Meishin/LoginSystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,618 Commits 10 Branches 53 Tags
Commit Graph

91 Commits

Author SHA1 Message Date
ljacqu
b22f26822b
#1627 Replace BCryptService with Maven dependency (#1629) 
* #1627 Replace BCryptService with Maven dependency
- Remove BCryptService in favor of a better BCrypt implementation (Maven dependency)
- Introduce BCryptHasher wrapping the dependency with more suitable methods
- Fix inaccurate details about salt length in docu annotation: for BCrypt it's always 22 chars
- Change phpBB hash to produce 2y hashes instead of 2a

* #1627 Use UTF-8 encoding when (dis)assembling Strings

* #1627 Small test additions
 2018-09-03 23:13:48 +02:00
ljacqu
6f2f7a73af Merge branch 'master' of https://github.com/AuthMe/AuthMeReloaded into 1141-optional-additional-2fa-auth 2018-05-01 22:49:23 +02:00
ljacqu
1e3ed795c1 #1141 2FA implementation fixes 
- Merge TotpService into TotpAuthenticator
- Add missing tests
- Migrate old 2fa enabled key to new one
 2018-05-01 22:49:07 +02:00
ljacqu
d55b4bb3b5 #1561 Fix timing attacks by comparing hashes in constant time (#1563) 
* #1561 Fix timing attacks by comparing hashes in constant time

* #1561 Fix timing attacks in phpBB fallback hashes
- As noted by @games647
 2018-04-22 21:27:38 +02:00
ljacqu
9326094d9c #1141 Fix review remarks by @games647 
- Use SHA512 to generate keys instead of default SHA1
- Declare google authenticator dependency as optional and add relocation rule
 2018-04-03 00:13:53 +02:00
ljacqu
e9ab82db6b #1141 Make 2fa messages translatable, various cleanups (null safety, ...) 2018-03-21 23:56:13 +01:00
ljacqu
eb9cd31a65 #1141 Split TOTP permissions for add/remove, refactor TOTP services 
- Split TotpService further into GenerateTotpService and TotpAuthenticator, which wraps the GoogleAuthenticator impl
- Add missing tests for the services
- Change GenerateTotpService's interface to behave like a collection for more intuitive method behavior
 2018-03-10 16:21:53 +01:00
ljacqu
c3cf9e3ee0 #1141 Rough version of TOTP commands to add and remove a code for a player 2018-03-07 20:11:53 +01:00
Thibaut DAVID
2d77f54695 Add new hash method (#1446) 
Add new hash method for a CMS : http://craftmywebsite.fr/
 2017-12-07 19:58:19 +01:00
ljacqu
7932c1bf90 Update to injector 1.0 
- Includes Factory and SingletonStore so our custom implementation is removed
 2017-11-25 21:27:18 +01:00
ljacqu
80ab41ae5a #1400 Sync AuthMe's phpBB hash implementation with phpBB3's 
- phpBB3 seems to favor using BCrypt $2y$ now
- Keep unsalted MD5 and phpass salted MD5 comparisons for backwards compatibility
 2017-11-04 09:58:51 +01:00
Alexandre Vanhecke
8fe92da119 #1150 - Add Argon2 support 
- Add argon2 implementation

- Extract argon2 library check to method on Argon 2
- Add link to Wiki page on errors
- Check within Argon2Test if the test cases should be run, not in the abstract parent
 2017-10-23 00:10:48 +02:00
ljacqu
b211c97395 Minor: delete PlainText implementation 
- It never gets used anymore and could cause security issues if we did accidentally use it as EncryptionMethod
 2017-10-22 09:27:03 +02:00
ljacqu
ea824ea3f0 #1016 Update hash algorithms list, add test that Deprecated annotation is in sync between enum and hash impl. class 2017-10-19 21:52:55 +02:00
ljacqu
5be3f8facc #1095 Update SMF hash algorithm to generate salt as SMF does 
- The salt isn't used for password hashing but SMF requires that there be one to generate the authentication cookie. This does not yet enable registration from Minecraft: SMF has other non-null columns that need to be tackled. This is a first step.
 2017-10-08 22:42:37 +02:00
ljacqu
f88350b06d Fix Checkstyle violations 
- Mostly missing Javadoc on large methods
- CommandInitializer: split command building method into multiple methods
 2017-07-16 23:07:13 +02:00
timvisee
cae29a2f99 Revert "Implement ARGON2 hash (#1165)" due to an unwanted added binary. 
This reverts commit bf387827907c482b0ee50be6735ad10c1a3a6c50.
 2017-06-01 13:06:15 +02:00
ljacqu
c803822fa8 #1188 Create and keep encryption method instance (#1191) 
- Avoid creating the same object over and over; instead keep it and only change it on settings reload
 2017-04-30 17:41:51 +02:00
Gabriele C
bf38782790 Implement ARGON2 hash (#1165) 
* Implement ARGON2 hash

#1150

* Fix argon hash verify

* Add argon2 test

* #1150 Account for Argon2 managing salts internally
 2017-04-14 18:03:27 +02:00
ljacqu
7dbf5551c9 Cleanup: avoid injecting Injector directly 
- Inject SingletonStore to restrict the possible functions
- Refactor PasswordSecurityTest to correspond to the usual way of testing
 2017-03-21 22:59:21 +01:00
ljacqu
8f197bbebf #1128 Rename converter classes to start with uppercase letter 2017-03-17 19:28:40 +01:00
ljacqu
6bd0b7c4e0 #1128 Rename files to match new case of Java classes 2017-03-17 19:21:20 +01:00
ljacqu
8ebb3c6b5a Merge branch 'master' of https://github.com/AuthMe/AuthMeReloaded into 1128-camel-case-rename 2017-03-17 18:50:57 +01:00
ljacqu
731d085ccd #1128 Rename to camel case (PR #235) 
* rename classes according to cammel case and make code reflect these updates

* rename according to cammel case

* rename to camel case more accuratley

* rename to camel case try 3; fix Ipb4 java doc

* retry rename camel case

* rename to camel case
 2017-03-17 18:49:30 +01:00
ljacqu
d2fccdeb80 Update Injector and create injectable object factory 
- Using e.g. Factory<Converter> instead of the injector directly makes its purpose more specific and disallows any future abuse of the injector's functions
 2017-02-05 16:52:35 +01:00
ljacqu
d717f75bb4 #1014 Use ConfigMe improvements to create custom Enum set property 2016-12-23 23:51:23 +01:00
ljacqu
a38d3a25b8 Update Mockito version 2016-12-01 19:41:31 +01:00
ljacqu
79a3858b29 #685 Allow to configure number of rounds for PBKDF2 2016-11-26 18:41:04 +01:00
ljacqu
122c6586bc #685 Add php implementation for PBKDF2 
- Create php sample for PBKDF2
- Rename pbkdf2 java classes (remove Crypt prefix)
- Remove options from hash setting comment that should not be used
 2016-11-25 16:41:55 +01:00
ljacqu
de5324bbc6 #685 Fix PBKDF2 implementation 
- Fix our PBKDF2 hash implementation and its test class
- Use external dependency as PBKDF2 implementation
 2016-11-25 15:51:15 +01:00
ljacqu
d2a28bdaed #850 Fix export of legacy hashes property 
- Ugly workaround due to #1014: need to have EnumSetProperty extend from StringListProperty type so that it is exported in a proper manner (as a string list). To get an enum Set we need to call a dedicated method on EnumSetProperty for the time being.
 2016-11-22 22:02:34 +01:00
ljacqu
5dda439bed Move RandomStringUtilsTest to correct package 2016-11-13 10:49:51 +01:00
ljacqu
bb89a59a8a #850 Add setting specifying which password hashes should be checked 2016-11-13 10:37:01 +01:00
ljacqu
5cce7e1fae Update version of ConfigMe, Mockito and sqlite-jdbc 2016-10-30 14:05:22 +01:00
Gabriele C
f3cd193d47 Move RandomStringUtils 2016-10-04 19:16:06 +02:00
ljacqu
e224d62b7e Hashes: make tests faster when 'skip long tests' profile is enabled 2016-08-27 21:26:36 +02:00
ljacqu
289ce7740f Update injector version and move shutdown logic to separate classes 2016-08-20 21:54:41 +02:00
ljacqu
7f3c308009 #848 Prevent "invalid salt version" when hash format is clearly not BCrypt 2016-08-13 20:10:38 +02:00
ljacqu
19de5a0525 Close #449 Rename NewSetting class to Settings :) 2016-07-23 15:50:40 +02:00
ljacqu
9a91156000 #835 Replace injector classes with ones from ch.jalu.injector project 2016-07-17 21:50:48 +02:00
ljacqu
160cbc6aa4 #849 Catch exception in TwoFactor hash and write unit tests 2016-07-15 18:23:18 +02:00
ljacqu
8f5817883e Testing - check return value of Set#add instead of separately checking Set#contains 2016-07-03 11:47:37 +02:00
ljacqu
1f35ccd841 Improve bat helpers / minor changes to logging and todo messages 2016-07-02 10:17:52 +02:00
ljacqu
d6e1fd5ceb Use injection in and for LimboCache, migrate some legacy settings, remove setGroup from Utils 
- New injector method allows to retrieve services if they've already been instantiated -> useful for onDisable() which might be run after aborted initialization
- Deprecate various methods that need to be removed
 2016-06-12 16:14:34 +02:00
ljacqu
3753a0ef96 #565 Allow to skip extended encryption methods 
- Set system property via surefire plugin and create profile that modifies the property
- Check for the new property in AbstractEncryptionMethodTest and shorten/skip the tests when necessary
 2016-06-05 00:29:31 +02:00
ljacqu
9b1ee86b2f Trivial code householding 
- Replace `if (!x) ... else ...` with `if(x) ... else ...`
- Avoid throwing RuntimeException; use children
 2016-05-30 12:18:55 +02:00
ljacqu
3c6415a6a4 #432 Use injector instantiate hash algorithms 2016-04-30 12:17:18 +02:00
ljacqu
a78e0408c6 #449 Remove use of legacy settings in encryption methods 2016-04-23 12:46:30 +02:00
ljacqu
ca0cbe6caf Code householding 
- Move console initialization for tests into TestHelper
- Remove unused properties in legacy Settings
- Add issue number to TODO comments where applicable
 2016-04-14 12:28:19 +02:00
ljacqu
c079692f1d Minor - code householding (tests) 
- Remove redundant uses of WrapperMock
- Use assertThat() from JUnit, not hamcrest
- Use hamcrest Matchers everywhere (not BaseMatchers etc.)
- Favor Mockito's argThat() over using ArgumentCaptor (more succinct)
- Delete useless test classes
 2016-04-03 07:38:13 +02:00