From 9ae20df670fb196ba0b3f6a1c46cd8adcf13abf0 Mon Sep 17 00:00:00 2001 From: ljacqu Date: Wed, 23 Dec 2015 22:51:11 +0100 Subject: [PATCH 1/5] Minor - update setting name in config.yml --- src/main/resources/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/config.yml b/src/main/resources/config.yml index 8959f33b..4c3ac885 100644 --- a/src/main/resources/config.yml +++ b/src/main/resources/config.yml @@ -128,7 +128,7 @@ settings: # Enable double check of password when you register # when it's true, registration require that kind of command: # /register - enablePasswordVerifier: true + enablePasswordConfirmation: true # Should we protect the player inventory before logging in? ProtectInventoryBeforeLogIn: true # Should we display all other accounts from a player when he joins? From 3b33781b0bf4722c870d24a9ff8741b2d660d2c9 Mon Sep 17 00:00:00 2001 From: Xephi Date: Thu, 24 Dec 2015 12:07:05 +0100 Subject: [PATCH 2/5] Send Email as UTF-8 --- src/main/java/fr/xephi/authme/mail/SendMailSSL.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/main/java/fr/xephi/authme/mail/SendMailSSL.java b/src/main/java/fr/xephi/authme/mail/SendMailSSL.java index ab718b61..692497d0 100644 --- a/src/main/java/fr/xephi/authme/mail/SendMailSSL.java +++ b/src/main/java/fr/xephi/authme/mail/SendMailSSL.java @@ -96,6 +96,7 @@ public class SendMailSSL { int port = Settings.getMailPort; HtmlEmail email = new HtmlEmail(); + email.setCharset(org.apache.commons.mail.EmailConstants.UTF_8); email.setSmtpPort(port); email.setHostName(Settings.getmailSMTP); email.addTo(auth.getEmail()); @@ -129,7 +130,8 @@ public class SendMailSSL { return mailText.replace("", auth.getNickname()).replace("", plugin.getServer().getServerName()).replace("", newPass); } - private static void setPropertiesForPort(HtmlEmail email, int port) + @SuppressWarnings("deprecation") + private static void setPropertiesForPort(HtmlEmail email, int port) throws EmailException { switch (port) { case 587: From 418fbabcc81e47bb4e62082c64fedbb7a54fa5f0 Mon Sep 17 00:00:00 2001 From: ljacqu Date: Thu, 24 Dec 2015 15:46:48 +0100 Subject: [PATCH 3/5] Fix #376 Check not to show alternatives for base command - Fix wrong assumption in HelpCommand that the incoming arguments size always corresponds to the label count of the mapped command --- .../java/fr/xephi/authme/command/executable/HelpCommand.java | 3 ++- src/main/java/fr/xephi/authme/command/help/HelpProvider.java | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/main/java/fr/xephi/authme/command/executable/HelpCommand.java b/src/main/java/fr/xephi/authme/command/executable/HelpCommand.java index 793803e5..a41ffb8d 100644 --- a/src/main/java/fr/xephi/authme/command/executable/HelpCommand.java +++ b/src/main/java/fr/xephi/authme/command/executable/HelpCommand.java @@ -43,8 +43,9 @@ public class HelpCommand extends ExecutableCommand { } } + int mappedCommandLevel = foundCommandResult.getCommandDescription().getLabelCount(); PermissionsManager permissionsManager = Wrapper.getInstance().getAuthMe().getPermissionsManager(); - List lines = arguments.size() == 1 + List lines = (mappedCommandLevel == 1) ? HelpProvider.printHelp(foundCommandResult, HelpProvider.SHOW_CHILDREN) : HelpProvider.printHelp(foundCommandResult, sender, permissionsManager, HelpProvider.ALL_OPTIONS); for (String line : lines) { diff --git a/src/main/java/fr/xephi/authme/command/help/HelpProvider.java b/src/main/java/fr/xephi/authme/command/help/HelpProvider.java index 37bbb9e5..a36039b8 100644 --- a/src/main/java/fr/xephi/authme/command/help/HelpProvider.java +++ b/src/main/java/fr/xephi/authme/command/help/HelpProvider.java @@ -112,7 +112,7 @@ public final class HelpProvider { private static void printAlternatives(CommandDescription command, List correctLabels, List lines) { // TODO ljacqu 20151219: Need to show alternatives for base labels too? E.g. /r for /register - if (command.getLabels().size() <= 1) { + if (command.getLabels().size() <= 1 || correctLabels.size() <= 1) { return; } From 9314612050c73498a0c7ab3e4124d69dd8b7d0ad Mon Sep 17 00:00:00 2001 From: games647 Date: Fri, 25 Dec 2015 16:40:24 +0100 Subject: [PATCH 4/5] Also load the configuration option of forceSurvivalMode --- src/main/java/fr/xephi/authme/settings/Settings.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/java/fr/xephi/authme/settings/Settings.java b/src/main/java/fr/xephi/authme/settings/Settings.java index dfebd88f..6094bd7e 100644 --- a/src/main/java/fr/xephi/authme/settings/Settings.java +++ b/src/main/java/fr/xephi/authme/settings/Settings.java @@ -168,6 +168,7 @@ public final class Settings { isForceSingleSessionEnabled = configFile.getBoolean("settings.restrictions.ForceSingleSession", true); isForceSpawnLocOnJoinEnabled = configFile.getBoolean("settings.restrictions.ForceSpawnLocOnJoinEnabled", false); isSaveQuitLocationEnabled = configFile.getBoolean("settings.restrictions.SaveQuitLocation", false); + isForceSurvivalModeEnabled = configFile.getBoolean("settings.GameMode.ForceSurvivalMode", false); getmaxRegPerIp = configFile.getInt("settings.restrictions.maxRegPerIp", 1); getPasswordHash = getPasswordHash(); getUnloggedinGroup = configFile.getString("settings.security.unLoggedinGroup", "unLoggedInGroup"); From 71a9f4140bd71458a643f01be917ff8fb744cee4 Mon Sep 17 00:00:00 2001 From: ljacqu Date: Sat, 26 Dec 2015 12:52:05 +0100 Subject: [PATCH 5/5] #375 Issue warning instead of failing test for non-ASCII password - Add javadoc to fields --- .../crypts/AbstractEncryptionMethodTest.java | 59 +++++++++++++++---- 1 file changed, 47 insertions(+), 12 deletions(-) diff --git a/src/test/java/fr/xephi/authme/security/crypts/AbstractEncryptionMethodTest.java b/src/test/java/fr/xephi/authme/security/crypts/AbstractEncryptionMethodTest.java index 8365f01b..ea18df9a 100644 --- a/src/test/java/fr/xephi/authme/security/crypts/AbstractEncryptionMethodTest.java +++ b/src/test/java/fr/xephi/authme/security/crypts/AbstractEncryptionMethodTest.java @@ -1,7 +1,6 @@ package fr.xephi.authme.security.crypts; import fr.xephi.authme.security.PasswordSecurity; -import org.junit.Ignore; import org.junit.Test; import java.security.NoSuchAlgorithmException; @@ -17,13 +16,33 @@ import static org.junit.Assert.assertTrue; // TODO #358: Remove NoSuchAlgorithm try-catch-es when no longer necessary public abstract class AbstractEncryptionMethodTest { + /** The username used to query {@link EncryptionMethod#comparePassword}. */ public static final String USERNAME = "Test_Player00"; + /** + * List of passwords whose hash is provided to the class to test against; this verifies that previously constructed + * hashes remain valid. + */ public static final String[] GIVEN_PASSWORDS = {"password", "PassWord1", "&^%te$t?Pw@_", "âË_3(íù*"}; + /** + * List of passwords that are hashed at runtime and then tested against; this verifies that hashes that are + * generated are valid. + */ private static final String[] INTERNAL_PASSWORDS = {"test1234", "Ab_C73", "(!#&$~`_-Aa0", "Ûïé1&?+A"}; + /** The encryption method to test. */ private EncryptionMethod method; + /** Map with the hashes against which the entries in GIVEN_PASSWORDS are tested. */ private Map hashes; + /** + * Create a new test for the given encryption method. + * + * @param method The encryption method to test + * @param hash0 The pre-generated hash for the first {@link #GIVEN_PASSWORDS} + * @param hash1 The pre-generated hash for the second {@link #GIVEN_PASSWORDS} + * @param hash2 The pre-generated hash for the third {@link #GIVEN_PASSWORDS} + * @param hash3 The pre-generated hash for the fourth {@link #GIVEN_PASSWORDS} + */ public AbstractEncryptionMethodTest(EncryptionMethod method, String hash0, String hash1, String hash2, String hash3) { this.method = method; @@ -36,13 +55,21 @@ public abstract class AbstractEncryptionMethodTest { @Test public void testGivenPasswords() { - for (String password : GIVEN_PASSWORDS) { - try { - assertTrue("Hash for password '" + password + "' should match", - method.comparePassword(hashes.get(password), password, USERNAME)); - } catch (NoSuchAlgorithmException e) { - throw new IllegalStateException("EncryptionMethod '" + method + "' threw exception", e); - } + // Test all entries in GIVEN_PASSWORDS except the last one + for (int i = 0; i < GIVEN_PASSWORDS.length - 1; ++i) { + String password = GIVEN_PASSWORDS[i]; + assertTrue("Hash for password '" + password + "' should match", + doesGivenHashMatch(password, method)); + } + + // Note #375: Windows console seems to use its own character encoding (Windows-1252?) and it seems impossible to + // force it to use UTF-8, so passwords with non-ASCII characters will fail. Since we do not recommend to use + // such characters in passwords (something outside of our control, e.g. a database system, might also cause + // problems), we will check the last password in GIVEN_PASSWORDS in a non-failing way; if the hash doesn't match + // we'll just issue a message to System.err + String lastPassword = GIVEN_PASSWORDS[GIVEN_PASSWORDS.length - 1]; + if (!doesGivenHashMatch(lastPassword, method)) { + System.err.println("Note: Hash for password '" + lastPassword + "' does not match for method " + method); } } @@ -67,6 +94,14 @@ public abstract class AbstractEncryptionMethodTest { } } + private boolean doesGivenHashMatch(String password, EncryptionMethod method) { + try { + return method.comparePassword(hashes.get(password), password, USERNAME); + } catch (NoSuchAlgorithmException e) { + throw new IllegalStateException("EncryptionMethod '" + method + "' threw exception", e); + } + } + // @org.junit.Test public void a() { AbstractEncryptionMethodTest.generateTest(); } // TODO #364: Remove this method static void generateTest(EncryptionMethod method) { @@ -85,7 +120,7 @@ public abstract class AbstractEncryptionMethodTest { System.out.println("\t\t\"" + method.computeHash(password, getSalt(method), USERNAME) + "\"" + delim + "// " + password); } catch (NoSuchAlgorithmException e) { - throw new RuntimeException("Could not generate hash", e); + throw new IllegalStateException("Could not generate hash", e); } } System.out.println("\t}"); @@ -115,9 +150,9 @@ public abstract class AbstractEncryptionMethodTest { return BCRYPT.gensalt(8); } } catch (NoSuchAlgorithmException e) { - throw new RuntimeException(e); - } - throw new RuntimeException("Unknown EncryptionMethod for salt generation"); + throw new RuntimeException(e); + } + throw new IllegalStateException("Unknown EncryptionMethod for salt generation"); } }