Meishin/LoginSystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,491 Commits 10 Branches 53 Tags
Commit Graph

89 Commits

Author SHA1 Message Date
ljacqu
160cbc6aa4 #849 Catch exception in TwoFactor hash and write unit tests 2016-07-15 18:23:18 +02:00
ljacqu
e7b980d435 #605 Logger - name methods after their log level 
- Remove separate print stacktrace method
- Log level into the log similar to console output
 2016-07-12 22:06:32 +02:00
ljacqu
7788ad6230 #765 Replace Utils usages with TeleportService + misc householding 
- Remove some legacy settings
- Move Utils "addNormal" method to AuthGroupHandler

(Reapplied changes from orphaned fe29089)
 2016-07-03 19:55:31 +02:00
Gabriele C
e12ae2cf96 Use spaces, finish working on #423, import cleanup 2016-06-13 16:13:03 +02:00
ljacqu
9b1ee86b2f Trivial code householding 
- Replace `if (!x) ... else ...` with `if(x) ... else ...`
- Avoid throwing RuntimeException; use children
 2016-05-30 12:18:55 +02:00
ljacqu
92a8a5dd41 #704 Remove reloading from hash algorithms 
- A new instance is created for every hash operation, so reloading will never happen on those classes
 2016-05-18 19:09:38 +02:00
ljacqu
e04f7dc711 #704 Implement reloading via injector 
- Create interfaces Reloadable and SettingsDependent to recognize reloadable classes
- Iterate through instances in injector to reload
 2016-05-12 19:51:10 +02:00
ljacqu
3c6415a6a4 #432 Use injector instantiate hash algorithms 2016-04-30 12:17:18 +02:00
ljacqu
a78e0408c6 #449 Remove use of legacy settings in encryption methods 2016-04-23 12:46:30 +02:00
ljacqu
2cd43d599d Minor - MyBB has alphanumerical salts, not restricted to hexadecimal 2016-04-22 21:24:37 +02:00
ljacqu
00cb01b3bd #663 Don't print stacktrace when encountering invalid hash formats 2016-04-21 18:05:47 +02:00
ljacqu
8511a257ed #494 Fix conversion plaintext to SHA256 
- Make sure database is set up before attempting to perform the migration
 2016-02-20 11:16:25 +01:00
bakatrouble
0992997483 Fix Django crypt 
(cherry picked from commit 189f916)
 2016-02-14 23:08:51 +01:00
ljacqu
b8e2f5fe1d Use RandomString for IPB4 implementation; minor documentation 
- Improve RandomString and create new generateLowerUpper method
- Add documentation to the IPB4 class to explain why the salt is stored twice
 2016-02-10 21:16:12 +01:00
games647
225df4f9c9 Add missing imports -> fixes building finally 2016-02-10 18:51:15 +01:00
games647
248ea2666b Fix correct package declaration -> Fixes building 2016-02-10 18:48:04 +01:00
ljacqu
cb50f7b8c4 Minor - move IPB4 to correct package 2016-02-10 18:23:30 +01:00
Gabriele C
07e5a67ad5 Merge pull request #97 from AuthMe-Team/ipb4 
IPB4 Support
 2016-02-09 00:14:24 +01:00
DNx5
8e38384a0d Implement the encryption method and test unit. 2016-02-09 05:58:59 +07:00
DNx5
9959c0f7d5 Cleanup BCryptService class 2016-02-09 05:04:29 +07:00
DNx5
600c70ad9f Create new class for IPB4 encryption method. 2016-02-09 04:48:12 +07:00
games647
6a75184ad9 Add 2fa support 2016-02-07 00:49:18 +01:00
Gabriele C
3c88482e22 Maven enhancements 2016-01-21 16:12:39 +01:00
ljacqu
393f1a0f36 Minor: replace self-closing tags in javadoc 2016-01-18 15:17:02 +01:00
ljacqu
07e7a8815b Fix #391 Wordpress algorithm fails sometimes 2016-01-18 14:19:04 +01:00
ljacqu
3b33dc774d #369 Fix WBB4 algorithm 
- Update BCrypt implementation version
- Separate third-party BCrypt implementation from our BCRYPT EncryptionMethod extension
- Fix WBB4: ensure password is hashed with bcrypt twice and that we check accordingly
 2016-01-18 13:31:54 +01:00
ljacqu
391e1b04a2 Fix #440 Hash algo's sometimes skipped for old algorithm support 
- Fix check that discards potentially trying all encryption methods if password didn't match
- Wrap call to encryption method properly to avoid calling methods with hasSeparateSalt() = true and a null salt
 2016-01-14 21:55:09 +01:00
DNx5
b380893847 Serialize Xenforo hash before put it into table. 
- Fix #417
 2016-01-09 06:13:47 +07:00
DNx5
da5de58afb Rename XF class into XFBCRYPT. 2016-01-07 06:15:39 +07:00
DNx5
e0c3affa33 Merge branch 'master' into 137-xenforo-support 
Conflicts:
	src/main/java/fr/xephi/authme/datasource/CacheDataSource.java
	src/main/java/fr/xephi/authme/datasource/DataSource.java
	src/main/java/fr/xephi/authme/datasource/SQLite.java
	src/main/java/fr/xephi/authme/security/crypts/BCRYPT.java
 2016-01-06 12:15:27 +07:00
ljacqu
6475cecd79 Add tools task to generate an encryption algorithm overview 2015-12-31 13:33:00 +01:00
ljacqu
a0da423a7b Minor - Javadoc changes 
- Add/replace/improve javadoc in the commands and encryption section
- Note: A simple <p> is the javadoc way to make a new paragraph
http://www.oracle.com/technetwork/java/javase/documentation/index-137868.html#format
- Note: Do not escape '<' and '>' inside of {@code }
- Note: '>' does not need to be escaped
 2015-12-31 13:32:41 +01:00
DNx5
bd5d341e67 Xenforo support. 
- Added getPassword method in DataSource and all implementations.
 2015-12-31 11:05:18 +07:00
Xephi59
e1a84448a2 Fix the whole Javadoc syntax 2015-12-31 01:06:09 +01:00
ljacqu
aed23cb1ef Revert removal of XENFORO enum, hash class and custom SQL 
- Undo commits 121d323 and 1c12278
- Add TODO's with issue number
- Add slight, necessary adjustments for code changes since the reverted commits
 2015-12-31 00:36:08 +01:00
ljacqu
eea3697fa4 #364 Add test for bogus hashes 
- Verify that a "hash" in the wrong format doesn't throw exception (this is relevant when the supportOldPasswordHash setting is enabled)
 2015-12-30 23:24:36 +01:00
ljacqu
c0a393b8b3 Minor - rename EncryptedPassword to HashedPassword 
- We hash passwords; we don't encrypt them
 2015-12-30 22:51:59 +01:00
Gabriele C
300a621e1c cleanup 2015-12-30 22:28:45 +01:00
ljacqu
a3402d573f #358 Handle hash + salt as one "unit" 
- Rename HashResult to EncryptedPassword to reflect its broader use
- Use EncryptedPassword in methods that require the hash and the salt, instead of passing them as strings separately
- Store EncryptedPassword as field in PlayerAuth; updatePassword() thus processes the entire data in the EncryptedPassword object
 2015-12-30 17:56:22 +01:00
ljacqu
9c4a578bec #358 Remove old methods on PasswordSecurity, unify hash + salt 
- For encryption methods with a separate salt, the hash is useless without the salt, so hash and salt should always be persisted and retrieved together
 2015-12-30 15:43:25 +01:00
ljacqu
922082f312 #364 Add HashAlgorithm integration test, fix failing tests 
- Create integration test for the HashAlgorithm enum
- Create AsciiRestricted annotation and make test aware of it
- Add option to skip "same hash for same salt" test (for wordpress)
- Change some EncryptionMethods to extend from a common superclass
 2015-12-29 13:29:26 +01:00
ljacqu
531327dd9b Minor - make AuthMe.database private 
- In favor of AuthMe.getDataSource()
 2015-12-29 11:55:57 +01:00
ljacqu
121d323221 #369 Delete Xenforo (XF) encryption algorithm 
Rationale:
- Seems not to have been working since it was added to the codebase
- Seems not to correspond to the actual Xenforo password hashing (class does some sort of JSON extraction?)
- It would be easier to rewrite it from scratch if someone requests it later
 2015-12-28 22:32:24 +01:00
ljacqu
47f4275225 #358 Update EncryptionMethod to new interface 
- Add new methods to the EncryptionMethod interface
- Delete temporary interface (NewEncrMethod)
- Remove temporary checks and casts to NewEncrMethod
 2015-12-28 22:00:43 +01:00
ljacqu
9b73475b9a Minor - clean up bcrypt 2y implementation 
- Update Recommendation annotation
- Add proper length check to hash
- Remove check that is always true
 2015-12-28 21:27:47 +01:00
ljacqu
73bc6e286a #369 Fix bcrypt 2y implementation 
- Change salt length to 22: it was once changed on accident during some other commit
 2015-12-28 21:03:33 +01:00
ljacqu
48d0a65724 #358 Create encryption method supertypes, add new methods 2015-12-28 20:10:45 +01:00
ljacqu
31730699ac #358 Start refactoring PasswordSecurity 
- Add new methods temporarily to NewEncrMethod interface
   - No data source access within EncryptionMethod implementations
   - Generate the salt within the EncryptionMethod implementation
- Deprecate static methods on PasswordSecurity
- Adjust AbstractEncryptionMethodTest to test the classes with the new interface
- Add getter for data source instead of accessing field directly
 2015-12-28 16:23:08 +01:00
ljacqu
513ff9a928 #358 Make RandomString static & generate all rand. strings with it 
- Remove dubious random String generator on HashUtils
- Make further hash classes use HashUtils
 2015-12-27 22:16:16 +01:00
ljacqu
90a0325194 #358 Add future interface methods, remove exception throwing 
- Create Utils class for a common implementation of md5/sha1
- Create "foolproof" way of getting the MessageDigest for md5 etc. (MessageDigestAlgorithm enum)
- Create description annotations to annotate algorithms with usage recommendation and salt type
 2015-12-26 23:59:32 +01:00