Upstream/AuthMeReloaded
1
0
Fork 0
mirror of https://github.com/AuthMe/AuthMeReloaded.git synced 2024-12-19 07:07:55 +01:00
Code Issues Projects Releases Wiki Activity

Merge origin/master

Browse Source
This commit is contained in:
games647 2016-02-10 22:23:37 +01:00
commit 7dc67d7992
6 changed files with 58 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
README.md
View File

@ -2,18 +2,17 @@
<p align="center"><strong>The most used authentication plugin for CraftBukkit/Spigot!</strong></p> <p align="center"><strong>The most used authentication plugin for CraftBukkit/Spigot!</strong></p>
<hr> <hr>
####Development history:
[![Gource AuthMe History Video](http://img.youtube.com/vi/hJRzNfYyd9k/hqdefault.jpg)](https://www.youtube.com/watch?v=hJRzNfYyd9k)
#####Development tools: #####Development tools:
- DEVELOPMENT TEAM REPO (<strong>please send PRs here!</strong>): <a href="https://github.com/AuthMe-Team/AuthMeReloaded">Github Development Page</a> - DEVELOPMENT TEAM REPO (<strong>please send PRs here!</strong>): <a href="https://github.com/AuthMe-Team/AuthMeReloaded">Github Development Page</a>
- Developers ChatRoom: [![Join the chat at https://gitter.im/Xephi/AuthMeReloaded](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/Xephi/AuthMeReloaded?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) - Developers ChatRoom: [![Join the chat at https://gitter.im/Xephi/AuthMeReloaded](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/Xephi/AuthMeReloaded?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
- Build status: [![Build Status](https://travis-ci.org/Xephi/AuthMeReloaded.svg?branch=master)](https://travis-ci.org/Xephi/AuthMeReloaded) [![Dependency Status](https://www.versioneye.com/user/projects/55bab9e8653762002000190a/badge.svg?style=flat)](https://www.versioneye.com/user/projects/55bab9e8653762002000190a) - Build Server (<strong>DEVELOPMENT BUILDS</strong>): <a href="http://ci.xephi.fr/job/AuthMeReloaded">Xephi's Jenkins</a>
- Build status (CircleCI): [![Circle CI](https://circleci.com/gh/Xephi/AuthMeReloaded.svg?style=svg)](https://circleci.com/gh/Xephi/AuthMeReloaded) - Build status: [![Build Status](https://travis-ci.org/AuthMe-Team/AuthMeReloaded.svg?branch=master)](https://travis-ci.org/AuthMe-Team/AuthMeReloaded) [![Dependency Status](https://www.versioneye.com/user/projects/55bab9e8653762002000190a/badge.svg?style=flat)](https://www.versioneye.com/user/projects/55bab9e8653762002000190a)
- Build status (CircleCI): [![Circle CI](https://circleci.com/gh/AuthMe-Team/AuthMeReloaded.svg?style=svg)](https://circleci.com/gh/AuthMe-Team/AuthMeReloaded)
- Alternative Dev Build download link (via CircleCi): <a href="https://circleci-tkn.rhcloud.com/api/v1/project/AuthMe-Team/AuthMeReloaded/tree/master/latest/artifacts/AuthMe.jar">Download</a> - Alternative Dev Build download link (via CircleCi): <a href="https://circleci-tkn.rhcloud.com/api/v1/project/AuthMe-Team/AuthMeReloaded/tree/master/latest/artifacts/AuthMe.jar">Download</a>
- JitPack (just in case): [![](https://jitpack.io/v/AuthMe-Team/AuthMeReloaded.svg)](https://jitpack.io/#AuthMe-Team/AuthMeReloaded) - JitPack (just in case): [![](https://jitpack.io/v/AuthMe-Team/AuthMeReloaded.svg)](https://jitpack.io/#AuthMe-Team/AuthMeReloaded)
@ -21,9 +20,7 @@
- Issue Tracking : [![Stories in Ready](https://badge.waffle.io/Xephi/AuthMeReloaded.png?label=ready&title=Ready)](https://waffle.io/Xephi/AuthMeReloaded) [![Stories in Bugs](https://badge.waffle.io/Xephi/AuthMeReloaded.png?label=bugs&title=Bugs)](https://waffle.io/Xephi/AuthMeReloaded) [![Stories in In%20Progress](https://badge.waffle.io/Xephi/AuthMeReloaded.png?label=in%20progress&title=In%20Progress)](https://waffle.io/Xephi/AuthMeReloaded) - Issue Tracking : [![Stories in Ready](https://badge.waffle.io/Xephi/AuthMeReloaded.png?label=ready&title=Ready)](https://waffle.io/Xephi/AuthMeReloaded) [![Stories in Bugs](https://badge.waffle.io/Xephi/AuthMeReloaded.png?label=bugs&title=Bugs)](https://waffle.io/Xephi/AuthMeReloaded) [![Stories in In%20Progress](https://badge.waffle.io/Xephi/AuthMeReloaded.png?label=in%20progress&title=In%20Progress)](https://waffle.io/Xephi/AuthMeReloaded)
- Build Server (<strong>DEVELOPMENT BUILDS</strong>): <a href="http://ci.xephi.fr/job/AuthMeReloaded">Xephi's Jenkins</a> - JavaDoc: <a href="http://ci.xephi.fr/job/AuthMeReloaded/javadoc/">AuthMe Javadoc</a>
- JavaDocs: <a href="http://ci.xephi.fr/job/AuthMeReloaded/javadoc/">AuthMe Javadoc</a>
- Maven Repo: <a href="http://ci.xephi.fr/plugin/repository/everything/">AuthMe Repo</a> - Maven Repo: <a href="http://ci.xephi.fr/plugin/repository/everything/">AuthMe Repo</a>
@ -37,6 +34,9 @@ McStats: http://mcstats.org/plugin/AuthMe
<img src="http://i.mcstats.org/AuthMe/Version+Demographics.borderless.png"> <img src="http://i.mcstats.org/AuthMe/Version+Demographics.borderless.png">
#####Development history:
[![Gource AuthMe History Video](http://img.youtube.com/vi/hJRzNfYyd9k/hqdefault.jpg)](https://www.youtube.com/watch?v=hJRzNfYyd9k)
<hr> <hr>
#####Compiling Requirements: #####Compiling Requirements:
@ -84,6 +84,7 @@ typing commands or using the inventory. It can also kick players with uncommonly
<li>Xenforo: XFBCRYPT</li> <li>Xenforo: XFBCRYPT</li>
<li>MyBB: MYBB</li> <li>MyBB: MYBB</li>
<li>IPB3: IPB3</li> <li>IPB3: IPB3</li>
<li>IPB4: IPB4</li>
<li>PhpFusion: PHPFUSION</li> <li>PhpFusion: PHPFUSION</li>
<li>Joomla: JOOMLA</li> <li>Joomla: JOOMLA</li>
<li>WBB3: WBB3*</li> <li>WBB3: WBB3*</li>

27
src/main/java/fr/xephi/authme/security/RandomString.java
View File

@ -8,18 +8,10 @@ import java.util.Random;
*/ */
public final class RandomString { public final class RandomString {
private static final char[] chars = new char[36]; private static final String CHARS = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
private static final Random RANDOM = new SecureRandom(); private static final Random RANDOM = new SecureRandom();
private static final int HEX_MAX_INDEX = 16; private static final int HEX_MAX_INDEX = 16;
private static final int LOWER_ALPHANUMERIC_INDEX = 36;
static {
for (int idx = 0; idx < 10; ++idx) {
chars[idx] = (char) ('0' + idx);
}
for (int idx = 10; idx < 36; ++idx) {
chars[idx] = (char) ('a' + idx - 10);
}
}
private RandomString() { private RandomString() {
} }
@ -31,7 +23,7 @@ public final class RandomString {
* @return The random string * @return The random string
*/ */
public static String generate(int length) { public static String generate(int length) {
return generate(length, chars.length); return generate(length, LOWER_ALPHANUMERIC_INDEX);
} }
/** /**
@ -45,13 +37,24 @@ public final class RandomString {
return generate(length, HEX_MAX_INDEX); return generate(length, HEX_MAX_INDEX);
} }
/**
* Generate a random string with digits and lowercase and uppercase letters. The result of this
* method matches the pattern [0-9a-zA-Z].
*
* @param length The length of the random string to generate
* @return The random string
*/
public static String generateLowerUpper(int length) {
return generate(length, CHARS.length());
}
private static String generate(int length, int maxIndex) { private static String generate(int length, int maxIndex) {
if (length < 0) { if (length < 0) {
throw new IllegalArgumentException("Length must be positive but was " + length); throw new IllegalArgumentException("Length must be positive but was " + length);
} }
StringBuilder sb = new StringBuilder(length); StringBuilder sb = new StringBuilder(length);
for (int i = 0; i < length; ++i) { for (int i = 0; i < length; ++i) {
sb.append(chars[RANDOM.nextInt(maxIndex)]); sb.append(CHARS.charAt(RANDOM.nextInt(maxIndex)));
} }
return sb.toString(); return sb.toString();
} }

24
src/main/java/fr/xephi/authme/security/crypts/IPB4.java
View File

@ -1,19 +1,24 @@
package fr.xephi.authme.security.crypts; package fr.xephi.authme.security.crypts;
import fr.xephi.authme.ConsoleLogger; import fr.xephi.authme.ConsoleLogger;
import fr.xephi.authme.security.RandomString;
import fr.xephi.authme.security.crypts.description.HasSalt; import fr.xephi.authme.security.crypts.description.HasSalt;
import fr.xephi.authme.security.crypts.description.Recommendation; import fr.xephi.authme.security.crypts.description.Recommendation;
import fr.xephi.authme.security.crypts.description.SaltType; import fr.xephi.authme.security.crypts.description.SaltType;
import fr.xephi.authme.security.crypts.description.Usage; import fr.xephi.authme.security.crypts.description.Usage;
import fr.xephi.authme.util.StringUtils; import fr.xephi.authme.util.StringUtils;
import java.security.SecureRandom;
/**
* Implementation for IPB4 (Invision Power Board 4).
* <p>
* The hash uses standard BCrypt with 13 as log<sub>2</sub> number of rounds. Additionally,
* IPB4 requires that the salt be stored additionally in the column "members_pass_hash"
* (even though BCrypt hashes already have the salt in the result).
*/
@Recommendation(Usage.DOES_NOT_WORK) @Recommendation(Usage.DOES_NOT_WORK)
@HasSalt(value = SaltType.TEXT) @HasSalt(value = SaltType.TEXT, length = 22)
public class IPB4 implements EncryptionMethod { public class IPB4 implements EncryptionMethod {
private SecureRandom random = new SecureRandom();
@Override @Override
public String computeHash(String password, String salt, String name) { public String computeHash(String password, String salt, String name) {
@ -38,16 +43,7 @@ public class IPB4 implements EncryptionMethod {
@Override @Override
public String generateSalt() { public String generateSalt() {
StringBuilder sb = new StringBuilder(22); return RandomString.generateLowerUpper(22);
for (int i = 0; i < 22; i++) {
char chr;
do {
chr = (char) (random.nextInt((122 - 48) + 1) + 48);
}
while ((chr >= 58 && chr <= 64) || (chr >= 91 && chr <= 96));
sb.append(chr);
}
return sb.toString();
} }
@Override @Override

6
src/main/resources/config.yml
View File

@ -186,7 +186,7 @@ settings:
# Example unLoggedinGroup: NotLogged # Example unLoggedinGroup: NotLogged
unLoggedinGroup: unLoggedinGroup unLoggedinGroup: unLoggedinGroup
# possible values: MD5, SHA1, SHA256, WHIRLPOOL, XAUTH, MD5VB, PHPBB, # possible values: MD5, SHA1, SHA256, WHIRLPOOL, XAUTH, MD5VB, PHPBB,
# MYBB, IPB3, PHPFUSION, SMF, XENFORO, SALTED2MD5, JOOMLA, BCRYPT, WBB3, SHA512, # MYBB, IPB3, IPB4, PHPFUSION, SMF, XENFORO, SALTED2MD5, JOOMLA, BCRYPT, WBB3, SHA512,
# DOUBLEMD5, PBKDF2, PBKDF2DJANGO, WORDPRESS, ROYALAUTH, CUSTOM(for developpers only) # DOUBLEMD5, PBKDF2, PBKDF2DJANGO, WORDPRESS, ROYALAUTH, CUSTOM(for developpers only)
passwordHash: SHA256 passwordHash: SHA256
# salt length for the SALTED2MD5 MD5(MD5(password)+salt) # salt length for the SALTED2MD5 MD5(MD5(password)+salt)
@ -260,7 +260,7 @@ settings:
# If Xephi is registered, then Xephi can login, but not XEPHI/xephi/XePhI # If Xephi is registered, then Xephi can login, but not XEPHI/xephi/XePhI
preventOtherCase: false preventOtherCase: false
ExternalBoardOptions: ExternalBoardOptions:
# MySQL column for the salt , needed for some forum/cms support # MySQL column for the salt, needed for some forum/cms support
mySQLColumnSalt: '' mySQLColumnSalt: ''
# MySQL column for the group, needed for some forum/cms support # MySQL column for the group, needed for some forum/cms support
mySQLColumnGroup: '' mySQLColumnGroup: ''
@ -275,7 +275,7 @@ ExternalBoardOptions:
bCryptLog2Round: 10 bCryptLog2Round: 10
# phpBB prefix defined during phpbb installation process # phpBB prefix defined during phpbb installation process
phpbbTablePrefix: 'phpbb_' phpbbTablePrefix: 'phpbb_'
# phpBB activated group id , 2 is default registered group defined by phpbb # phpBB activated group id, 2 is default registered group defined by phpbb
phpbbActivatedGroupId: 2 phpbbActivatedGroupId: 2
# WordPress prefix defined during WordPress installation process # WordPress prefix defined during WordPress installation process
wordpressTablePrefix: 'wp_' wordpressTablePrefix: 'wp_'

16
src/test/java/fr/xephi/authme/security/RandomStringTest.java
View File

@ -44,6 +44,22 @@ public class RandomStringTest {
} }
} }
@Test
public void shouldGenerateRandomLowerUpperString() {
// given
int[] lengths = {0, 1, 17, 143, 1808};
Pattern badChars = Pattern.compile(".*[^0-9a-zA-Z].*");
// when / then
for (int length : lengths) {
String result = RandomString.generateHex(length);
assertThat("Result '" + result + "' should have length " + length,
result.length(), equalTo(length));
assertThat("Result '" + result + "' should only have characters a-z, A-Z, 0-9",
badChars.matcher(result).matches(), equalTo(false));
}
}
@Test(expected = IllegalArgumentException.class) @Test(expected = IllegalArgumentException.class)
public void shouldThrowForInvalidLength() { public void shouldThrowForInvalidLength() {
// given/when // given/when

5
src/test/java/fr/xephi/authme/security/crypts/IPB4Test.java
View File

@ -1,13 +1,18 @@
package fr.xephi.authme.security.crypts; package fr.xephi.authme.security.crypts;
import fr.xephi.authme.ConsoleLoggerTestInitializer;
import fr.xephi.authme.util.WrapperMock; import fr.xephi.authme.util.WrapperMock;
import org.junit.BeforeClass; import org.junit.BeforeClass;
/**
* Test for {@link IPB4}.
*/
public class IPB4Test extends AbstractEncryptionMethodTest { public class IPB4Test extends AbstractEncryptionMethodTest {
@BeforeClass @BeforeClass
public static void setUpSettings() { public static void setUpSettings() {
WrapperMock.createInstance(); WrapperMock.createInstance();
ConsoleLoggerTestInitializer.setupLogger();
} }
public IPB4Test() { public IPB4Test() {