#369 Delete Xenforo (XF) encryption algorithm

Rationale: - Seems not to have been working since it was added to the codebase - Seems not to correspond to the actual Xenforo password hashing (class does some sort of JSON extraction?) - It would be easier to rewrite it from scratch if someone requests it later
2015-12-28 22:32:24 +01:00 · 2015-12-28 22:32:24 +01:00 · 121d323221
commit 121d323221
parent 47f4275225
5 changed files with 4 additions and 97 deletions
--- a/README.md
+++ b/README.md
@ -82,8 +82,6 @@ typing commands or using the inventory. It can also kick players with uncommonly
    <li>MyBB: MYBB</li>
    <li>IPB3: IPB3</li>
    <li>PhpFusion: PHPFUSION</li>
-    <li><del>Xenforo SHA1: XFSHA1</del> <strong>(Deprecated)</strong></li>
-    <li><del>Xenforo SHA256: XFSHA256</del> <strong>(Deprecated)</strong></li>
    <li>Joomla: JOOMLA</li>
    <li>WBB3: WBB3*</li>
    <li>SHA512: SHA512</li>
@ -92,7 +90,7 @@ typing commands or using the inventory. It can also kick players with uncommonly
  </ul></li>
  <li>Custom MySQL tables/columns names (useful with forums databases)</li>
  <li><strong>Cached database queries!</strong></li>
-  <li><strong>Full compatible with Citizens2, CombatTag, CombatTagPlus and ChestShop!</strong></li>
+  <li><strong>Fully compatible with Citizens2, CombatTag, CombatTagPlus and ChestShop!</strong></li>
  <li>Compatible with Minecraft mods like <strong>BuildCraft or RedstoneCraft</strong></li>
  <li>Restricted users (associate a Username with an IP)</li>
  <li>Protect player's inventory until a correct Authentication</li>
@ -120,7 +118,7 @@ typing commands or using the inventory. It can also kick players with uncommonly
 </li><li><a href="http://dev.bukkit.org/server-mods/authme-reloaded/pages/web-site-integration/">Website Integration</a>
 </li><li><a href="https://raw.githubusercontent.com/Xephi/AuthMeReloaded/master/src/main/resources/config.yml">Click here for an example of the Config file</a>
 </li><li><a href="http://dev.bukkit.org/server-mods/authme-reloaded/pages/how-to-import-database-from-rakamak/">How to convert from Rakamak</a>
-</li><li>Convert from FlatFile (auths.db but not the sqlite one ) to MySQL: /converter
+</li><li>Convert from FlatFile (auths.db but not the sqlite one) to MySQL: /converter
 </li></ul>
 <hr>

@ -139,5 +137,5 @@ GameHosting.it is leader in Italy as Game Server Provider. With its own DataCent

 #####Credits
 <p>Team members: look at the <a href="https://github.com/AuthMe-Team/AuthMeReloaded/blob/master/team.txt">team.txt file</a>
-<p>Credit for old version of the plugin to: d4rkwarriors, fabe1337 , Whoami2 and pomo4ka</p>
+<p>Credit for old version of the plugin to: d4rkwarriors, fabe1337, Whoami2 and pomo4ka</p>
 <p>Thanks also to: AS1LV3RN1NJA, Hoeze and eprimex</p>
--- a/src/main/java/fr/xephi/authme/security/HashAlgorithm.java
+++ b/src/main/java/fr/xephi/authme/security/HashAlgorithm.java
@ -22,7 +22,6 @@ public enum HashAlgorithm {
    IPB3(fr.xephi.authme.security.crypts.IPB3.class),
    PHPFUSION(fr.xephi.authme.security.crypts.PHPFUSION.class),
    SMF(fr.xephi.authme.security.crypts.SMF.class),
-    XENFORO(fr.xephi.authme.security.crypts.XF.class),
    SALTED2MD5(fr.xephi.authme.security.crypts.SALTED2MD5.class),
    JOOMLA(fr.xephi.authme.security.crypts.JOOMLA.class),
    BCRYPT(fr.xephi.authme.security.crypts.BCRYPT.class),
--- a/src/main/java/fr/xephi/authme/security/crypts/XF.java
+++ b/src/main/java/fr/xephi/authme/security/crypts/XF.java
@ -1,73 +0,0 @@
-package fr.xephi.authme.security.crypts;
-
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-/**
- */
-public class XF implements EncryptionMethod {
-
-    @Override
-    public String computeHash(String password, String salt, String name) {
-        return getSha256(getSha256(password) + regmatch("\"salt\";.:..:\"(.*)\";.:.:\"hashFunc\"", salt));
-    }
-
-    @Override
-    public HashResult computeHash(String password, String name) {
-        String salt = generateSalt();
-        return new HashResult(computeHash(password, salt, null), salt);
-    }
-
-    public boolean comparePassword(String hash, String password, String salt, String name) {
-        return hash.equals(regmatch("\"hash\";.:..:\"(.*)\";.:.:\"salt\"", salt));
-    }
-
-    private String getSha256(String password) {
-        MessageDigest md = null;
-        try {
-            md = MessageDigest.getInstance("SHA-256");
-        } catch (NoSuchAlgorithmException e) {
-            // TODO #358: Handle exception properly
-            throw new RuntimeException(e);
-        }
-        md.update(password.getBytes());
-        byte byteData[] = md.digest();
-        StringBuilder sb = new StringBuilder();
-        for (byte element : byteData) {
-            sb.append(Integer.toString((element & 0xff) + 0x100, 16).substring(1));
-        }
-        StringBuilder hexString = new StringBuilder();
-        for (byte element : byteData) {
-            String hex = Integer.toHexString(0xff & element);
-            if (hex.length() == 1) {
-                hexString.append('0');
-            }
-            hexString.append(hex);
-        }
-        return hexString.toString();
-    }
-
-    @Override
-    public String generateSalt() {
-        // TODO #369: Find out what kind of salt format XF uses
-        return "";
-    }
-
-    @Override
-    public boolean hasSeparateSalt() {
-        return true;
-    }
-
-    private String regmatch(String pattern, String line) {
-        List<String> allMatches = new ArrayList<>();
-        Matcher m = Pattern.compile(pattern).matcher(line);
-        while (m.find()) {
-            allMatches.add(m.group(1));
-        }
-        return allMatches.get(0);
-    }
-}
--- a/src/main/resources/config.yml
+++ b/src/main/resources/config.yml
@ -181,7 +181,7 @@ settings:
        # Example unLoggedinGroup: NotLogged
        unLoggedinGroup: unLoggedinGroup
        # possible values: MD5, SHA1, SHA256, WHIRLPOOL, XAUTH, MD5VB, PHPBB,
-        # MYBB, IPB3, PHPFUSION, SMF, XENFORO, SALTED2MD5, JOOMLA, BCRYPT, WBB3, SHA512,
+        # MYBB, IPB3, PHPFUSION, SMF, SALTED2MD5, JOOMLA, BCRYPT, WBB3, SHA512,
        # DOUBLEMD5, PBKDF2, PBKDF2DJANGO, WORDPRESS, ROYALAUTH, CUSTOM(for developpers only)
        passwordHash: SHA256
        # salt length for the SALTED2MD5 MD5(MD5(password)+salt)
--- a/src/test/java/fr/xephi/authme/security/crypts/XFTest.java
+++ b/src/test/java/fr/xephi/authme/security/crypts/XFTest.java
@ -1,17 +0,0 @@
-package fr.xephi.authme.security.crypts;
-
-import org.junit.Ignore;
-import org.junit.Test;
-
-/**
- * Test for {@link XF}.
- */
-@Ignore
-// TODO #369: XF needs to generate a salt it is expecting
-public class XFTest {
-
-    @Test
-    public void shouldComputeHash() {
-        System.out.println(new XF().computeHash("Test", "name"));
-    }
-}