Merge pull request #6 from Xephi/master

Up

README.md

@@ -75,7 +75,7 @@ AuthMe Reloaded prevents players who aren't logged in from actions like placing
 </li><li>Possible to use without a Permissions plugin
 </li><li><strong>Spoutcraft Login GUI</strong>
 </li><li>Automatic backup system of all your user password data
-</li><li>Default Language Style: en, de, br, cz, pl, fr, ru, hu, sk, es, zhtw, fi, zhcn, nl ( feel free to send new translations )
+</li><li>Default Language Style: en, de, br, cz, pl, fr, it, ru, hu, sk, es, zhtw, fi, zhcn, nl ( feel free to send new translations )
 </li><li>Convert the FlatFile auths.db to an usefull authme.sql that you can use on a MySQL database !
 </li><li>Import your database from Rakamak, xAuth, CrazyLogin, RoyalAuth, vAuth !
 </li></ul>

pom.xml

@@ -79,6 +79,29 @@
 					</archive>
 				</configuration>
 			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-shade-plugin</artifactId>
+				<version>2.3</version>
+				<configuration>
+					<artifactSet>
+						<includes>
+							<include>com.maxmind.geoip:*</include>
+							<include>com.sun.mail:*</include>
+							<include>javax.mail:*</include>
+							<include>com.comphenix.attribute:*</include>
+						</includes>
+					</artifactSet>
+				</configuration>
+				<executions>
+					<execution>
+						<phase>package</phase>
+						<goals>
+							<goal>shade</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
 		</plugins>
 	</build>
 
@@ -169,12 +192,7 @@
 		<dependency>
 			<groupId>com.sun.mail</groupId>
 			<artifactId>javax.mail</artifactId>
-			<version>1.5.3</version>
-		</dependency>
-		<dependency>
-			<groupId>javax.mail</groupId>
-			<artifactId>mail</artifactId>
-			<version>1.5.0-b01</version>
+			<version>1.5.4</version>
 		</dependency>
 
 		<!-- Maxmind GeoIp API -->
@@ -192,7 +210,7 @@
 			<version>${bukkitVersion}</version>
 		</dependency>
 
-        <!-- Attribute -->
+		<!-- Attribute -->
 		<dependency>
 			<groupId>com.comphenix.attribute</groupId>
 			<artifactId>AttributeStorage</artifactId>
@@ -206,7 +224,7 @@
 					<groupId>org.bukkit</groupId>
 					<artifactId>craftbukkit</artifactId>
 				</exclusion>
-			</exclusions> 
+			</exclusions>
 		</dependency>
 
 		<!-- Vault, http://dev.bukkit.org/bukkit-plugins/vault/ -->
@@ -223,7 +241,7 @@
 					<groupId>org.bukkit</groupId>
 					<artifactId>craftbukkit</artifactId>
 				</exclusion>
-			</exclusions> 
+			</exclusions>
 		</dependency>
 
 		<!-- Citizens 2.X, NPC plugin, http://dev.bukkit.org/bukkit-plugins/citizens/ -->
@@ -240,7 +258,7 @@
 					<groupId>org.bukkit</groupId>
 					<artifactId>craftbukkit</artifactId>
 				</exclusion>
-			</exclusions> 
+			</exclusions>
 		</dependency>
 
 		<!-- Multi World plugin, http://www.spigotmc.org/resources/multiverse-core.390/ -->
@@ -259,7 +277,7 @@
 					<groupId>org.bukkit</groupId>
 					<artifactId>craftbukkit</artifactId>
 				</exclusion>
-			</exclusions> 
+			</exclusions>
 		</dependency>
 
 		<!-- Essentials plugin -->
@@ -276,7 +294,7 @@
 					<groupId>org.bukkit</groupId>
 					<artifactId>craftbukkit</artifactId>
 				</exclusion>
-			</exclusions> 
+			</exclusions>
 		</dependency>
 
 		<!-- Anti PvPLogging plugin, https://github.com/MinelinkNetwork/CombatTagPlus -->
@@ -293,7 +311,7 @@
 					<groupId>org.bukkit</groupId>
 					<artifactId>craftbukkit</artifactId>
 				</exclusion>
-			</exclusions> 
+			</exclusions>
 		</dependency>
 
 		<!-- Anti PvPLogging plugin, http://www.spigotmc.org/resources/combat-tag.3182/ -->
@@ -310,7 +328,7 @@
 					<groupId>org.bukkit</groupId>
 					<artifactId>craftbukkit</artifactId>
 				</exclusion>
-			</exclusions> 
+			</exclusions>
 		</dependency>
 
 		<!-- XAuth, another authentication plugin, required by the database converter -->
@@ -327,7 +345,7 @@
 					<groupId>org.bukkit</groupId>
 					<artifactId>craftbukkit</artifactId>
 				</exclusion>
-			</exclusions> 
+			</exclusions>
 		</dependency>
 
 		<!-- Spout API, https://spoutcraft.org/downloads/ -->
@@ -344,11 +362,11 @@
 					<groupId>org.bukkit</groupId>
 					<artifactId>craftbukkit</artifactId>
 				</exclusion>
-			</exclusions> 
+			</exclusions>
 		</dependency>
 
 		<!-- Local Dependencies -->
-		
+
 		<!-- It doesn't have a Maven Repo, http://dev.bukkit.org/bukkit-plugins/chestshop/ -->
 		<dependency>
 			<groupId>com.Acrobot</groupId>

src/main/java/fr/xephi/authme/Utils.java

@@ -1,10 +1,8 @@
 package fr.xephi.authme;
 
-import java.io.File;
-import java.io.FileWriter;
+import java.util.ArrayList;
 import java.util.Iterator;
-import java.util.Random;
-import java.util.Scanner;
+import java.util.List;
 
 import org.bukkit.Bukkit;
 import org.bukkit.GameMode;
@@ -12,10 +10,10 @@ import org.bukkit.Location;
 import org.bukkit.World;
 import org.bukkit.entity.Player;
 
-import fr.xephi.authme.api.API;
 import fr.xephi.authme.cache.limbo.LimboCache;
 import fr.xephi.authme.cache.limbo.LimboPlayer;
 import fr.xephi.authme.events.AuthMeTeleportEvent;
+import fr.xephi.authme.security.RandomString;
 import fr.xephi.authme.settings.Settings;
 
 public class Utils {
@@ -24,6 +22,7 @@ public class Utils {
     private static Utils singleton;
     int id;
     public AuthMe plugin;
+    private static List<String> tokens = new ArrayList<String>();
 
     public Utils(AuthMe plugin) {
         this.plugin = plugin;
@@ -167,19 +166,18 @@ public class Utils {
      * Random Token for passpartu
      */
     public boolean obtainToken() {
-        File file = new File("plugins" + File.separator + "AuthMe" + File.separator + "passpartu.token");
-        if (file.exists())
-            file.delete();
-
-        FileWriter writer = null;
         try {
-            file.createNewFile();
-            writer = new FileWriter(file);
-            String token = generateToken();
-            writer.write(token + ":" + System.currentTimeMillis() / 1000 + API.newline);
-            writer.flush();
+            final String token = new RandomString(10).nextString();
+            tokens.add(token);
             ConsoleLogger.info("[AuthMe] Security passpartu token: " + token);
-            writer.close();
+            Bukkit.getScheduler().runTaskLaterAsynchronously(plugin, new Runnable() {
+
+                @Override
+                public void run() {
+                    tokens.remove(token);
+                }
+
+            }, 600);
             return true;
         } catch (Exception e) {
             e.printStackTrace();
@@ -191,46 +189,11 @@ public class Utils {
      * Read Token
      */
     public boolean readToken(String inputToken) {
-        File file = new File("plugins" + File.separator + "AuthMe" + File.separator + "passpartu.token");
-
-        if (!file.exists())
-            return false;
-
-        if (inputToken.isEmpty())
-            return false;
-        Scanner reader = null;
-        try {
-            reader = new Scanner(file);
-            while (reader.hasNextLine()) {
-                final String line = reader.nextLine();
-                if (line.contains(":")) {
-                    String[] tokenInfo = line.split(":");
-                    if (tokenInfo[0].equals(inputToken) && System.currentTimeMillis() / 1000 - 30 <= Integer.parseInt(tokenInfo[1])) {
-                        file.delete();
-                        reader.close();
-                        return true;
-                    }
-                }
-            }
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-        reader.close();
-        return false;
-    }
-
-    /*
-     * Generate Random Token
-     */
-    private String generateToken() {
-        // obtain new random token
-        Random rnd = new Random();
-        char[] arr = new char[5];
-        for (int i = 0; i < 5; i++) {
-            int n = rnd.nextInt(36);
-            arr[i] = (char) (n < 10 ? '0' + n : 'a' + n - 10);
-        }
-        return new String(arr);
+        boolean ret = false;
+        if (tokens.contains(inputToken))
+            ret = true;
+        tokens.remove(inputToken);
+        return (ret);
     }
 
     /*

src/main/java/fr/xephi/authme/commands/AdminCommand.java

@@ -73,6 +73,7 @@ public class AdminCommand implements CommandExecutor {
             sender.sendMessage("/authme getemail <playername> - Get player email");
             sender.sendMessage("/authme purgelastpos <playername> - Purge last position for a player");
             sender.sendMessage("/authme switchantibot on/off - Enable/Disable antibot method");
+            sender.sendMessage("/authme forcelogin <playername>");
             return true;
         }
 
@@ -552,6 +553,26 @@ public class AdminCommand implements CommandExecutor {
             database.updateQuitLoc(auth);
             sender.sendMessage("[AuthMe] Successfully reset position for " + auth.getNickname());
             return true;
+        } else if (args[0].equalsIgnoreCase("forcelogin")) {
+            if (args.length < 2) {
+                sender.sendMessage("Usage : /authme forcelogin <playerName>");
+                return true;
+            }
+            try {
+                Player player = Bukkit.getPlayer(args[1]);
+                if (player == null || !player.isOnline()) {
+                    sender.sendMessage("Online player only !");
+                    return true;
+                }
+                if (!plugin.authmePermissible(player, "authme.canbeforced")) {
+                    sender.sendMessage("You cannot force login for this player!");
+                    return true;
+                }
+                plugin.management.performLogin(player, "dontneed", true);
+                sender.sendMessage("Force Login performed !");
+            } catch (Exception e) {
+                sender.sendMessage("An error occured while trying to get that player!");
+            }
         } else {
             sender.sendMessage("Usage: /authme reload|register playername password|changepassword playername password|unregister playername");
         }

src/main/java/fr/xephi/authme/commands/ChangePasswordCommand.java

@@ -54,14 +54,20 @@ public class ChangePasswordCommand implements CommandExecutor {
         }
 
         String lowpass = args[1].toLowerCase();
-        if ((lowpass.contains("delete") || lowpass.contains("where") || lowpass.contains("insert") || lowpass.contains("modify") || lowpass.contains("from") || lowpass.contains("select") || lowpass.contains(";") || lowpass.contains("null")) || !lowpass.matches(Settings.getPassRegex)) {
+        if ((lowpass.contains("delete") || lowpass.contains("where") || lowpass.contains("insert") || lowpass.contains("modify") || lowpass.contains("from") || lowpass.contains("select") || lowpass.contains(";") || lowpass.contains("null")) || !lowpass.matches(Settings.getPassRegex) || lowpass.equalsIgnoreCase(name)) {
             m.send(player, "password_error");
             return true;
         }
-        if (lowpass.equalsIgnoreCase(name)) {
-            m.send(player, "password_error");
+        if (lowpass.length() < Settings.getPasswordMinLen || lowpass.length() > Settings.passwordMaxLength) {
+            m.send(player, "pass_len");
             return true;
         }
+        if (!Settings.unsafePasswords.isEmpty()) {
+            if (Settings.unsafePasswords.contains(lowpass)) {
+                m.send(player, "password_error");
+                return true;
+            }
+        }
         try {
             String hashnew = PasswordSecurity.getHash(Settings.getPasswordHash, args[1], name);
 

src/main/java/fr/xephi/authme/process/join/AsyncronousJoin.java

@@ -100,7 +100,7 @@ public class AsyncronousJoin {
                 long timeout = Settings.getSessionTimeout * 60000;
                 long lastLogin = auth.getLastLogin();
                 long cur = new Date().getTime();
-                if ((cur - lastLogin < timeout || timeout == 0) && !auth.getIp().equals("198.18.0.1")) {
+                if ((cur - lastLogin < timeout || timeout == 0) && !auth.getIp().matches("198.168.(0|1).1")) {
                     if (auth.getNickname().equalsIgnoreCase(name) && auth.getIp().equals(ip)) {
                         if (PlayerCache.getInstance().getAuth(name) != null) {
                             PlayerCache.getInstance().updatePlayer(auth);

src/main/java/fr/xephi/authme/process/login/AsyncronousLogin.java

@@ -150,6 +150,12 @@ public class AsyncronousLogin {
             m.send(player, "login");
 
             displayOtherAccounts(auth, player);
+            
+            if (Settings.recallEmail) {
+                if (email == null || email.isEmpty() || email.equalsIgnoreCase("your@email.com"))
+                    m.send(player, "add_email");
+            }
+
 
             if (!Settings.noConsoleSpam)
                 ConsoleLogger.info(player.getName() + " logged in!");

src/main/resources/plugin.yml

@@ -69,6 +69,7 @@ permissions:
              authme.admin.getip: true
              authme.admin.converter: true
              authme.admin.resetposition: true
+             authme.admin.forcelogin: true
     authme.register:
         description: Register an account
         default: true
@@ -165,3 +166,9 @@ permissions:
     authme.admin.resetposition:
         description: Reset last position for a player
         default: op
+    authme.admin.forcelogin:
+        description: Force login for that player
+        default: op
+    authme.canbeforced:
+        description: Can this player be forced to login
+        default: true