Merge origin/master

README.md

@@ -2,18 +2,17 @@
 <p align="center"><strong>The most used authentication plugin for CraftBukkit/Spigot!</strong></p>
 <hr>
 
-####Development history:
-[![Gource AuthMe History Video](http://img.youtube.com/vi/hJRzNfYyd9k/hqdefault.jpg)](https://www.youtube.com/watch?v=hJRzNfYyd9k)
-
 #####Development tools:
 
 - DEVELOPMENT TEAM REPO (<strong>please send PRs here!</strong>): <a href="https://github.com/AuthMe-Team/AuthMeReloaded">Github Development Page</a>
 
 - Developers ChatRoom: [![Join the chat at https://gitter.im/Xephi/AuthMeReloaded](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/Xephi/AuthMeReloaded?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 
-- Build status: [![Build Status](https://travis-ci.org/Xephi/AuthMeReloaded.svg?branch=master)](https://travis-ci.org/Xephi/AuthMeReloaded) [![Dependency Status](https://www.versioneye.com/user/projects/55bab9e8653762002000190a/badge.svg?style=flat)](https://www.versioneye.com/user/projects/55bab9e8653762002000190a)
+- Build Server (<strong>DEVELOPMENT BUILDS</strong>): <a href="http://ci.xephi.fr/job/AuthMeReloaded">Xephi's Jenkins</a>
 
-- Build status (CircleCI): [![Circle CI](https://circleci.com/gh/Xephi/AuthMeReloaded.svg?style=svg)](https://circleci.com/gh/Xephi/AuthMeReloaded)
+- Build status: [![Build Status](https://travis-ci.org/AuthMe-Team/AuthMeReloaded.svg?branch=master)](https://travis-ci.org/AuthMe-Team/AuthMeReloaded) [![Dependency Status](https://www.versioneye.com/user/projects/55bab9e8653762002000190a/badge.svg?style=flat)](https://www.versioneye.com/user/projects/55bab9e8653762002000190a)
+
+- Build status (CircleCI): [![Circle CI](https://circleci.com/gh/AuthMe-Team/AuthMeReloaded.svg?style=svg)](https://circleci.com/gh/AuthMe-Team/AuthMeReloaded)
 - Alternative Dev Build download link (via CircleCi): <a href="https://circleci-tkn.rhcloud.com/api/v1/project/AuthMe-Team/AuthMeReloaded/tree/master/latest/artifacts/AuthMe.jar">Download</a>
 - JitPack (just in case): [![](https://jitpack.io/v/AuthMe-Team/AuthMeReloaded.svg)](https://jitpack.io/#AuthMe-Team/AuthMeReloaded)
 
@@ -21,9 +20,7 @@
 
 - Issue Tracking : [![Stories in Ready](https://badge.waffle.io/Xephi/AuthMeReloaded.png?label=ready&title=Ready)](https://waffle.io/Xephi/AuthMeReloaded) [![Stories in Bugs](https://badge.waffle.io/Xephi/AuthMeReloaded.png?label=bugs&title=Bugs)](https://waffle.io/Xephi/AuthMeReloaded) [![Stories in In%20Progress](https://badge.waffle.io/Xephi/AuthMeReloaded.png?label=in%20progress&title=In%20Progress)](https://waffle.io/Xephi/AuthMeReloaded)
 
-- Build Server (<strong>DEVELOPMENT BUILDS</strong>): <a href="http://ci.xephi.fr/job/AuthMeReloaded">Xephi's Jenkins</a>
-
-- JavaDocs: <a href="http://ci.xephi.fr/job/AuthMeReloaded/javadoc/">AuthMe Javadoc</a>
+- JavaDoc: <a href="http://ci.xephi.fr/job/AuthMeReloaded/javadoc/">AuthMe Javadoc</a>
 
 - Maven Repo: <a href="http://ci.xephi.fr/plugin/repository/everything/">AuthMe Repo</a>
 
@@ -37,6 +34,9 @@ McStats: http://mcstats.org/plugin/AuthMe
 
 <img src="http://i.mcstats.org/AuthMe/Version+Demographics.borderless.png">
 
+#####Development history:
+[![Gource AuthMe History Video](http://img.youtube.com/vi/hJRzNfYyd9k/hqdefault.jpg)](https://www.youtube.com/watch?v=hJRzNfYyd9k)
+
 <hr>
 
 #####Compiling Requirements:
@@ -84,6 +84,7 @@ typing commands or using the inventory. It can also kick players with uncommonly
     <li>Xenforo: XFBCRYPT</li>
     <li>MyBB: MYBB</li>
     <li>IPB3: IPB3</li>
+    <li>IPB4: IPB4</li>
     <li>PhpFusion: PHPFUSION</li>
     <li>Joomla: JOOMLA</li>
     <li>WBB3: WBB3*</li>

src/main/java/fr/xephi/authme/security/RandomString.java

@@ -8,18 +8,10 @@ import java.util.Random;
  */
 public final class RandomString {
 
-    private static final char[] chars = new char[36];
+    private static final String CHARS = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
     private static final Random RANDOM = new SecureRandom();
     private static final int HEX_MAX_INDEX = 16;
-
-    static {
-        for (int idx = 0; idx < 10; ++idx) {
-            chars[idx] = (char) ('0' + idx);
-        }
-        for (int idx = 10; idx < 36; ++idx) {
-            chars[idx] = (char) ('a' + idx - 10);
-        }
-    }
+    private static final int LOWER_ALPHANUMERIC_INDEX = 36;
 
     private RandomString() {
     }
@@ -31,7 +23,7 @@ public final class RandomString {
      * @return The random string
      */
     public static String generate(int length) {
-        return generate(length, chars.length);
+        return generate(length, LOWER_ALPHANUMERIC_INDEX);
     }
 
     /**
@@ -45,13 +37,24 @@ public final class RandomString {
         return generate(length, HEX_MAX_INDEX);
     }
 
+    /**
+     * Generate a random string with digits and lowercase and uppercase letters. The result of this
+     * method matches the pattern [0-9a-zA-Z].
+     *
+     * @param length The length of the random string to generate
+     * @return The random string
+     */
+    public static String generateLowerUpper(int length) {
+        return generate(length, CHARS.length());
+    }
+
     private static String generate(int length, int maxIndex) {
         if (length < 0) {
             throw new IllegalArgumentException("Length must be positive but was " + length);
         }
         StringBuilder sb = new StringBuilder(length);
         for (int i = 0; i < length; ++i) {
-            sb.append(chars[RANDOM.nextInt(maxIndex)]);
+            sb.append(CHARS.charAt(RANDOM.nextInt(maxIndex)));
         }
         return sb.toString();
     }

src/main/java/fr/xephi/authme/security/crypts/IPB4.java

@@ -1,19 +1,24 @@
 package fr.xephi.authme.security.crypts;
 
 import fr.xephi.authme.ConsoleLogger;
+import fr.xephi.authme.security.RandomString;
 import fr.xephi.authme.security.crypts.description.HasSalt;
 import fr.xephi.authme.security.crypts.description.Recommendation;
 import fr.xephi.authme.security.crypts.description.SaltType;
 import fr.xephi.authme.security.crypts.description.Usage;
 import fr.xephi.authme.util.StringUtils;
 
-import java.security.SecureRandom;
-
 
+/**
+ * Implementation for IPB4 (Invision Power Board 4).
+ * <p>
+ * The hash uses standard BCrypt with 13 as log<sub>2</sub> number of rounds. Additionally,
+ * IPB4 requires that the salt be stored additionally in the column "members_pass_hash"
+ * (even though BCrypt hashes already have the salt in the result).
+ */
 @Recommendation(Usage.DOES_NOT_WORK)
-@HasSalt(value = SaltType.TEXT)
+@HasSalt(value = SaltType.TEXT, length = 22)
 public class IPB4 implements EncryptionMethod {
-    private SecureRandom random = new SecureRandom();
 
     @Override
     public String computeHash(String password, String salt, String name) {
@@ -38,16 +43,7 @@ public class IPB4 implements EncryptionMethod {
 
     @Override
     public String generateSalt() {
-        StringBuilder sb = new StringBuilder(22);
-        for (int i = 0; i < 22; i++) {
-            char chr;
-            do {
-                chr = (char) (random.nextInt((122 - 48) + 1) + 48);
-            }
-            while ((chr >= 58 && chr <= 64) || (chr >= 91 && chr <= 96));
-            sb.append(chr);
-        }
-        return sb.toString();
+        return RandomString.generateLowerUpper(22);
     }
 
     @Override

src/main/resources/config.yml

@@ -186,7 +186,7 @@ settings:
         # Example unLoggedinGroup: NotLogged
         unLoggedinGroup: unLoggedinGroup
         # possible values: MD5, SHA1, SHA256, WHIRLPOOL, XAUTH, MD5VB, PHPBB,
-        # MYBB, IPB3, PHPFUSION, SMF, XENFORO, SALTED2MD5, JOOMLA, BCRYPT, WBB3, SHA512,
+        # MYBB, IPB3, IPB4, PHPFUSION, SMF, XENFORO, SALTED2MD5, JOOMLA, BCRYPT, WBB3, SHA512,
         # DOUBLEMD5, PBKDF2, PBKDF2DJANGO, WORDPRESS, ROYALAUTH, CUSTOM(for developpers only)
         passwordHash: SHA256
         # salt length for the SALTED2MD5 MD5(MD5(password)+salt)

src/test/java/fr/xephi/authme/security/RandomStringTest.java

@@ -44,6 +44,22 @@ public class RandomStringTest {
         }
     }
 
+    @Test
+    public void shouldGenerateRandomLowerUpperString() {
+        // given
+        int[] lengths = {0, 1, 17, 143, 1808};
+        Pattern badChars = Pattern.compile(".*[^0-9a-zA-Z].*");
+
+        // when / then
+        for (int length : lengths) {
+            String result = RandomString.generateHex(length);
+            assertThat("Result '" + result + "' should have length " + length,
+                result.length(), equalTo(length));
+            assertThat("Result '" + result + "' should only have characters a-z, A-Z, 0-9",
+                badChars.matcher(result).matches(), equalTo(false));
+        }
+    }
+
     @Test(expected = IllegalArgumentException.class)
     public void shouldThrowForInvalidLength() {
         // given/when

src/test/java/fr/xephi/authme/security/crypts/IPB4Test.java

@@ -1,13 +1,18 @@
 package fr.xephi.authme.security.crypts;
 
+import fr.xephi.authme.ConsoleLoggerTestInitializer;
 import fr.xephi.authme.util.WrapperMock;
 import org.junit.BeforeClass;
 
+/**
+ * Test for {@link IPB4}.
+ */
 public class IPB4Test extends AbstractEncryptionMethodTest {
 
     @BeforeClass
     public static void setUpSettings() {
         WrapperMock.createInstance();
+        ConsoleLoggerTestInitializer.setupLogger();
     }
 
     public IPB4Test() {