Meishin/LoginSystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

#369 Delete Xenforo (XF) encryption algorithm

Browse Source 
Rationale:
- Seems not to have been working since it was added to the codebase
- Seems not to correspond to the actual Xenforo password hashing (class does some sort of JSON extraction?)
- It would be easier to rewrite it from scratch if someone requests it later
This commit is contained in:
ljacqu 2015-12-28 22:32:24 +01:00
parent 47f4275225
commit 121d323221
5 changed files with 4 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -82,8 +82,6 @@ typing commands or using the inventory. It can also kick players with uncommonly
<li>MyBB: MYBB</li> <li>MyBB: MYBB</li>
<li>IPB3: IPB3</li> <li>IPB3: IPB3</li>
<li>PhpFusion: PHPFUSION</li> <li>PhpFusion: PHPFUSION</li>
<li><del>Xenforo SHA1: XFSHA1</del> <strong>(Deprecated)</strong></li>
<li><del>Xenforo SHA256: XFSHA256</del> <strong>(Deprecated)</strong></li>
<li>Joomla: JOOMLA</li> <li>Joomla: JOOMLA</li>
<li>WBB3: WBB3*</li> <li>WBB3: WBB3*</li>
<li>SHA512: SHA512</li> <li>SHA512: SHA512</li>
@ -92,7 +90,7 @@ typing commands or using the inventory. It can also kick players with uncommonly
</ul></li> </ul></li>
<li>Custom MySQL tables/columns names (useful with forums databases)</li> <li>Custom MySQL tables/columns names (useful with forums databases)</li>
<li><strong>Cached database queries!</strong></li> <li><strong>Cached database queries!</strong></li>
<li><strong>Full compatible with Citizens2, CombatTag, CombatTagPlus and ChestShop!</strong></li> <li><strong>Fully compatible with Citizens2, CombatTag, CombatTagPlus and ChestShop!</strong></li>
<li>Compatible with Minecraft mods like <strong>BuildCraft or RedstoneCraft</strong></li> <li>Compatible with Minecraft mods like <strong>BuildCraft or RedstoneCraft</strong></li>
<li>Restricted users (associate a Username with an IP)</li> <li>Restricted users (associate a Username with an IP)</li>
<li>Protect player's inventory until a correct Authentication</li> <li>Protect player's inventory until a correct Authentication</li>
@ -120,7 +118,7 @@ typing commands or using the inventory. It can also kick players with uncommonly
</li><li><a href="http://dev.bukkit.org/server-mods/authme-reloaded/pages/web-site-integration/">Website Integration</a> </li><li><a href="http://dev.bukkit.org/server-mods/authme-reloaded/pages/web-site-integration/">Website Integration</a>
</li><li><a href="https://raw.githubusercontent.com/Xephi/AuthMeReloaded/master/src/main/resources/config.yml">Click here for an example of the Config file</a> </li><li><a href="https://raw.githubusercontent.com/Xephi/AuthMeReloaded/master/src/main/resources/config.yml">Click here for an example of the Config file</a>
</li><li><a href="http://dev.bukkit.org/server-mods/authme-reloaded/pages/how-to-import-database-from-rakamak/">How to convert from Rakamak</a> </li><li><a href="http://dev.bukkit.org/server-mods/authme-reloaded/pages/how-to-import-database-from-rakamak/">How to convert from Rakamak</a>
</li><li>Convert from FlatFile (auths.db but not the sqlite one ) to MySQL: /converter </li><li>Convert from FlatFile (auths.db but not the sqlite one) to MySQL: /converter
</li></ul> </li></ul>
<hr> <hr>
@ -139,5 +137,5 @@ GameHosting.it is leader in Italy as Game Server Provider. With its own DataCent
#####Credits #####Credits
<p>Team members: look at the <a href="https://github.com/AuthMe-Team/AuthMeReloaded/blob/master/team.txt">team.txt file</a> <p>Team members: look at the <a href="https://github.com/AuthMe-Team/AuthMeReloaded/blob/master/team.txt">team.txt file</a>
<p>Credit for old version of the plugin to: d4rkwarriors, fabe1337 , Whoami2 and pomo4ka</p> <p>Credit for old version of the plugin to: d4rkwarriors, fabe1337, Whoami2 and pomo4ka</p>
<p>Thanks also to: AS1LV3RN1NJA, Hoeze and eprimex</p> <p>Thanks also to: AS1LV3RN1NJA, Hoeze and eprimex</p>

1
src/main/java/fr/xephi/authme/security/HashAlgorithm.java
View File

@ -22,7 +22,6 @@ public enum HashAlgorithm {
IPB3(fr.xephi.authme.security.crypts.IPB3.class), IPB3(fr.xephi.authme.security.crypts.IPB3.class),
PHPFUSION(fr.xephi.authme.security.crypts.PHPFUSION.class), PHPFUSION(fr.xephi.authme.security.crypts.PHPFUSION.class),
SMF(fr.xephi.authme.security.crypts.SMF.class), SMF(fr.xephi.authme.security.crypts.SMF.class),
XENFORO(fr.xephi.authme.security.crypts.XF.class),
SALTED2MD5(fr.xephi.authme.security.crypts.SALTED2MD5.class), SALTED2MD5(fr.xephi.authme.security.crypts.SALTED2MD5.class),
JOOMLA(fr.xephi.authme.security.crypts.JOOMLA.class), JOOMLA(fr.xephi.authme.security.crypts.JOOMLA.class),
BCRYPT(fr.xephi.authme.security.crypts.BCRYPT.class), BCRYPT(fr.xephi.authme.security.crypts.BCRYPT.class),

73
src/main/java/fr/xephi/authme/security/crypts/XF.java
View File

@ -1,73 +0,0 @@
package fr.xephi.authme.security.crypts;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
*/
public class XF implements EncryptionMethod {
@Override
public String computeHash(String password, String salt, String name) {
return getSha256(getSha256(password) + regmatch("\"salt\";.:..:\"(.*)\";.:.:\"hashFunc\"", salt));
}
@Override
public HashResult computeHash(String password, String name) {
String salt = generateSalt();
return new HashResult(computeHash(password, salt, null), salt);
}
public boolean comparePassword(String hash, String password, String salt, String name) {
return hash.equals(regmatch("\"hash\";.:..:\"(.*)\";.:.:\"salt\"", salt));
}
private String getSha256(String password) {
MessageDigest md = null;
try {
md = MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException e) {
// TODO #358: Handle exception properly
throw new RuntimeException(e);
}
md.update(password.getBytes());
byte byteData[] = md.digest();
StringBuilder sb = new StringBuilder();
for (byte element : byteData) {
sb.append(Integer.toString((element & 0xff) + 0x100, 16).substring(1));
}
StringBuilder hexString = new StringBuilder();
for (byte element : byteData) {
String hex = Integer.toHexString(0xff & element);
if (hex.length() == 1) {
hexString.append('0');
}
hexString.append(hex);
}
return hexString.toString();
}
@Override
public String generateSalt() {
// TODO #369: Find out what kind of salt format XF uses
return "";
}
@Override
public boolean hasSeparateSalt() {
return true;
}
private String regmatch(String pattern, String line) {
List<String> allMatches = new ArrayList<>();
Matcher m = Pattern.compile(pattern).matcher(line);
while (m.find()) {
allMatches.add(m.group(1));
}
return allMatches.get(0);
}
}

2
src/main/resources/config.yml
View File

@ -181,7 +181,7 @@ settings:
# Example unLoggedinGroup: NotLogged # Example unLoggedinGroup: NotLogged
unLoggedinGroup: unLoggedinGroup unLoggedinGroup: unLoggedinGroup
# possible values: MD5, SHA1, SHA256, WHIRLPOOL, XAUTH, MD5VB, PHPBB, # possible values: MD5, SHA1, SHA256, WHIRLPOOL, XAUTH, MD5VB, PHPBB,
# MYBB, IPB3, PHPFUSION, SMF, XENFORO, SALTED2MD5, JOOMLA, BCRYPT, WBB3, SHA512, # MYBB, IPB3, PHPFUSION, SMF, SALTED2MD5, JOOMLA, BCRYPT, WBB3, SHA512,
# DOUBLEMD5, PBKDF2, PBKDF2DJANGO, WORDPRESS, ROYALAUTH, CUSTOM(for developpers only) # DOUBLEMD5, PBKDF2, PBKDF2DJANGO, WORDPRESS, ROYALAUTH, CUSTOM(for developpers only)
passwordHash: SHA256 passwordHash: SHA256
# salt length for the SALTED2MD5 MD5(MD5(password)+salt) # salt length for the SALTED2MD5 MD5(MD5(password)+salt)

17
src/test/java/fr/xephi/authme/security/crypts/XFTest.java
View File

@ -1,17 +0,0 @@
package fr.xephi.authme.security.crypts;
import org.junit.Ignore;
import org.junit.Test;
/**
* Test for {@link XF}.
*/
@Ignore
// TODO #369: XF needs to generate a salt it is expecting
public class XFTest {
@Test
public void shouldComputeHash() {
System.out.println(new XF().computeHash("Test", "name"));
}
}