#1141 Fix review remarks by @games647

- Use SHA512 to generate keys instead of default SHA1
- Declare google authenticator dependency as optional and add relocation rule

pom.xml

@@ -251,16 +251,8 @@
                             <shadedPattern>fr.xephi.authme.libs.com.google</shadedPattern>
                         </relocation>
                         <relocation>
-                            <pattern>ch.jalu.injector</pattern>
-                            <shadedPattern>fr.xephi.authme.libs.jalu.injector</shadedPattern>
-                        </relocation>
-                        <relocation>
-                            <pattern>ch.jalu.configme</pattern>
-                            <shadedPattern>fr.xephi.authme.libs.ch.jalu.configme</shadedPattern>
-                        </relocation>
-                        <relocation>
-                            <pattern>ch.jalu.datasourcecolumns</pattern>
-                            <shadedPattern>fr.xephi.authme.libs.ch.jalu.datasourcecolumns</shadedPattern>
+                            <pattern>ch.jalu</pattern>
+                            <shadedPattern>fr.xephi.authme.libs.ch.jalu</shadedPattern>
                         </relocation>
                         <relocation>
                             <pattern>com.zaxxer.hikari</pattern>
@@ -290,6 +282,10 @@
                             <pattern>de.mkammerer</pattern>
                             <shadedPattern>fr.xephi.authme.libs.de.mkammerer</shadedPattern>
                         </relocation>
+                        <relocation>
+                            <pattern>com.warrenstrange</pattern>
+                            <shadedPattern>fr.xephi.authme.libs.com.warrenstrange</shadedPattern>
+                        </relocation>
                         <relocation>
                             <pattern>javax.inject</pattern>
                             <shadedPattern>fr.xephi.authme.libs.javax.inject</shadedPattern>
@@ -482,6 +478,7 @@
             <groupId>com.warrenstrange</groupId>
             <artifactId>googleauth</artifactId>
             <version>1.1.2</version>
+            <optional>true</optional>
         </dependency>
 
         <!-- Spigot API, http://www.spigotmc.org/ -->

src/main/java/fr/xephi/authme/message/MessageKey.java

@@ -197,7 +197,7 @@ public enum MessageKey {
     /** Your secret code is %code. You can scan it from here %url */
     TWO_FACTOR_CREATE("two_factor.code_created", "%code", "%url"),
 
-    /** Please submit your two-factor authentication code with /2fa code &ltcode>. */
+    /** Please submit your two-factor authentication code with /2fa code <code>. */
     TWO_FACTOR_CODE_REQUIRED("two_factor.code_required"),
 
     /** Two-factor authentication is already enabled for your account! */

src/main/java/fr/xephi/authme/security/totp/TotpAuthenticator.java

@@ -1,9 +1,11 @@
 package fr.xephi.authme.security.totp;
 
-import com.google.common.annotations.VisibleForTesting;
 import com.warrenstrange.googleauth.GoogleAuthenticator;
+import com.warrenstrange.googleauth.GoogleAuthenticatorConfig;
+import com.warrenstrange.googleauth.GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder;
 import com.warrenstrange.googleauth.GoogleAuthenticatorKey;
 import com.warrenstrange.googleauth.GoogleAuthenticatorQRGenerator;
+import com.warrenstrange.googleauth.HmacHashFunction;
 import com.warrenstrange.googleauth.IGoogleAuthenticator;
 import fr.xephi.authme.service.BukkitService;
 import org.bukkit.entity.Player;
@@ -18,16 +20,20 @@ public class TotpAuthenticator {
     private final IGoogleAuthenticator authenticator;
     private final BukkitService bukkitService;
 
-
     @Inject
     TotpAuthenticator(BukkitService bukkitService) {
-        this(new GoogleAuthenticator(), bukkitService);
+        this.authenticator = createGoogleAuthenticator();
+        this.bukkitService = bukkitService;
     }
 
-    @VisibleForTesting
-    TotpAuthenticator(IGoogleAuthenticator authenticator, BukkitService bukkitService) {
-        this.authenticator = authenticator;
-        this.bukkitService = bukkitService;
+    /**
+     * @return new Google Authenticator instance
+     */
+    protected IGoogleAuthenticator createGoogleAuthenticator() {
+        GoogleAuthenticatorConfig config = new GoogleAuthenticatorConfigBuilder()
+            .setHmacHashFunction(HmacHashFunction.HmacSHA512)
+            .build();
+        return new GoogleAuthenticator(config);
     }
 
     /**

src/test/java/fr/xephi/authme/security/totp/TotpAuthenticatorTest.java

@@ -36,7 +36,7 @@ public class TotpAuthenticatorTest {
 
     @Before
     public void initializeTotpAuthenticator() {
-        totpAuthenticator = new TotpAuthenticator(googleAuthenticator, bukkitService);
+        totpAuthenticator = new TotpAuthenticatorTestImpl(bukkitService);
     }
 
     @Test
@@ -85,4 +85,16 @@ public class TotpAuthenticatorTest {
         assertThat(result, equalTo(false));
         verifyZeroInteractions(googleAuthenticator);
     }
+
+    private final class TotpAuthenticatorTestImpl extends TotpAuthenticator {
+
+        TotpAuthenticatorTestImpl(BukkitService bukkitService) {
+            super(bukkitService);
+        }
+
+        @Override
+        protected IGoogleAuthenticator createGoogleAuthenticator() {
+            return googleAuthenticator;
+        }
+    }
 }