Meishin/LoginSystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Restrict changing password after recovery to the same username

Browse Source
This commit is contained in:
Gnat008 2017-03-21 17:38:53 -04:00
parent 9d21eefc74
commit 4e54fa4a4e
1 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/main/java/fr/xephi/authme/service/PasswordRecoveryService.java
View File

@ -11,6 +11,7 @@ import fr.xephi.authme.settings.properties.SecuritySettings;
import fr.xephi.authme.util.PlayerUtils; import fr.xephi.authme.util.PlayerUtils;
import fr.xephi.authme.util.RandomStringUtils; import fr.xephi.authme.util.RandomStringUtils;
import fr.xephi.authme.util.expiring.Duration; import fr.xephi.authme.util.expiring.Duration;
import fr.xephi.authme.util.expiring.ExpiringMap;
import fr.xephi.authme.util.expiring.ExpiringSet; import fr.xephi.authme.util.expiring.ExpiringSet;
import org.bukkit.entity.Player; import org.bukkit.entity.Player;
@ -47,13 +48,13 @@ public class PasswordRecoveryService implements Reloadable {
private Messages messages; private Messages messages;
private ExpiringSet<String> emailCooldown; private ExpiringSet<String> emailCooldown;
private ExpiringSet<String> successfulRecovers; private ExpiringMap<String, String> successfulRecovers;
@PostConstruct @PostConstruct
private void initEmailCooldownSet() { private void initEmailCooldownSet() {
emailCooldown = new ExpiringSet<>( emailCooldown = new ExpiringSet<>(
commonService.getProperty(SecuritySettings.EMAIL_RECOVERY_COOLDOWN_SECONDS), TimeUnit.SECONDS); commonService.getProperty(SecuritySettings.EMAIL_RECOVERY_COOLDOWN_SECONDS), TimeUnit.SECONDS);
successfulRecovers = new ExpiringSet<>( successfulRecovers = new ExpiringMap<>(
commonService.getProperty(SecuritySettings.PASSWORD_CHANGE_TIMEOUT), TimeUnit.MINUTES); commonService.getProperty(SecuritySettings.PASSWORD_CHANGE_TIMEOUT), TimeUnit.MINUTES);
} }
@ -103,7 +104,7 @@ public class PasswordRecoveryService implements Reloadable {
String address = PlayerUtils.getPlayerIp(player); String address = PlayerUtils.getPlayerIp(player);
successfulRecovers.add(address); successfulRecovers.put(name, address);
commonService.send(player, MessageKey.RECOVERY_CHANGE_PASSWORD); commonService.send(player, MessageKey.RECOVERY_CHANGE_PASSWORD);
} else { } else {
commonService.send(player, MessageKey.EMAIL_SEND_FAILURE); commonService.send(player, MessageKey.EMAIL_SEND_FAILURE);
@ -134,12 +135,15 @@ public class PasswordRecoveryService implements Reloadable {
* @return True if the player can change their password. * @return True if the player can change their password.
*/ */
public boolean canChangePassword(Player player) { public boolean canChangePassword(Player player) {
String address = PlayerUtils.getPlayerIp(player); String name = player.getName();
Duration waitDuration = successfulRecovers.getExpiration(address); String playerAddress = PlayerUtils.getPlayerIp(player);
if (waitDuration.getDuration() > 0) { String storedAddress = successfulRecovers.get(name);
messages.send(player, MessageKey.EMAIL_COOLDOWN_ERROR);
if (storedAddress == null || !playerAddress.equals(storedAddress)) {
messages.send(player, MessageKey.CHANGE_PASSWORD_EXPIRED);
return false; return false;
} }
return true; return true;
} }
@ -147,5 +151,7 @@ public class PasswordRecoveryService implements Reloadable {
public void reload() { public void reload() {
emailCooldown.setExpiration( emailCooldown.setExpiration(
commonService.getProperty(SecuritySettings.EMAIL_RECOVERY_COOLDOWN_SECONDS), TimeUnit.SECONDS); commonService.getProperty(SecuritySettings.EMAIL_RECOVERY_COOLDOWN_SECONDS), TimeUnit.SECONDS);
successfulRecovers.setExpiration(
commonService.getProperty(SecuritySettings.PASSWORD_CHANGE_TIMEOUT), TimeUnit.MINUTES);
} }
} }