Implement /email setpassword

docs/config.md

@@ -1,5 +1,5 @@
 <!-- AUTO-GENERATED FILE! Do not edit this directly -->
-<!-- File auto-generated on Mon Mar 06 13:51:04 EST 2017. See docs/config/config.tpl.md -->
+<!-- File auto-generated on Tue Mar 14 16:42:26 EDT 2017. See docs/config/config.tpl.md -->
 
 ## AuthMe Configuration
 The first time you run AuthMe it will create a config.yml file in the plugins/AuthMe folder, 
@@ -444,6 +444,10 @@ Security:
         validForHours: 4
         # Max number of tries to enter recovery code
         maxTries: 3
+        # How long a player has after password recovery to change their password
+        # without logging in. This is in minutes.
+        # Default: 2 minutes
+        passwordChangeTimeout: 2
     emailRecovery:
         # Seconds a user has to wait for before a password recovery mail may be sent again
         # This prevents an attacker from abusing AuthMe's email feature.
@@ -464,4 +468,4 @@ To change settings on a running server, save your changes to config.yml and use
 
 ---
 
-This page was automatically generated on the [AuthMe/AuthMeReloaded repository](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/) on Mon Mar 06 13:51:04 EST 2017
+This page was automatically generated on the [AuthMe/AuthMeReloaded repository](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/) on Tue Mar 14 16:42:26 EDT 2017

src/main/java/fr/xephi/authme/command/CommandInitializer.java

@@ -32,6 +32,7 @@ import fr.xephi.authme.command.executable.email.ChangeEmailCommand;
 import fr.xephi.authme.command.executable.email.EmailBaseCommand;
 import fr.xephi.authme.command.executable.email.ProcessCodeCommand;
 import fr.xephi.authme.command.executable.email.RecoverEmailCommand;
+import fr.xephi.authme.command.executable.email.SetPasswordCommand;
 import fr.xephi.authme.command.executable.email.ShowEmailCommand;
 import fr.xephi.authme.command.executable.login.LoginCommand;
 import fr.xephi.authme.command.executable.logout.LogoutCommand;
@@ -435,6 +436,17 @@ public class CommandInitializer {
             .executableCommand(ProcessCodeCommand.class)
             .register();
 
+        // Register the change password after recovery command
+        CommandDescription.builder()
+            .parent(EMAIL_BASE)
+            .labels("setpassword")
+            .description("Set new password after recovery")
+            .detailedDescription("Set a new password after successfully recovering your account.")
+            .withArgument("password", "New password", false)
+            .permission(PlayerPermission.RECOVER_EMAIL)
+            .executableCommand(SetPasswordCommand.class)
+            .register();
+
         // Register the base captcha command
         CommandDescription CAPTCHA_BASE = CommandDescription.builder()
             .parent(null)

src/main/java/fr/xephi/authme/command/executable/email/SetPasswordCommand.java

@@ -0,0 +1,53 @@
+package fr.xephi.authme.command.executable.email;
+
+import fr.xephi.authme.command.PlayerCommand;
+import fr.xephi.authme.datasource.DataSource;
+import fr.xephi.authme.message.MessageKey;
+import fr.xephi.authme.security.PasswordSecurity;
+import fr.xephi.authme.security.crypts.HashedPassword;
+import fr.xephi.authme.service.CommonService;
+import fr.xephi.authme.service.PasswordRecoveryService;
+import fr.xephi.authme.service.ValidationService;
+import fr.xephi.authme.service.ValidationService.ValidationResult;
+import org.bukkit.entity.Player;
+
+import javax.inject.Inject;
+import java.util.List;
+
+/**
+ * Command for changing password following successful recovery.
+ */
+public class SetPasswordCommand extends PlayerCommand {
+
+    @Inject
+    private DataSource dataSource;
+
+    @Inject
+    private CommonService commonService;
+
+    @Inject
+    private PasswordRecoveryService recoveryService;
+
+    @Inject
+    private PasswordSecurity passwordSecurity;
+
+    @Inject
+    private ValidationService validationService;
+
+    @Override
+    protected void runCommand(Player player, List<String> arguments) {
+        if (recoveryService.canChangePassword(player)) {
+            String name = player.getName();
+            String password = arguments.get(0);
+
+            ValidationResult result = validationService.validatePassword(password, name);
+            if (!result.hasError()) {
+                HashedPassword hashedPassword = passwordSecurity.computeHash(password, name);
+                dataSource.updatePassword(name, hashedPassword);
+                commonService.send(player, MessageKey.PASSWORD_CHANGED_SUCCESS);
+            } else {
+                commonService.send(player, result.getMessageKey(), result.getArgs());
+            }
+        }
+    }
+}

src/main/java/fr/xephi/authme/message/MessageKey.java

@@ -230,6 +230,12 @@ public enum MessageKey {
     /** You have exceeded the maximum number of attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one. */
     RECOVERY_TRIES_EXCEEDED("recovery_tries_exceeded"),
 
+    /** Please use the command /email setpassword to change your password immediately. */
+    RECOVERY_CHANGE_PASSWORD("recovery_change_password"),
+
+    /** You cannot change your password using this command anymore. */
+    CHANGE_PASSWORD_EXPIRED("change_password_expired"),
+
     /** An email was already sent recently. You must wait %time before you can send a new one. */
     EMAIL_COOLDOWN_ERROR("email_cooldown_error", "%time"),
 

src/main/java/fr/xephi/authme/service/PasswordRecoveryService.java

@@ -8,6 +8,7 @@ import fr.xephi.authme.message.Messages;
 import fr.xephi.authme.security.PasswordSecurity;
 import fr.xephi.authme.security.crypts.HashedPassword;
 import fr.xephi.authme.settings.properties.SecuritySettings;
+import fr.xephi.authme.util.PlayerUtils;
 import fr.xephi.authme.util.RandomStringUtils;
 import fr.xephi.authme.util.expiring.Duration;
 import fr.xephi.authme.util.expiring.ExpiringSet;
@@ -46,11 +47,14 @@ public class PasswordRecoveryService implements Reloadable {
     private Messages messages;
 
     private ExpiringSet<String> emailCooldown;
+    private ExpiringSet<String> successfulRecovers;
 
     @PostConstruct
     private void initEmailCooldownSet() {
         emailCooldown = new ExpiringSet<>(
             commonService.getProperty(SecuritySettings.EMAIL_RECOVERY_COOLDOWN_SECONDS), TimeUnit.SECONDS);
+        successfulRecovers = new ExpiringSet<>(
+            commonService.getProperty(SecuritySettings.PASSWORD_CHANGE_TIMEOUT), TimeUnit.MINUTES);
     }
 
     /**
@@ -96,6 +100,11 @@ public class PasswordRecoveryService implements Reloadable {
         if (couldSendMail) {
             commonService.send(player, MessageKey.RECOVERY_EMAIL_SENT_MESSAGE);
             emailCooldown.add(player.getName().toLowerCase());
+
+            String address = PlayerUtils.getPlayerIp(player);
+
+            successfulRecovers.add(address);
+            commonService.send(player, MessageKey.RECOVERY_CHANGE_PASSWORD);
         } else {
             commonService.send(player, MessageKey.EMAIL_SEND_FAILURE);
         }
@@ -117,6 +126,23 @@ public class PasswordRecoveryService implements Reloadable {
         return true;
     }
 
+    /**
+     * Checks if a player can change their password after recovery
+     * using the /email setpassword command.
+     *
+     * @param player The player to check.
+     * @return True if the player can change their password.
+     */
+    public boolean canChangePassword(Player player) {
+        String address = PlayerUtils.getPlayerIp(player);
+        Duration waitDuration = successfulRecovers.getExpiration(address);
+        if (waitDuration.getDuration() > 0) {
+            messages.send(player, MessageKey.EMAIL_COOLDOWN_ERROR);
+            return false;
+        }
+        return true;
+    }
+
     @Override
     public void reload() {
         emailCooldown.setExpiration(

src/main/java/fr/xephi/authme/settings/properties/SecuritySettings.java

@@ -118,6 +118,12 @@ public class SecuritySettings implements SettingsHolder {
     public static final Property<Integer> RECOVERY_CODE_MAX_TRIES =
         newProperty("Security.recoveryCode.maxTries", 3);
 
+    @Comment({"How long a player has after password recovery to change their password",
+        "without logging in. This is in minutes.",
+        "Default: 2 minutes"})
+    public static final Property<Integer> PASSWORD_CHANGE_TIMEOUT =
+        newProperty("Security.recoveryCode.passwordChangeTimeout", 2);
+
     @Comment({
         "Seconds a user has to wait for before a password recovery mail may be sent again",
         "This prevents an attacker from abusing AuthMe's email feature."

src/main/resources/messages/messages_bg.yml

@@ -47,6 +47,7 @@ unregistered: '&cУспешно от-регистриран!'
 # TODO recovery_code_sent: 'A recovery code to reset your password has been sent to your email.'
 # TODO recovery_code_incorrect: 'The recovery code is not correct! You have %count tries remaining.'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&fТвоята регистрация не е активирана, моля провери своя Имейл!'
 usage_unreg: '&cКоманда: /unregister парола'
 pwd_changed: '&cПаролата е променена!'
@@ -88,6 +89,7 @@ email_send: '[AuthMe] Изпраен е имейл !'
 # TODO show_no_email: '&2You currently don''t have email address associated with this account.'
 add_email: '&cМоля добави своя имейл с : /email add имейл имейл'
 recovery_email: '&cЗабравихте своята парола? Моля използвай /email recovery <имейл>'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_br.yml

@@ -51,6 +51,7 @@ recovery_code_sent: 'Um código de recuperação para redefinir sua senha foi en
 # TODO: Missing tags %count
 recovery_code_incorrect: 'O código de recuperação esta incorreto! Use /email recovery [email] para gerar um novo!'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&cA sua conta ainda não está ativada, por favor, verifique seus e-mails!'
 usage_unreg: '&cUse: /unregister <senha>'
 pwd_changed: '&2Senha alterada com sucesso!'
@@ -92,6 +93,7 @@ email_send_failure: '&cO e-mail não pôde ser enviado, reporte isso a um admini
 show_no_email: '&2Você atualmente não têm endereço de e-mail associado a esta conta.'
 add_email: '&3Por favor, adicione seu e-mail para a sua conta com o comando "/email add <seuEmail> <seuEmail>"'
 recovery_email: '&3Esqueceu sua senha? Por favor, use o comando "/email recovery <seuEmail>"'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_cz.yml

@@ -47,6 +47,7 @@ recovery_code_sent: 'Kód pro obnovení hesla byl odeslán na váš email.'
 # TODO: Missing tags %count
 recovery_code_incorrect: 'Kód pro není správný! Použijte příkaz /email recovery [email] pro vygenerování nového.'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&cTvůj účet není aktivovaný, zkontroluj si svůj E-mail.'
 usage_unreg: '&cPoužij: "/unregister TvojeHeslo".'
 pwd_changed: '&cHeslo změněno!'
@@ -88,6 +89,7 @@ email_send_failure: 'Email nemohl být odeslán. Kontaktujte prosím admina.'
 show_no_email: '&2K tomuto účtu nemáte přidanou žádnou emailovou adresu.'
 add_email: '&cPřidej prosím svůj email pomocí : /email add TvůjEmail TvůjEmail'
 recovery_email: '&cZapomněl jsi heslo? Napiš: /email recovery <TvůjEmail>'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_de.yml

@@ -47,6 +47,7 @@ recovery_code_sent: 'Ein Wiederherstellungscode zum Zurücksetzen deines Passwor
 # TODO: Missing tags %count
 recovery_code_incorrect: 'Der Wiederherstellungscode stimmt nicht! Nutze /email recovery [email] um einen neuen zu generieren.'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&cDein Account wurde noch nicht aktiviert. Bitte prüfe deine E-Mails!'
 usage_unreg: '&cBenutze: /unregister <passwort>'
 pwd_changed: '&2Passwort geändert!'
@@ -88,6 +89,7 @@ email_send_failure: 'Die E-Mail konnte nicht gesendet werden. Bitte kontaktiere
 show_no_email: '&2Du hast zur Zeit keine E-Mail-Adresse für deinen Account hinterlegt.'
 add_email: '&3Bitte hinterlege deine E-Mail-Adresse: /email add <deineEmail> <emailBestätigen>'
 recovery_email: '&3Passwort vergessen? Nutze "/email recovery <deineEmail>" für ein neues Passwort'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_en.yml

@@ -46,6 +46,7 @@ two_factor_create: '&2Your secret code is %code. You can scan it from here %url'
 recovery_code_sent: 'A recovery code to reset your password has been sent to your email.'
 recovery_code_incorrect: 'The recovery code is not correct! You have %count tries remaining.'
 recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&cYour account isn''t activated yet, please check your emails!'
 usage_unreg: '&cUsage: /unregister <password>'
 pwd_changed: '&2Password changed successfully!'
@@ -87,6 +88,7 @@ email_send_failure: 'The email could not be sent. Please contact an administrato
 show_no_email: '&2You currently don''t have email address associated with this account.'
 add_email: '&3Please add your email to your account with the command: /email add <yourEmail> <confirmEmail>'
 recovery_email: '&3Forgot your password? Please use the command: /email recovery <yourEmail>'
+change_password_expired: 'You cannot change your password using this command anymore.'
 email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_es.yml

@@ -50,6 +50,7 @@ recovery_code_sent: 'El código de recuperación para recuperar tu contraseña s
 # TODO: Missing tags %count
 recovery_code_incorrect: '¡El código de recuperación no es correcto! Usa "/email recovery [email]" para generar uno nuevo'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&fTu cuenta no está activada aún, ¡revisa tu correo!'
 usage_unreg: '&cUso: /unregister contraseña'
 pwd_changed: '&c¡Contraseña cambiada!'
@@ -91,6 +92,7 @@ email_send_failure: 'No se ha podido enviar el correo electrónico. Por favor, c
 show_no_email: '&2No tienes ningun E-Mail asociado en esta cuenta.'
 add_email: '&cPor favor agrega tu e-mail con: /email add tuEmail confirmarEmail'
 recovery_email: '&c¿Olvidaste tu contraseña? Por favor usa /email recovery <tuEmail>'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_eu.yml

@@ -47,6 +47,7 @@ unregistered: '&cZure erregistroa ezabatu duzu!'
 # TODO recovery_code_sent: 'A recovery code to reset your password has been sent to your email.'
 # TODO recovery_code_incorrect: 'The recovery code is not correct! You have %count tries remaining.'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&fZure kontua aktibatu gabe dago, konfirmatu zure emaila!'
 usage_unreg: '&cErabili: /unregister password'
 pwd_changed: '&cPasahitza aldatu duzu!'
@@ -88,6 +89,7 @@ email_send: '[AuthMe] Berreskuratze emaila bidalita !'
 # TODO show_no_email: '&2You currently don''t have email address associated with this account.'
 add_email: '&cMesedez gehitu zure emaila : /email add yourEmail confirmEmail'
 recovery_email: '&cPasahitza ahaztu duzu? Erabili /email recovery <zureemaila>'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_fi.yml

@@ -47,6 +47,7 @@ unregistered: '&cPelaajatili poistettu onnistuneesti!'
 # TODO recovery_code_sent: 'A recovery code to reset your password has been sent to your email.'
 # TODO recovery_code_incorrect: 'The recovery code is not correct! You have %count tries remaining.'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&fKäyttäjäsi ei ole vahvistettu!'
 usage_unreg: '&cKäyttötapa: /unregister password'
 pwd_changed: '&cSalasana vaihdettu!!'
@@ -88,6 +89,7 @@ email_send: '[AuthMe] Palautus sähköposti lähetetty!'
 # TODO show_no_email: '&2You currently don''t have email address associated with this account.'
 add_email: '&cLisää sähköpostisi: /email add sähköpostisi sähköpostisiUudelleen'
 recovery_email: '&cUnohtuiko salasana? Käytä komentoa: /email recovery <Sähköpostisi>'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_fr.yml

@@ -52,6 +52,7 @@ recovery_code_sent: 'Un code de récupération a été envoyé à votre adresse
 # TODO: Missing tags %count
 recovery_code_incorrect: '&cLe code de réinitialisation est incorrect!%nl%Faites "/email recovery [email]" pour en générer un nouveau.'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&fCe compte n''est pas actif, consultez vos emails !'
 usage_unreg: '&cPour supprimer votre compte, utilisez "/unregister <MotDePasse>"'
 pwd_changed: '&aMot de passe changé avec succès !'
@@ -93,6 +94,7 @@ email_send_failure: '&cL''email n''a pas pu être envoyé. Veuillez contacter un
 show_no_email: '&c&oVous n''avez aucune adresse mail enregistré sur votre compte.'
 add_email: '&cRajoutez un email de récupération: /email add <Email> <ConfirmerEmail>'
 recovery_email: '&cVous avez oublié votre Mot de Passe? Utilisez "/email recovery <votreEmail>"'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 email_cooldown_error: '&cUn email de récupération a déjà été envoyé récemment. Veuillez attendre %time pour le demander de nouveau.'
 
 # Captcha

src/main/resources/messages/messages_gl.yml

@@ -47,6 +47,7 @@ unregistered: '&cFeito! Xa non estás rexistrado!'
 # TODO recovery_code_sent: 'A recovery code to reset your password has been sent to your email.'
 # TODO recovery_code_incorrect: 'The recovery code is not correct! You have %count tries remaining.'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&fA túa conta aínda non está activada, comproba a túa bandexa de correo!!'
 usage_unreg: '&cUso: /unregister <contrasinal>'
 pwd_changed: '&cCambiouse o contrasinal!'
@@ -88,6 +89,7 @@ email_send: '[AuthMe] Enviouse o correo de confirmación!'
 # TODO show_no_email: '&2You currently don''t have email address associated with this account.'
 add_email: '&cPor favor, engade o teu correo electrónico con: /email add <oTeuCorreo> <confirmarCorreo>'
 recovery_email: '&cOlvidaches o contrasinal? Por favor, usa /email recovery <oTeuCorreo>'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_hu.yml

@@ -47,6 +47,7 @@ recovery_code_sent: 'A jelszavad visszaállításához szükséges kódot sikere
 # TODO: Missing tags %count
 recovery_code_incorrect: 'A visszaállító kód helytelen volt! Használd a következő parancsot: /email recovery [email címed] egy új generálásához'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&cA felhasználód aktiválása még nem történt meg, ellenőrizd a megadott emailed!'
 usage_unreg: '&cHasználat: "/unregister <jelszó>"'
 pwd_changed: '&cJelszó sikeresen megváltoztatva!'
@@ -88,6 +89,7 @@ email_already_used: '&4Ez az email cím már használatban van!'
 show_no_email: '&2Ehhez a felhasználóhoz jelenleg még nincs email hozzárendelve.'
 add_email: '&3Kérlek rendeld hozzá a felhasználódhoz az email címedet "/email add <email címed> <email címed ismét>"'
 recovery_email: '&3Ha elfelejtetted a jelszavad, használd az: "/email recovery <regisztrált email címed>"'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_id.yml

@@ -47,6 +47,7 @@ unregistered: '&cUnregister berhasil!'
 # TODO recovery_code_sent: 'A recovery code to reset your password has been sent to your email.'
 # TODO recovery_code_incorrect: 'The recovery code is not correct! You have %count tries remaining.'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&cAkunmu belum diaktifkan, silahkan periksa email kamu!'
 # TODO usage_unreg: '&cUsage: /unregister <password>'
 pwd_changed: '&2Berhasil mengubah password!'
@@ -88,6 +89,7 @@ email_exists: '&cEmail pemulihan sudah dikirim! kamu bisa membatalkan dan mengir
 # TODO show_no_email: '&2You currently don''t have email address associated with this account.'
 add_email: '&3Silahkan tambahkan email ke akunmu menggunakan command "/email add <emailKamu> <ulangiEmail>"'
 recovery_email: '&3Lupa password? silahkan gunakan command "/email recovery <emailKamu>"'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_it.yml

@@ -49,6 +49,7 @@ recovery_code_sent: 'Una email contenente il codice di recupero per reimpostare
 # TODO: Missing tags %count
 recovery_code_incorrect: 'Il codice di recupero inserito non è corretto! Scrivi "/email recovery <email>" per generarne uno nuovo'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&cIl tuo account non è stato ancora verificato, controlla fra le tue email per scoprire come attivarlo!'
 usage_unreg: '&cUtilizzo: /unregister <password>'
 pwd_changed: '&2Password cambiata correttamente!'
@@ -90,6 +91,7 @@ email_send_failure: 'Non è stato possibile inviare l''email di recupero. Per fa
 show_no_email: '&2Al momento non hai nessun indirizzo email associato al tuo account.'
 add_email: '&3Per poter recuperare la password in futuro, aggiungi un indirizzo email al tuo account con il comando: /email add <tuaEmail> <confermaEmail>'
 recovery_email: '&3Hai dimenticato la tua password? Puoi recuperarla eseguendo il comando: /email recovery <email>'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 email_cooldown_error: '&cUna email di recupero ti è già stata inviata recentemente. Devi attendere %time prima di poterne richiedere una nuova.'
 
 # Captcha

src/main/resources/messages/messages_ko.yml

@@ -51,6 +51,7 @@ unregistered: '&c성공적으로 탈퇴했습니다!'
 # TODO recovery_code_sent: 'A recovery code to reset your password has been sent to your email.'
 # TODO recovery_code_incorrect: 'The recovery code is not correct! You have %count tries remaining.'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&f당신의 계정은 아직 활성화되어있지 않습니다, 당신의 이메일을 확인해보세요!'
 usage_unreg: '&c사용법: /unregister 비밀번호'
 pwd_changed: '&c비밀번호를 변경했습니다!'
@@ -92,6 +93,7 @@ email_exists: '[AuthMe] 당신의 계정에 이미 이메일이 존재합니다.
 # TODO show_no_email: '&2You currently don''t have email address associated with this account.'
 add_email: '&c당신의 이메일을 추가해주세요 : /email add 당신의이메일 이메일재입력'
 recovery_email: '&c비밀번호를 잊어버리셨다고요? /email recovery <당신의이메일>을 사용하세요'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_lt.yml

@@ -47,6 +47,7 @@ unregistered: '&aSekmingai issiregistravote!'
 # TODO recovery_code_sent: 'A recovery code to reset your password has been sent to your email.'
 # TODO recovery_code_incorrect: 'The recovery code is not correct! You have %count tries remaining.'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&aJusu vartotojas nera patvirtintas, patikrinkite el.pasta.'
 usage_unreg: '&ePanaikinti registracija: "/unregister slaptazodis"'
 pwd_changed: '&aSlaptazodis pakeistas'
@@ -88,6 +89,7 @@ same_nick: '&cKazkas situo vardu jau zaidzia.'
 # TODO show_no_email: '&2You currently don''t have email address associated with this account.'
 add_email: '&ePrasau pridekite savo el.pasta : /email add Email confirmEmail'
 recovery_email: '&cPamirsote slaptazodi? Rasykite: /email recovery el.pastas'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_nl.yml

@@ -47,6 +47,7 @@ recovery_code_sent: 'Een herstelcode voor je wachtwoord is naar je mailbox gestu
 # TODO: Missing tags %count
 recovery_code_incorrect: 'De herstelcode is niet correct! Gebruik "/email recovery [email]" om een nieuwe te krijgen'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: 'Je account is nog niet geactiveerd, controleer je mailbox!'
 usage_unreg: '&cGebruik: /unregister password'
 pwd_changed: '&cWachtwoord succesvol aangepast!'
@@ -88,6 +89,7 @@ email_send_failure: 'De E-mail kon niet verzonden worden. Neem contact op met ee
 show_no_email: '&2Je hebt nog geen E-mailadres toegevoegd aan dit account.'
 add_email: '&3Voeg jouw E-mailadres alsjeblieft toe met: /email add <E-mail> <wachtwoord> <herhaalWachtwoord>'
 recovery_email: '&3Wachtwoord vergeten? Gebruik alsjeblieft het commando: /email recovery <E-mail>'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_pl.yml

@@ -48,6 +48,7 @@ recovery_code_sent: 'Kod odzyskiwania hasla zostal wyslany na adres email przypi
 # TODO: Missing tags %count
 recovery_code_incorrect: 'Kod odzyskiwania hasla jest bledny! Uzyj /email recovery [email] aby wygenerowac nowy.'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&fTwoje konto nie zostalo aktywowane! Sprawdz maila.'
 usage_unreg: '&cUzycie: /unregister haslo'
 pwd_changed: '&fHaslo zostalo zmienione!'
@@ -89,6 +90,7 @@ email_send_failure: 'Nie mozna wyslac emaila. Skontaktuj sie z administracja.'
 show_no_email: '&2Nie posiadasz adresu email przypisanego do tego konta.'
 add_email: '&cProsze dodac swoj email: /email add twojEmail powtorzEmail'
 recovery_email: '&cZapomniales hasla? Prosze uzyj komendy /email recovery <TwojEmail>'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 email_cooldown_error: '&cEmail zostal wyslany, musisz poczekac %time przed wyslaniem nastepnego.'
 
 # Captcha

src/main/resources/messages/messages_pt.yml

@@ -47,6 +47,7 @@ two_factor_create: '&2O seu código secreto é o %code. Você pode verificá-lo
 # TODO recovery_code_sent: 'A recovery code to reset your password has been sent to your email.'
 # TODO recovery_code_incorrect: 'The recovery code is not correct! You have %count tries remaining.'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&fA sua conta não foi ainda activada, verifique o seu email onde irá receber indicações para activação de conta. '
 usage_unreg: '&cUse: /unregister password'
 pwd_changed: '&cPassword alterada!'
@@ -88,6 +89,7 @@ email_already_used: '&4O endereço de e-mail já está sendo usado'
 # TODO show_no_email: '&2You currently don''t have email address associated with this account.'
 add_email: '&cPor favor adicione o seu email com : /email add seuEmail confirmarSeuEmail'
 recovery_email: '&cPerdeu a sua password? Para a recuperar escreva /email recovery <seuEmail>'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_ro.yml

@@ -47,6 +47,7 @@ recovery_code_sent: 'Un cod de recuperare a parolei a fost trimis catre email-ul
 # TODO: Missing tags %count
 recovery_code_incorrect: 'Codul de recuperare nu este corect! Foloseste /email recovery [email] pentru a genera unul nou.'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&cContul tau nu este activat, te rugam verifica-ti email-ul!'
 usage_unreg: '&cFoloseste comanda: /unregister <parola>'
 pwd_changed: '&2Parola a fost inregistrata cu succes!'
@@ -88,6 +89,7 @@ email_already_used: '&4Email-ul a fost deja folosit'
 show_no_email: '&2Nu ai nici-o adresa de email asociat cu acest cont.'
 add_email: '&3Te rugam adaugati email-ul la contul tau folosind comanda "/email add <email> <email>"'
 recovery_email: '&3Ti-ai uitat parola? Te rugam foloseste comanda "/email recovery <email>"'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_ru.yml

@@ -47,6 +47,7 @@ recovery_code_sent: 'Код восстановления для сброса п
 # TODO: Missing tags %count
 recovery_code_incorrect: 'Код восстановления неверный! Введите /email recovery <Ваш Email>, чтобы отправить новый код'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&6Ваш аккаунт еще не активирован! Проверьте вашу почту!'
 usage_unreg: '&cИспользование: &e/unregister <Пароль>'
 pwd_changed: '&2Пароль изменен!'
@@ -88,6 +89,7 @@ email_send_failure: 'Письмо не може быть отправлено.
 show_no_email: '&2В данный момент к вашему аккаунте не привязана электронная почта.'
 add_email: '&cДобавьте свой email: &e/email add <Ваш Email> <Ваш Email>'
 recovery_email: '&cЗабыли пароль? Используйте &e/email recovery <Ваш Email>'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 email_cooldown_error: '&cЭлектронное письмо было отправлено недавно. Пожалуйста, подождите %time прежде чем отправить новое письмо.'
 
 # Каптча

src/main/resources/messages/messages_sk.yml

@@ -51,6 +51,7 @@ unregistered: '&cUcet bol vymazany!'
 # TODO recovery_code_sent: 'A recovery code to reset your password has been sent to your email.'
 # TODO recovery_code_incorrect: 'The recovery code is not correct! You have %count tries remaining.'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&fUcet nie je aktivny. Prezri si svoj e-mail!'
 usage_unreg: '&cPríkaz: /unregister heslo'
 pwd_changed: '&cHeslo zmenené!'
@@ -92,6 +93,7 @@ same_nick: '&fHrác s tymto nickom uz hrá!'
 # TODO show_no_email: '&2You currently don''t have email address associated with this account.'
 add_email: '&cPridaj svoj e-mail príkazom "/email add email zopakujEmail"'
 recovery_email: '&cZabudol si heslo? Pouzi príkaz /email recovery <tvojEmail>'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_tr.yml

@@ -47,6 +47,7 @@ recovery_code_sent: 'Sifre sifirlama kodu eposta adresinize gonderildi.'
 # TODO: Missing tags %count
 recovery_code_incorrect: 'Kod dogru degil! Kullanim "/email recovery [eposta]" ile yeni bir kod olustur'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&cHeabiniz henuz aktif edilmemis, e-postanizi kontrol edin!'
 usage_unreg: '&cKullanim: /unregister <sifre>'
 pwd_changed: '&2Sifre basariyla degistirildi!'
@@ -88,6 +89,7 @@ email_send_failure: 'Eposta gonderilemedi. Yetkili ile iletisime gec.'
 show_no_email: '&2Bu hesapla iliskili bir eposta bulunmuyor.'
 add_email: '&3Lutfen hesabinize eposta adresinizi komut ile ekleyin "/email add <eposta> <tekrarEposta>"'
 recovery_email: '&3Sifreni mi unuttun ? Komut kullanarak ogrenebilirsin "/email recovery <eposta>"'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 email_cooldown_error: '&cKisa bir sure once eposta gonderildi. Yeni bir eposta almak icin %time beklemelisin.'
 
 # Captcha

src/main/resources/messages/messages_uk.yml

@@ -46,6 +46,7 @@ two_factor_create: '&2Ваш секретний код — %code %nl%&2Може
 # TODO recovery_code_sent: 'A recovery code to reset your password has been sent to your email.'
 # TODO recovery_code_incorrect: 'The recovery code is not correct! You have %count tries remaining.'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&cВаш акаунт ще не активовано. Будь ласка, провірте свою електронну пошту!'
 usage_unreg: '&cСинтаксис: /unregister <пароль>'
 pwd_changed: '&2Пароль успішно змінено!'
@@ -87,6 +88,7 @@ email_already_used: '&4До цієї електронної пошти прив
 # TODO show_no_email: '&2You currently don''t have email address associated with this account.'
 add_email: '&3Не забудьте прив’язати електронну пошту до свого акаунта, за допомогою команди "/email add <e-mail> <e-mail повторно>"'
 recovery_email: 'Забули пароль? Можете скористатись командою &9/email recovery &f<&9ваш e-mail&f>'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_vn.yml

@@ -47,6 +47,7 @@ recovery_code_sent: 'Một mã khôi phục mật khẩu đã được gửi đ
 # TODO: Missing tags %count
 recovery_code_incorrect: 'Mã khôi phục không đúng! Dùng lệnh /email recovery [email] để tạo một mã mới'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&cTài khoản của bạn chưa được kích hoạt, vui lòng kiểm tra email!'
 usage_unreg: '&cSử dụng: /unregister <mật khẩu>'
 pwd_changed: '&2Thay đổi mật khẩu thành công!'
@@ -88,6 +89,7 @@ email_send_failure: 'Không thể gửi thư. Vui lòng liên hệ với ban qu
 show_no_email: '&2Hiện tại bạn chưa liên kết bất kỳ email nào với tài khoản này.'
 add_email: '&eVui lòng thêm email của bạn với lệnh "/email add <email> <nhập lại email>"'
 recovery_email: '&aBạn quên mật khẩu? Vui lòng gõ lệnh "/email recovery <email>"'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_zhcn.yml

@@ -48,6 +48,7 @@ recovery_code_sent: '一个用于重置您的密码的验证码已发到您的
 # TODO: Missing tags %count
 recovery_code_incorrect: '验证码不正确！ 使用 /email recovery [email] 以生成新的验证码'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&8[&6玩家系统&8] &f你的帐号还未激活，请查看你的邮箱！'
 usage_unreg: '&8[&6玩家系统&8] &c正确用法：“/unregister <密码>”'
 pwd_changed: '&8[&6玩家系统&8] &c密码已成功修改！'
@@ -89,6 +90,7 @@ email_send_failure: '邮件发送失败，请联系管理员'
 show_no_email: '&2您当前并没有任何邮箱与该账号绑定'
 add_email: '&8[&6玩家系统&8] &c请输入“/email add <你的邮箱> <再输入一次以确认>”以把你的邮箱添加到此帐号'
 recovery_email: '&8[&6玩家系统&8] &c忘了你的密码？请输入：“/email recovery <你的邮箱>”'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_zhhk.yml

@@ -51,6 +51,7 @@ two_factor_create: '&8[&6用戶系統 - 兩步驗證碼&8] &b你的登入金鑰
 # TODO recovery_code_sent: 'A recovery code to reset your password has been sent to your email.'
 # TODO recovery_code_incorrect: 'The recovery code is not correct! You have %count tries remaining.'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&8[&6用戶系統&8] &f你的帳戶還沒有經過電郵驗證 ！'
 usage_unreg: '&8[&6用戶系統&8] &f用法： 《 /unregister <密碼> 》'
 pwd_changed: '&8[&6用戶系統&8] &c你成功更換了你的密碼 ！'
@@ -92,6 +93,7 @@ email_already_used: '&8[&6用戶系統&8] &4這個電郵地址已被使用。'
 # TODO show_no_email: '&2You currently don''t have email address associated with this account.'
 add_email: '&8[&6用戶系統&8] &b請為你的帳戶立即添加電郵地址： 《 /email add <電郵地址> <重覆電郵地址> 》'
 recovery_email: '&8[&6用戶系統&8] &b忘記密碼？請使用 /email recovery <電郵地址> 來更新密碼。'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_zhmc.yml

@@ -47,6 +47,7 @@ recovery_code_sent: '已將重設密碼的恢復代碼發送到您的電子郵
 # TODO: Missing tags %count
 recovery_code_incorrect: '恢復代碼錯誤!使用指令: "/email recovery [電郵地址]" 生成新的一個恢復代碼。'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&c你的帳戶未激活,請確認電郵!'
 usage_unreg: '&c使用方法: "/unregister <你的密碼>"'
 pwd_changed: '&2密碼已更變!'
@@ -88,6 +89,7 @@ email_already_used: '&4此電子郵件地址已被使用'
 # TODO show_no_email: '&2You currently don''t have email address associated with this account.'
 add_email: '&3請使用命令: /email add [你的電郵地址] [重覆確認你的電郵地址] 將您的電子郵件添加到您的帳戶"'
 recovery_email: '&3忘記密碼了嗎？ 請使用命令: "/email recovery [你的電郵地址]"'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/main/resources/messages/messages_zhtw.yml

@@ -51,6 +51,7 @@ two_factor_create: '&b【AuthMe - 兩步驗證碼】&b你的登入金鑰為&9「
 # TODO recovery_code_sent: 'A recovery code to reset your password has been sent to your email.'
 # TODO recovery_code_incorrect: 'The recovery code is not correct! You have %count tries remaining.'
 # TODO recovery_tries_exceeded: 'You have exceeded the maximum number attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one.'
+# TODO recovery_change_password: 'Please use the command /email setpassword <new password> to change your password immediately.'
 vb_nonActiv: '&b【AuthMe】&6你的帳號還沒有經過驗證! 檢查看看你的電子信箱 (Email) 吧!'
 usage_unreg: '&b【AuthMe】&6用法: &c"/unregister <密碼>"'
 pwd_changed: '&b【AuthMe】&6密碼變更成功!'
@@ -92,6 +93,7 @@ email_already_used: '&b【AuthMe】&4這個電郵地址已被使用。'
 # TODO show_no_email: '&2You currently don''t have email address associated with this account.'
 add_email: '&b【AuthMe】&6請使用 &c"/email add <你的Email> <再次輸入你的Email>" &6來添加 Email'
 recovery_email: '&b【AuthMe】&6忘記密碼了嗎? 使用 &c"/email recovery <你的Email>"'
+# TODO change_password_expired: 'You cannot change your password using this command anymore.'
 # TODO email_cooldown_error: '&cAn email was already sent recently. You must wait %time before you can send a new one.'
 
 # Captcha

src/test/java/fr/xephi/authme/command/executable/email/SetPasswordCommandTest.java

@@ -0,0 +1,102 @@
+package fr.xephi.authme.command.executable.email;
+
+import fr.xephi.authme.datasource.DataSource;
+import fr.xephi.authme.message.MessageKey;
+import fr.xephi.authme.security.PasswordSecurity;
+import fr.xephi.authme.security.crypts.HashedPassword;
+import fr.xephi.authme.service.CommonService;
+import fr.xephi.authme.service.PasswordRecoveryService;
+import fr.xephi.authme.service.ValidationService;
+import org.bukkit.entity.Player;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+
+import java.util.Collections;
+
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+
+/**
+ * Tests for {@link SetPasswordCommand}.
+ */
+@RunWith(MockitoJUnitRunner.class)
+public class SetPasswordCommandTest {
+
+    @InjectMocks
+    private SetPasswordCommand command;
+
+    @Mock
+    private DataSource dataSource;
+
+    @Mock
+    private CommonService commonService;
+
+    @Mock
+    private PasswordRecoveryService recoveryService;
+
+    @Mock
+    private PasswordSecurity passwordSecurity;
+
+    @Mock
+    private ValidationService validationService;
+
+    @Test
+    public void shouldChangePassword() {
+        // given
+        Player player = mock(Player.class);
+        String name = "Jerry";
+        given(player.getName()).willReturn(name);
+        given(recoveryService.canChangePassword(player)).willReturn(true);
+        HashedPassword hashedPassword = passwordSecurity.computeHash("abc123", name);
+        given(passwordSecurity.computeHash("abc123", name)).willReturn(hashedPassword);
+        given(validationService.validatePassword("abc123", name))
+            .willReturn(new ValidationService.ValidationResult());
+
+        // when
+        command.runCommand(player, Collections.singletonList("abc123"));
+
+        // then
+        verify(validationService).validatePassword("abc123", name);
+        verify(dataSource).updatePassword(name, hashedPassword);
+        verify(commonService).send(player, MessageKey.PASSWORD_CHANGED_SUCCESS);
+    }
+
+    @Test
+    public void shouldRejectInvalidPassword() {
+        // given
+        Player player = mock(Player.class);
+        String name = "Morgan";
+        given(player.getName()).willReturn(name);
+        String password = "newPW";
+        given(validationService.validatePassword(password, name))
+            .willReturn(new ValidationService.ValidationResult(MessageKey.INVALID_PASSWORD_LENGTH));
+        given(recoveryService.canChangePassword(player)).willReturn(true);
+
+        // when
+        command.executeCommand(player, Collections.singletonList(password));
+
+        // then
+        verify(validationService).validatePassword(password, name);
+        verify(commonService).send(player, MessageKey.INVALID_PASSWORD_LENGTH, new String[0]);
+    }
+
+    @Test
+    public void shouldDoNothingCantChangePass() {
+        // given
+        Player player = mock(Player.class);
+        String name = "Carol";
+        given(player.getName()).willReturn(name);
+
+        // when
+        command.runCommand(player, Collections.singletonList("abc123"));
+
+        // then
+        verifyZeroInteractions(validationService);
+        verifyZeroInteractions(dataSource);
+    }
+}