {
return PlayerAuth.builder() return PlayerAuth.builder()
.name("tester") .name("name")
.email(email) .email(email)
.build(); .build();
} }
} }

1
src/test/java/fr/xephi/authme/datasource/AbstractDataSourceIntegrationTest.java
View File

@ -381,5 +381,4 @@ public abstract class AbstractDataSourceIntegrationTest {
// then // then
assertThat(dataSource.getAllAuths(), empty()); assertThat(dataSource.getAllAuths(), empty());
} }
} }

2
src/test/java/fr/xephi/authme/datasource/MySqlIntegrationTest.java
View File

@ -53,7 +53,7 @@ public class MySqlIntegrationTest extends AbstractDataSourceIntegrationTest {
}); });
set(DatabaseSettings.MYSQL_DATABASE, "h2_test"); set(DatabaseSettings.MYSQL_DATABASE, "h2_test");
set(DatabaseSettings.MYSQL_TABLE, "authme"); set(DatabaseSettings.MYSQL_TABLE, "authme");
TestHelper.setupLogger(); TestHelper.setRealLogger();
Path sqlInitFile = TestHelper.getJarPath(TestHelper.PROJECT_ROOT + "datasource/sql-initialize.sql"); Path sqlInitFile = TestHelper.getJarPath(TestHelper.PROJECT_ROOT + "datasource/sql-initialize.sql");
sqlInitialize = new String(Files.readAllBytes(sqlInitFile)); sqlInitialize = new String(Files.readAllBytes(sqlInitFile));

2
src/test/java/fr/xephi/authme/datasource/SQLiteIntegrationTest.java
View File

@ -56,7 +56,7 @@ public class SQLiteIntegrationTest extends AbstractDataSourceIntegrationTest {
}); });
set(DatabaseSettings.MYSQL_DATABASE, "sqlite-test"); set(DatabaseSettings.MYSQL_DATABASE, "sqlite-test");
set(DatabaseSettings.MYSQL_TABLE, "authme"); set(DatabaseSettings.MYSQL_TABLE, "authme");
TestHelper.setupLogger(); TestHelper.setRealLogger();
Path sqlInitFile = TestHelper.getJarPath(TestHelper.PROJECT_ROOT + "datasource/sql-initialize.sql"); Path sqlInitFile = TestHelper.getJarPath(TestHelper.PROJECT_ROOT + "datasource/sql-initialize.sql");
// Note ljacqu 20160221: It appears that we can only run one statement per Statement.execute() so we split // Note ljacqu 20160221: It appears that we can only run one statement per Statement.execute() so we split

117
src/test/java/fr/xephi/authme/service/RecoveryCodeManagerTest.java Normal file
View File

@ -0,0 +1,117 @@
package fr.xephi.authme.service;
import ch.jalu.injector.testing.BeforeInjecting;
import ch.jalu.injector.testing.DelayedInjectionRunner;
import ch.jalu.injector.testing.InjectDelayed;
import fr.xephi.authme.ReflectionTestUtils;
import fr.xephi.authme.service.RecoveryCodeManager.ExpiringEntry;
import fr.xephi.authme.settings.Settings;
import fr.xephi.authme.settings.properties.SecuritySettings;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import java.util.Map;
import static fr.xephi.authme.AuthMeMatchers.stringWithLength;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.nullValue;
import static org.junit.Assert.assertThat;
import static org.mockito.BDDMockito.given;
/**
* Test for {@link RecoveryCodeManager}.
*/
@RunWith(DelayedInjectionRunner.class)
public class RecoveryCodeManagerTest {
@InjectDelayed
private RecoveryCodeManager recoveryCodeManager;
@Mock
private Settings settings;
@BeforeInjecting
public void initSettings() {
given(settings.getProperty(SecuritySettings.RECOVERY_CODE_HOURS_VALID)).willReturn(4);
given(settings.getProperty(SecuritySettings.RECOVERY_CODE_LENGTH)).willReturn(5);
}
@Test
public void shouldBeDisabledForNonPositiveLength() {
assertThat(recoveryCodeManager.isRecoveryCodeNeeded(), equalTo(true));
// given
given(settings.getProperty(SecuritySettings.RECOVERY_CODE_LENGTH)).willReturn(0);
// when
recoveryCodeManager.reload(settings);
// then
assertThat(recoveryCodeManager.isRecoveryCodeNeeded(), equalTo(false));
}
@Test
public void shouldGenerateAndStoreCode() {
// given
String name = "Bobbers";
// when
recoveryCodeManager.generateCode(name);
// then
ExpiringEntry entry = getCodeMap().get(name);
assertThat(entry.getCode(), stringWithLength(5));
}
@Test
public void shouldNotConsiderExpiredCode() {
// given
String player = "Cat";
String code = "11F235";
setCodeInMap(player, code, System.currentTimeMillis() - 500);
// when
boolean result = recoveryCodeManager.isCodeValid(player, code);
// then
assertThat(result, equalTo(false));
}
@Test
public void shouldRecognizeCorrectCode() {
// given
String player = "dragon";
String code = recoveryCodeManager.generateCode(player);
// when
boolean result = recoveryCodeManager.isCodeValid(player, code);
// then
assertThat(result, equalTo(true));
}
@Test
public void shouldRemoveCode() {
// given
String player = "Tester";
String code = recoveryCodeManager.generateCode(player);
// when
recoveryCodeManager.removeCode(player);
// then
assertThat(recoveryCodeManager.isCodeValid(player, code), equalTo(false));
assertThat(getCodeMap().get(player), nullValue());
}
private Map<String, ExpiringEntry> getCodeMap() {
return ReflectionTestUtils.getFieldValue(RecoveryCodeManager.class, recoveryCodeManager, "recoveryCodes");
}
private void setCodeInMap(String player, String code, long expiration) {
Map<String, ExpiringEntry> map = getCodeMap();
map.put(player, new ExpiringEntry(code, expiration));
}
}

12
src/test/java/fr/xephi/authme/settings/SettingsTest.java
View File

@ -23,9 +23,10 @@ import java.util.List;
import static fr.xephi.authme.settings.properties.PluginSettings.MESSAGES_LANGUAGE; import static fr.xephi.authme.settings.properties.PluginSettings.MESSAGES_LANGUAGE;
import static fr.xephi.authme.util.StringUtils.makePath; import static fr.xephi.authme.util.StringUtils.makePath;
import static org.hamcrest.Matchers.arrayContaining;
import static org.hamcrest.Matchers.arrayWithSize;
import static org.hamcrest.Matchers.endsWith; import static org.hamcrest.Matchers.endsWith;
import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.not; import static org.hamcrest.Matchers.not;
import static org.hamcrest.Matchers.nullValue; import static org.hamcrest.Matchers.nullValue;
import static org.junit.Assert.assertThat; import static org.junit.Assert.assertThat;
@ -127,12 +128,11 @@ public class SettingsTest {
TestSettingsMigrationServices.alwaysFulfilled(), knownProperties); TestSettingsMigrationServices.alwaysFulfilled(), knownProperties);
// when // when
List<String> result = settings.getWelcomeMessage(); String[] result = settings.getWelcomeMessage();
// then // then
assertThat(result, hasSize(2)); assertThat(result, arrayWithSize(2));
assertThat(result.get(0), equalTo(welcomeMessage.split("\\n")[0])); assertThat(result, arrayContaining(welcomeMessage.split("\\n")));
assertThat(result.get(1), equalTo(welcomeMessage.split("\\n")[1]));
} }
@Test @Test
@ -148,7 +148,7 @@ public class SettingsTest {
TestSettingsMigrationServices.alwaysFulfilled(), knownProperties); TestSettingsMigrationServices.alwaysFulfilled(), knownProperties);
// when // when
String result = settings.getEmailMessage(); String result = settings.getPasswordEmailMessage();
// then // then
assertThat(result, equalTo(emailMessage)); assertThat(result, equalTo(emailMessage));

2
src/test/resources/fr/xephi/authme/datasource/sql-initialize.sql
View File

@ -13,6 +13,8 @@ CREATE TABLE authme (
email VARCHAR(255) DEFAULT 'your@email.com', email VARCHAR(255) DEFAULT 'your@email.com',
isLogged INT DEFAULT '0', realname VARCHAR(255) NOT NULL DEFAULT 'Player', isLogged INT DEFAULT '0', realname VARCHAR(255) NOT NULL DEFAULT 'Player',
salt varchar(255), salt varchar(255),
recoverycode VARCHAR(20),
recoveryexpiration BIGINT,
CONSTRAINT table_const_prim PRIMARY KEY (id) CONSTRAINT table_const_prim PRIMARY KEY (id)
); );