From 6b70f32afb472b5e4b15d58fb24445d194935db4 Mon Sep 17 00:00:00 2001 From: Maxetto Date: Mon, 29 Jun 2015 17:29:52 +0200 Subject: [PATCH 01/13] Typo fix + change to REGEX (matches) This will deny also IP coming from the default IP 192.168.1.1 --- src/main/java/fr/xephi/authme/process/join/AsyncronousJoin.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/fr/xephi/authme/process/join/AsyncronousJoin.java b/src/main/java/fr/xephi/authme/process/join/AsyncronousJoin.java index 3e0605cf..8da16fd9 100644 --- a/src/main/java/fr/xephi/authme/process/join/AsyncronousJoin.java +++ b/src/main/java/fr/xephi/authme/process/join/AsyncronousJoin.java @@ -100,7 +100,7 @@ public class AsyncronousJoin { long timeout = Settings.getSessionTimeout * 60000; long lastLogin = auth.getLastLogin(); long cur = new Date().getTime(); - if ((cur - lastLogin < timeout || timeout == 0) && !auth.getIp().equals("198.18.0.1")) { + if ((cur - lastLogin < timeout || timeout == 0) && !auth.getIp().matches("198.168.(0|1).1")) { if (auth.getNickname().equalsIgnoreCase(name) && auth.getIp().equals(ip)) { if (PlayerCache.getInstance().getAuth(name) != null) { PlayerCache.getInstance().updatePlayer(auth); From 6d1e75a7310048a9c3f2fe52d88ea6fea2f85ed1 Mon Sep 17 00:00:00 2001 From: Maxetto Date: Mon, 29 Jun 2015 18:02:42 +0200 Subject: [PATCH 02/13] Recall email at login if RecallEmail is active. For somewhat reason email recalls didn't start from login and every 5 minutes. --- .../fr/xephi/authme/process/login/AsyncronousLogin.java | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/main/java/fr/xephi/authme/process/login/AsyncronousLogin.java b/src/main/java/fr/xephi/authme/process/login/AsyncronousLogin.java index a4a91e96..1a3d2ee2 100644 --- a/src/main/java/fr/xephi/authme/process/login/AsyncronousLogin.java +++ b/src/main/java/fr/xephi/authme/process/login/AsyncronousLogin.java @@ -150,6 +150,14 @@ public class AsyncronousLogin { m.send(player, "login"); displayOtherAccounts(auth, player); + + if (Settings.recallEmail) { + String name = player.getName().toLowerCase(); + String email = database.getAuth(name).getEmail(); + if (email == null || email.isEmpty() || email.equalsIgnoreCase("your@email.com")) + m.send(player, "add_email"); + } + if (!Settings.noConsoleSpam) ConsoleLogger.info(player.getName() + " logged in!"); From 0b1490bd6548a3c4cfd44d123ad060bda6bb67df Mon Sep 17 00:00:00 2001 From: Maxetto Date: Sat, 4 Jul 2015 22:57:43 +0200 Subject: [PATCH 03/13] PW lenght and unsafe PW check to ChangePassword I told you, you missed it! Also, unified "lowpass.equalsIgnoreCase(name)" to the previous group of checks. This, however, still provides "Password doesn't match" error, instead of one proper error. --- .../xephi/authme/commands/ChangePasswordCommand.java | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/main/java/fr/xephi/authme/commands/ChangePasswordCommand.java b/src/main/java/fr/xephi/authme/commands/ChangePasswordCommand.java index 92e40755..921e7001 100644 --- a/src/main/java/fr/xephi/authme/commands/ChangePasswordCommand.java +++ b/src/main/java/fr/xephi/authme/commands/ChangePasswordCommand.java @@ -54,14 +54,20 @@ public class ChangePasswordCommand implements CommandExecutor { } String lowpass = args[1].toLowerCase(); - if ((lowpass.contains("delete") || lowpass.contains("where") || lowpass.contains("insert") || lowpass.contains("modify") || lowpass.contains("from") || lowpass.contains("select") || lowpass.contains(";") || lowpass.contains("null")) || !lowpass.matches(Settings.getPassRegex)) { + if ((lowpass.contains("delete") || lowpass.contains("where") || lowpass.contains("insert") || lowpass.contains("modify") || lowpass.contains("from") || lowpass.contains("select") || lowpass.contains(";") || lowpass.contains("null")) || !lowpass.matches(Settings.getPassRegex) || lowpass.equalsIgnoreCase(name)) { m.send(player, "password_error"); return true; } - if (lowpass.equalsIgnoreCase(name)) { - m.send(player, "password_error"); + if (lowpass.length() < Settings.getPasswordMinLen || lowpass.length() > Settings.passwordMaxLength) { + m.send(player, "pass_len"); return true; } + if (!Settings.unsafePasswords.isEmpty()) { + if (Settings.unsafePasswords.contains(lowpass)) { + m.send(player, "password_error"); + return true; + } + } try { String hashnew = PasswordSecurity.getHash(Settings.getPasswordHash, args[1], name); From ac919d8314e42f1b4321bc69430363b38cbb6b35 Mon Sep 17 00:00:00 2001 From: Maxetto Date: Sat, 4 Jul 2015 23:11:02 +0200 Subject: [PATCH 04/13] Forgot AuthMe >=3.5 has a cache There's no need to redefine name and email, then. --- .../java/fr/xephi/authme/process/login/AsyncronousLogin.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/main/java/fr/xephi/authme/process/login/AsyncronousLogin.java b/src/main/java/fr/xephi/authme/process/login/AsyncronousLogin.java index 20f50510..3ffd7b76 100644 --- a/src/main/java/fr/xephi/authme/process/login/AsyncronousLogin.java +++ b/src/main/java/fr/xephi/authme/process/login/AsyncronousLogin.java @@ -152,8 +152,6 @@ public class AsyncronousLogin { displayOtherAccounts(auth, player); if (Settings.recallEmail) { - String name = player.getName().toLowerCase(); - String email = database.getAuth(name).getEmail(); if (email == null || email.isEmpty() || email.equalsIgnoreCase("your@email.com")) m.send(player, "add_email"); } From e36337c066ae91c4e4ebd5d31aa085045729b76a Mon Sep 17 00:00:00 2001 From: Maxetto Date: Sat, 4 Jul 2015 23:20:00 +0200 Subject: [PATCH 05/13] There's an Italian translation too! Let's show some love to Italian players! --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c8204d90..bdaacf90 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ AuthMe Reloaded prevents players who aren't logged in from actions like placing
  • Possible to use without a Permissions plugin
  • Spoutcraft Login GUI
  • Automatic backup system of all your user password data -
  • Default Language Style: en, de, br, cz, pl, fr, ru, hu, sk, es, zhtw, fi, zhcn, nl ( feel free to send new translations ) +
  • Default Language Style: en, de, br, cz, pl, fr, it, ru, hu, sk, es, zhtw, fi, zhcn, nl ( feel free to send new translations )
  • Convert the FlatFile auths.db to an usefull authme.sql that you can use on a MySQL database !
  • Import your database from Rakamak, xAuth, CrazyLogin, RoyalAuth, vAuth !
    • From 1668cd191b012e54e2ffb1bc01f05ced2c7f599a Mon Sep 17 00:00:00 2001 From: Xephi59 Date: Sun, 5 Jul 2015 02:58:45 +0200 Subject: [PATCH 06/13] Simplify how passpartu works --- src/main/java/fr/xephi/authme/Utils.java | 75 ++++++------------------ 1 file changed, 19 insertions(+), 56 deletions(-) diff --git a/src/main/java/fr/xephi/authme/Utils.java b/src/main/java/fr/xephi/authme/Utils.java index c2011c8c..b545dda4 100644 --- a/src/main/java/fr/xephi/authme/Utils.java +++ b/src/main/java/fr/xephi/authme/Utils.java @@ -1,10 +1,8 @@ package fr.xephi.authme; -import java.io.File; -import java.io.FileWriter; +import java.util.ArrayList; import java.util.Iterator; -import java.util.Random; -import java.util.Scanner; +import java.util.List; import org.bukkit.Bukkit; import org.bukkit.GameMode; @@ -12,10 +10,10 @@ import org.bukkit.Location; import org.bukkit.World; import org.bukkit.entity.Player; -import fr.xephi.authme.api.API; import fr.xephi.authme.cache.limbo.LimboCache; import fr.xephi.authme.cache.limbo.LimboPlayer; import fr.xephi.authme.events.AuthMeTeleportEvent; +import fr.xephi.authme.security.RandomString; import fr.xephi.authme.settings.Settings; public class Utils { @@ -24,6 +22,7 @@ public class Utils { private static Utils singleton; int id; public AuthMe plugin; + private static List tokens = new ArrayList(); public Utils(AuthMe plugin) { this.plugin = plugin; @@ -167,19 +166,18 @@ public class Utils { * Random Token for passpartu */ public boolean obtainToken() { - File file = new File("plugins" + File.separator + "AuthMe" + File.separator + "passpartu.token"); - if (file.exists()) - file.delete(); - - FileWriter writer = null; try { - file.createNewFile(); - writer = new FileWriter(file); - String token = generateToken(); - writer.write(token + ":" + System.currentTimeMillis() / 1000 + API.newline); - writer.flush(); + final String token = new RandomString(10).nextString(); + tokens.add(token); ConsoleLogger.info("[AuthMe] Security passpartu token: " + token); - writer.close(); + Bukkit.getScheduler().runTaskLaterAsynchronously(plugin, new Runnable() { + + @Override + public void run() { + tokens.remove(token); + } + + }, 600); return true; } catch (Exception e) { e.printStackTrace(); @@ -191,46 +189,11 @@ public class Utils { * Read Token */ public boolean readToken(String inputToken) { - File file = new File("plugins" + File.separator + "AuthMe" + File.separator + "passpartu.token"); - - if (!file.exists()) - return false; - - if (inputToken.isEmpty()) - return false; - Scanner reader = null; - try { - reader = new Scanner(file); - while (reader.hasNextLine()) { - final String line = reader.nextLine(); - if (line.contains(":")) { - String[] tokenInfo = line.split(":"); - if (tokenInfo[0].equals(inputToken) && System.currentTimeMillis() / 1000 - 30 <= Integer.parseInt(tokenInfo[1])) { - file.delete(); - reader.close(); - return true; - } - } - } - } catch (Exception e) { - e.printStackTrace(); - } - reader.close(); - return false; - } - - /* - * Generate Random Token - */ - private String generateToken() { - // obtain new random token - Random rnd = new Random(); - char[] arr = new char[5]; - for (int i = 0; i < 5; i++) { - int n = rnd.nextInt(36); - arr[i] = (char) (n < 10 ? '0' + n : 'a' + n - 10); - } - return new String(arr); + boolean ret = false; + if (tokens.contains(inputToken)) + ret = true; + tokens.remove(inputToken); + return (ret); } /* From 52c023b1f2cd3b2a3434fcf3dffb5a3cec18b926 Mon Sep 17 00:00:00 2001 From: Xephi59 Date: Sun, 5 Jul 2015 03:12:39 +0200 Subject: [PATCH 07/13] Add forcelogin command --- .../fr/xephi/authme/commands/AdminCommand.java | 17 +++++++++++++++++ src/main/resources/plugin.yml | 4 ++++ 2 files changed, 21 insertions(+) diff --git a/src/main/java/fr/xephi/authme/commands/AdminCommand.java b/src/main/java/fr/xephi/authme/commands/AdminCommand.java index 052b405a..ac33be34 100644 --- a/src/main/java/fr/xephi/authme/commands/AdminCommand.java +++ b/src/main/java/fr/xephi/authme/commands/AdminCommand.java @@ -73,6 +73,7 @@ public class AdminCommand implements CommandExecutor { sender.sendMessage("/authme getemail - Get player email"); sender.sendMessage("/authme purgelastpos - Purge last position for a player"); sender.sendMessage("/authme switchantibot on/off - Enable/Disable antibot method"); + sender.sendMessage("/authme forcelogin "); return true; } @@ -552,6 +553,22 @@ public class AdminCommand implements CommandExecutor { database.updateQuitLoc(auth); sender.sendMessage("[AuthMe] Successfully reset position for " + auth.getNickname()); return true; + } else if (args[0].equalsIgnoreCase("forcelogin")) { + if (args.length < 2) { + sender.sendMessage("Usage : /authme forcelogin "); + return true; + } + try { + Player player = Bukkit.getPlayer(args[1]); + if (player == null || !player.isOnline()) { + sender.sendMessage("Online player only !"); + return true; + } + plugin.management.performLogin(player, "dontneed", true); + sender.sendMessage("Force Login performed !"); + } catch (Exception e) { + sender.sendMessage("An error occured while trying to get that player!"); + } } else { sender.sendMessage("Usage: /authme reload|register playername password|changepassword playername password|unregister playername"); } diff --git a/src/main/resources/plugin.yml b/src/main/resources/plugin.yml index 560ac19b..1c1b1b4b 100644 --- a/src/main/resources/plugin.yml +++ b/src/main/resources/plugin.yml @@ -69,6 +69,7 @@ permissions: authme.admin.getip: true authme.admin.converter: true authme.admin.resetposition: true + authme.admin.forcelogin: true authme.register: description: Register an account default: true @@ -165,3 +166,6 @@ permissions: authme.admin.resetposition: description: Reset last position for a player default: op + authme.admin.forcelogin: + description: Force login for that player + default: op \ No newline at end of file From 723ca59bb5c47f4beabafaf1ccead69a5605e5a5 Mon Sep 17 00:00:00 2001 From: Xephi59 Date: Sun, 5 Jul 2015 03:29:19 +0200 Subject: [PATCH 08/13] Change forcelogin only be performed by console --- src/main/java/fr/xephi/authme/commands/AdminCommand.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/main/java/fr/xephi/authme/commands/AdminCommand.java b/src/main/java/fr/xephi/authme/commands/AdminCommand.java index ac33be34..96f5ac90 100644 --- a/src/main/java/fr/xephi/authme/commands/AdminCommand.java +++ b/src/main/java/fr/xephi/authme/commands/AdminCommand.java @@ -554,6 +554,10 @@ public class AdminCommand implements CommandExecutor { sender.sendMessage("[AuthMe] Successfully reset position for " + auth.getNickname()); return true; } else if (args[0].equalsIgnoreCase("forcelogin")) { + if (!(sender instanceof ConsoleCommandSender)) { + sender.sendMessage("This command can only be performed by console"); + return true; + } if (args.length < 2) { sender.sendMessage("Usage : /authme forcelogin "); return true; From a44481c33b25aa87a8c4b0d04ea16602ab91652a Mon Sep 17 00:00:00 2001 From: Xephi59 Date: Sun, 5 Jul 2015 03:35:32 +0200 Subject: [PATCH 09/13] Add a permission to disable some people to be forced --- src/main/java/fr/xephi/authme/commands/AdminCommand.java | 4 ++++ src/main/resources/plugin.yml | 5 ++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/main/java/fr/xephi/authme/commands/AdminCommand.java b/src/main/java/fr/xephi/authme/commands/AdminCommand.java index 96f5ac90..16612a4a 100644 --- a/src/main/java/fr/xephi/authme/commands/AdminCommand.java +++ b/src/main/java/fr/xephi/authme/commands/AdminCommand.java @@ -568,6 +568,10 @@ public class AdminCommand implements CommandExecutor { sender.sendMessage("Online player only !"); return true; } + if (!plugin.authmePermissible(player, "authme.canbeforced")) { + sender.sendMessage("You cannot force login for this player!"); + return true; + } plugin.management.performLogin(player, "dontneed", true); sender.sendMessage("Force Login performed !"); } catch (Exception e) { diff --git a/src/main/resources/plugin.yml b/src/main/resources/plugin.yml index 1c1b1b4b..d74b46c9 100644 --- a/src/main/resources/plugin.yml +++ b/src/main/resources/plugin.yml @@ -168,4 +168,7 @@ permissions: default: op authme.admin.forcelogin: description: Force login for that player - default: op \ No newline at end of file + default: op + authme.canbeforced: + description: Can this player be forced to login + default: true \ No newline at end of file From 618a5efe878f4f624be7a62639b8323c2c80cebf Mon Sep 17 00:00:00 2001 From: Xephi59 Date: Sun, 5 Jul 2015 03:38:30 +0200 Subject: [PATCH 10/13] authme.admin.forcelogin and authme.canbeforced --- src/main/java/fr/xephi/authme/commands/AdminCommand.java | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/main/java/fr/xephi/authme/commands/AdminCommand.java b/src/main/java/fr/xephi/authme/commands/AdminCommand.java index 16612a4a..2d2467eb 100644 --- a/src/main/java/fr/xephi/authme/commands/AdminCommand.java +++ b/src/main/java/fr/xephi/authme/commands/AdminCommand.java @@ -554,10 +554,6 @@ public class AdminCommand implements CommandExecutor { sender.sendMessage("[AuthMe] Successfully reset position for " + auth.getNickname()); return true; } else if (args[0].equalsIgnoreCase("forcelogin")) { - if (!(sender instanceof ConsoleCommandSender)) { - sender.sendMessage("This command can only be performed by console"); - return true; - } if (args.length < 2) { sender.sendMessage("Usage : /authme forcelogin "); return true; From 89f8333ff7bc74f07a23e7a83c771a18aa3e4bdb Mon Sep 17 00:00:00 2001 From: Xephi59 Date: Sun, 5 Jul 2015 03:50:05 +0200 Subject: [PATCH 11/13] try something --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index dcae685f..cb29baa9 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0 - fr.xephi.authme + fr.xephi.authme.AuthMe AuthMe 5.0-SNAPSHOT From db70afaf80158f0bbf27b01f9c49637549209fa9 Mon Sep 17 00:00:00 2001 From: Xephi59 Date: Sun, 5 Jul 2015 03:51:34 +0200 Subject: [PATCH 12/13] revert last commit --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index cb29baa9..dcae685f 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0 - fr.xephi.authme.AuthMe + fr.xephi.authme AuthMe 5.0-SNAPSHOT From 311fb1e1d8b1bd53357c56a6cbd1b98b23a6e93b Mon Sep 17 00:00:00 2001 From: Xephi59 Date: Sun, 5 Jul 2015 04:31:05 +0200 Subject: [PATCH 13/13] Fix pom - add shaded api --- pom.xml | 52 +++++++++++++++++++++++++++++++++++----------------- 1 file changed, 35 insertions(+), 17 deletions(-) diff --git a/pom.xml b/pom.xml index dcae685f..c6f2877a 100644 --- a/pom.xml +++ b/pom.xml @@ -79,6 +79,29 @@ + + org.apache.maven.plugins + maven-shade-plugin + 2.3 + + + + com.maxmind.geoip:* + com.sun.mail:* + javax.mail:* + com.comphenix.attribute:* + + + + + + package + + shade + + + + @@ -169,12 +192,7 @@ com.sun.mail javax.mail - 1.5.3 - - - javax.mail - mail - 1.5.0-b01 + 1.5.4 @@ -192,7 +210,7 @@ ${bukkitVersion} - + com.comphenix.attribute AttributeStorage @@ -206,7 +224,7 @@ org.bukkit craftbukkit - + @@ -223,7 +241,7 @@ org.bukkit craftbukkit - + @@ -240,7 +258,7 @@ org.bukkit craftbukkit - + @@ -259,7 +277,7 @@ org.bukkit craftbukkit - + @@ -276,7 +294,7 @@ org.bukkit craftbukkit - + @@ -293,7 +311,7 @@ org.bukkit craftbukkit - + @@ -310,7 +328,7 @@ org.bukkit craftbukkit - + @@ -327,7 +345,7 @@ org.bukkit craftbukkit - + @@ -344,11 +362,11 @@ org.bukkit craftbukkit - + - + com.Acrobot