#472 Recovery code: allow to configure length, expiration and email

This commit is contained in:
ljacqu 2016-09-10 16:39:35 +02:00
parent c5f5c0d2fd
commit bff344ba8f
12 changed files with 117 additions and 60 deletions

View File

@ -11,13 +11,14 @@ import java.util.Iterator;
import java.util.Map; import java.util.Map;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
import static fr.xephi.authme.util.Utils.MILLIS_PER_MINUTE;
/** /**
* Manages sessions, allowing players to be automatically logged in if they join again * Manages sessions, allowing players to be automatically logged in if they join again
* within a configurable amount of time. * within a configurable amount of time.
*/ */
public class SessionManager implements SettingsDependent, HasCleanup { public class SessionManager implements SettingsDependent, HasCleanup {
private static final int MINUTE_IN_MILLIS = 60_000;
// Player -> expiration of session in milliseconds // Player -> expiration of session in milliseconds
private final Map<String, Long> sessions = new ConcurrentHashMap<>(); private final Map<String, Long> sessions = new ConcurrentHashMap<>();
@ -52,7 +53,7 @@ public class SessionManager implements SettingsDependent, HasCleanup {
*/ */
public void addSession(String name) { public void addSession(String name) {
if (enabled) { if (enabled) {
long timeout = System.currentTimeMillis() + timeoutInMinutes * MINUTE_IN_MILLIS; long timeout = System.currentTimeMillis() + timeoutInMinutes * MILLIS_PER_MINUTE;
sessions.put(name.toLowerCase(), timeout); sessions.put(name.toLowerCase(), timeout);
} }
} }

View File

@ -18,14 +18,13 @@ import java.util.Map;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
import static fr.xephi.authme.settings.properties.SecuritySettings.TEMPBAN_MINUTES_BEFORE_RESET; import static fr.xephi.authme.settings.properties.SecuritySettings.TEMPBAN_MINUTES_BEFORE_RESET;
import static fr.xephi.authme.util.Utils.MILLIS_PER_MINUTE;
/** /**
* Manager for handling temporary bans. * Manager for handling temporary bans.
*/ */
public class TempbanManager implements SettingsDependent, HasCleanup { public class TempbanManager implements SettingsDependent, HasCleanup {
private static final long MINUTE_IN_MILLISECONDS = 60_000;
private final Map<String, Map<String, TimedCounter>> ipLoginFailureCounts; private final Map<String, Map<String, TimedCounter>> ipLoginFailureCounts;
private final BukkitService bukkitService; private final BukkitService bukkitService;
private final Messages messages; private final Messages messages;
@ -113,7 +112,7 @@ public class TempbanManager implements SettingsDependent, HasCleanup {
final String reason = messages.retrieveSingle(MessageKey.TEMPBAN_MAX_LOGINS); final String reason = messages.retrieveSingle(MessageKey.TEMPBAN_MAX_LOGINS);
final Date expires = new Date(); final Date expires = new Date();
long newTime = expires.getTime() + (length * MINUTE_IN_MILLISECONDS); long newTime = expires.getTime() + (length * MILLIS_PER_MINUTE);
expires.setTime(newTime); expires.setTime(newTime);
bukkitService.scheduleSyncDelayedTask(new Runnable() { bukkitService.scheduleSyncDelayedTask(new Runnable() {
@ -133,7 +132,7 @@ public class TempbanManager implements SettingsDependent, HasCleanup {
this.isEnabled = settings.getProperty(SecuritySettings.TEMPBAN_ON_MAX_LOGINS); this.isEnabled = settings.getProperty(SecuritySettings.TEMPBAN_ON_MAX_LOGINS);
this.threshold = settings.getProperty(SecuritySettings.MAX_LOGIN_TEMPBAN); this.threshold = settings.getProperty(SecuritySettings.MAX_LOGIN_TEMPBAN);
this.length = settings.getProperty(SecuritySettings.TEMPBAN_LENGTH); this.length = settings.getProperty(SecuritySettings.TEMPBAN_LENGTH);
this.resetThreshold = settings.getProperty(TEMPBAN_MINUTES_BEFORE_RESET) * MINUTE_IN_MILLISECONDS; this.resetThreshold = settings.getProperty(TEMPBAN_MINUTES_BEFORE_RESET) * MILLIS_PER_MINUTE;
} }
@Override @Override

View File

@ -13,13 +13,16 @@ public class EmailRecoveryData {
* *
* @param email the email address * @param email the email address
* @param recoveryCode the recovery code, or null if not available * @param recoveryCode the recovery code, or null if not available
* @param codeExpiration * @param codeExpiration expiration timestamp of the recovery code
*/ */
public EmailRecoveryData(String email, String recoveryCode, Long codeExpiration) { public EmailRecoveryData(String email, String recoveryCode, Long codeExpiration) {
this.email = email; this.email = email;
this.recoveryCode = codeExpiration == null || System.currentTimeMillis() > codeExpiration
? null if (codeExpiration == null || System.currentTimeMillis() > codeExpiration) {
: recoveryCode; this.recoveryCode = null;
} else {
this.recoveryCode = recoveryCode;
}
} }
/** /**

View File

@ -17,6 +17,10 @@ import org.bukkit.entity.Player;
import javax.inject.Inject; import javax.inject.Inject;
import java.util.List; import java.util.List;
import static fr.xephi.authme.settings.properties.SecuritySettings.RECOVERY_CODE_HOURS_VALID;
import static fr.xephi.authme.settings.properties.SecuritySettings.RECOVERY_CODE_LENGTH;
import static fr.xephi.authme.util.Utils.MILLIS_PER_HOUR;
/** /**
* Command for password recovery by email. * Command for password recovery by email.
*/ */
@ -74,11 +78,12 @@ public class RecoverEmailCommand extends PlayerCommand {
} }
private void createAndSendRecoveryCode(String name, EmailRecoveryData recoveryData) { private void createAndSendRecoveryCode(String name, EmailRecoveryData recoveryData) {
// TODO #472: Add configurations String recoveryCode = RandomString.generateHex(commandService.getProperty(RECOVERY_CODE_LENGTH));
String recoveryCode = RandomString.generateHex(8); long expiration = System.currentTimeMillis()
long expiration = System.currentTimeMillis() + (3 * 60 * 60_000L); // 3 hours + commandService.getProperty(RECOVERY_CODE_HOURS_VALID) * MILLIS_PER_HOUR;
dataSource.setRecoveryCode(name, recoveryCode, expiration); dataSource.setRecoveryCode(name, recoveryCode, expiration);
sendMailSsl.sendRecoveryCode(recoveryData.getEmail(), recoveryCode); sendMailSsl.sendRecoveryCode(name, recoveryData.getEmail(), recoveryCode);
} }
private void processRecoveryCode(Player player, String code, EmailRecoveryData recoveryData) { private void processRecoveryCode(Player player, String code, EmailRecoveryData recoveryData) {

View File

@ -4,6 +4,7 @@ import fr.xephi.authme.AuthMe;
import fr.xephi.authme.ConsoleLogger; import fr.xephi.authme.ConsoleLogger;
import fr.xephi.authme.settings.Settings; import fr.xephi.authme.settings.Settings;
import fr.xephi.authme.settings.properties.EmailSettings; import fr.xephi.authme.settings.properties.EmailSettings;
import fr.xephi.authme.settings.properties.SecuritySettings;
import fr.xephi.authme.util.BukkitService; import fr.xephi.authme.util.BukkitService;
import fr.xephi.authme.util.StringUtils; import fr.xephi.authme.util.StringUtils;
import org.apache.commons.mail.EmailConstants; import org.apache.commons.mail.EmailConstants;
@ -62,7 +63,7 @@ public class SendMailSSL {
return; return;
} }
final String mailText = replaceMailTags(settings.getEmailMessage(), name, newPass); final String mailText = replaceTagsForPasswordMail(settings.getPasswordEmailMessage(), name, newPass);
bukkitService.runTaskAsynchronously(new Runnable() { bukkitService.runTaskAsynchronously(new Runnable() {
@Override @Override
@ -97,9 +98,9 @@ public class SendMailSSL {
}); });
} }
public void sendRecoveryCode(String email, String code) { public void sendRecoveryCode(String name, String email, String code) {
// TODO #472: Create a configurable, more verbose message String message = replaceTagsForRecoveryCodeMail(settings.getRecoveryCodeEmailMessage(),
String message = String.format("Use /email recovery %s %s to reset your password", email, code); name, code, settings.getProperty(SecuritySettings.RECOVERY_CODE_HOURS_VALID));
HtmlEmail htmlEmail; HtmlEmail htmlEmail;
try { try {
@ -163,13 +164,21 @@ public class SendMailSSL {
} }
} }
private String replaceMailTags(String mailText, String name, String newPass) { private String replaceTagsForPasswordMail(String mailText, String name, String newPass) {
return mailText return mailText
.replace("<playername />", name) .replace("<playername />", name)
.replace("<servername />", plugin.getServer().getServerName()) .replace("<servername />", plugin.getServer().getServerName())
.replace("<generatedpass />", newPass); .replace("<generatedpass />", newPass);
} }
private String replaceTagsForRecoveryCodeMail(String mailText, String name, String code, int hoursValid) {
return mailText
.replace("<playername />", name)
.replace("<servername />", plugin.getServer().getServerName())
.replace("<recoverycode />", code)
.replace("<hoursvalid />", String.valueOf(hoursValid));
}
private void setPropertiesForPort(HtmlEmail email, int port) throws EmailException { private void setPropertiesForPort(HtmlEmail email, int port) throws EmailException {
switch (port) { switch (port) {
case 587: case 587:

View File

@ -4,16 +4,14 @@ import com.github.authme.configme.SettingsManager;
import com.github.authme.configme.knownproperties.PropertyEntry; import com.github.authme.configme.knownproperties.PropertyEntry;
import com.github.authme.configme.migration.MigrationService; import com.github.authme.configme.migration.MigrationService;
import com.github.authme.configme.resource.PropertyResource; import com.github.authme.configme.resource.PropertyResource;
import com.google.common.base.Charsets;
import com.google.common.io.Files; import com.google.common.io.Files;
import fr.xephi.authme.ConsoleLogger; import fr.xephi.authme.ConsoleLogger;
import fr.xephi.authme.settings.properties.PluginSettings; import fr.xephi.authme.settings.properties.PluginSettings;
import fr.xephi.authme.settings.properties.RegistrationSettings;
import fr.xephi.authme.util.StringUtils; import fr.xephi.authme.util.StringUtils;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.List; import java.util.List;
import static fr.xephi.authme.util.FileUtils.copyFileFromResource; import static fr.xephi.authme.util.FileUtils.copyFileFromResource;
@ -26,8 +24,9 @@ public class Settings extends SettingsManager {
private final File pluginFolder; private final File pluginFolder;
/** The file with the localized messages based on {@link PluginSettings#MESSAGES_LANGUAGE}. */ /** The file with the localized messages based on {@link PluginSettings#MESSAGES_LANGUAGE}. */
private File messagesFile; private File messagesFile;
private List<String> welcomeMessage; private String[] welcomeMessage;
private String emailMessage; private String passwordEmailMessage;
private String recoveryCodeEmailMessage;
/** /**
* Constructor. * Constructor.
@ -67,8 +66,17 @@ public class Settings extends SettingsManager {
* *
* @return The email message * @return The email message
*/ */
public String getEmailMessage() { public String getPasswordEmailMessage() {
return emailMessage; return passwordEmailMessage;
}
/**
* Return the text to use when someone requests to receive a recovery code.
*
* @return The email message
*/
public String getRecoveryCodeEmailMessage() {
return recoveryCodeEmailMessage;
} }
/** /**
@ -76,14 +84,15 @@ public class Settings extends SettingsManager {
* *
* @return The welcome message * @return The welcome message
*/ */
public List<String> getWelcomeMessage() { public String[] getWelcomeMessage() {
return welcomeMessage; return welcomeMessage;
} }
private void loadSettingsFromFiles() { private void loadSettingsFromFiles() {
messagesFile = buildMessagesFile(); messagesFile = buildMessagesFile();
welcomeMessage = readWelcomeMessage(); passwordEmailMessage = readFile("email.html");
emailMessage = readEmailMessage(); recoveryCodeEmailMessage = readFile("recovery_code_email.html");
welcomeMessage = readFile("welcome.txt").split("\n");
} }
@Override @Override
@ -114,30 +123,22 @@ public class Settings extends SettingsManager {
return StringUtils.makePath("messages", "messages_" + language + ".yml"); return StringUtils.makePath("messages", "messages_" + language + ".yml");
} }
private List<String> readWelcomeMessage() { /**
if (getProperty(RegistrationSettings.USE_WELCOME_MESSAGE)) { * Reads a file from the plugin folder or copies it from the JAR to the plugin folder.
final File welcomeFile = new File(pluginFolder, "welcome.txt"); *
final Charset charset = Charset.forName("UTF-8"); * @param filename the file to read
if (copyFileFromResource(welcomeFile, "welcome.txt")) { * @return the file's contents
try { */
return Files.readLines(welcomeFile, charset); private String readFile(String filename) {
} catch (IOException e) { final File file = new File(pluginFolder, filename);
ConsoleLogger.logException("Failed to read file '" + welcomeFile.getPath() + "':", e); if (copyFileFromResource(file, filename)) {
}
}
}
return new ArrayList<>(0);
}
private String readEmailMessage() {
final File emailFile = new File(pluginFolder, "email.html");
final Charset charset = Charset.forName("UTF-8");
if (copyFileFromResource(emailFile, "email.html")) {
try { try {
return Files.toString(emailFile, charset); return Files.toString(file, Charsets.UTF_8);
} catch (IOException e) { } catch (IOException e) {
ConsoleLogger.logException("Failed to read file '" + emailFile.getPath() + "':", e); ConsoleLogger.logException("Failed to read file '" + filename + "':", e);
} }
} else {
ConsoleLogger.warning("Failed to copy file '" + filename + "' from JAR");
} }
return ""; return "";
} }

View File

@ -109,6 +109,14 @@ public class SecuritySettings implements SettingsHolder {
public static final Property<Integer> TEMPBAN_MINUTES_BEFORE_RESET = public static final Property<Integer> TEMPBAN_MINUTES_BEFORE_RESET =
newProperty("Security.tempban.minutesBeforeCounterReset", 480); newProperty("Security.tempban.minutesBeforeCounterReset", 480);
@Comment("Number of characters a recovery code should have")
public static final Property<Integer> RECOVERY_CODE_LENGTH =
newProperty("Security.recoveryCode.length", 8);
@Comment("How many hours is a recovery code valid for?")
public static final Property<Integer> RECOVERY_CODE_HOURS_VALID =
newProperty("Security.recoveryCode.validForHours", 4);
private SecuritySettings() { private SecuritySettings() {
} }

View File

@ -11,6 +11,11 @@ import java.util.regex.Pattern;
*/ */
public final class Utils { public final class Utils {
/** Number of milliseconds in a minute. */
public static final long MILLIS_PER_MINUTE = 60_000L;
/** Number of milliseconds in an hour. */
public static final long MILLIS_PER_HOUR = 60 * MILLIS_PER_MINUTE;
private Utils() { private Utils() {
} }

View File

@ -342,6 +342,11 @@ Security:
# How many minutes before resetting the count for failed logins by IP and username # How many minutes before resetting the count for failed logins by IP and username
# Default: 480 minutes (8 hours) # Default: 480 minutes (8 hours)
minutesBeforeCounterReset: 480 minutesBeforeCounterReset: 480
recoveryCode:
# Number of characters a recovery code should have
length: 8
# How many hours is a recovery code valid for?
validForHours: 4
Converter: Converter:
Rakamak: Rakamak:
# Rakamak file name # Rakamak file name

View File

@ -0,0 +1,9 @@
<h1>Dear <playername />,</h1>
<p>
You have requested to reset your password on <servername />. To reset it,
please use the recovery code <recoverycode />: /email recover [email] <recoverycode />.
</p>
<p>
The code expires in <hoursvalid /> hours.
</p>

View File

@ -10,6 +10,7 @@ import fr.xephi.authme.output.MessageKey;
import fr.xephi.authme.security.PasswordSecurity; import fr.xephi.authme.security.PasswordSecurity;
import fr.xephi.authme.security.crypts.HashedPassword; import fr.xephi.authme.security.crypts.HashedPassword;
import fr.xephi.authme.settings.properties.EmailSettings; import fr.xephi.authme.settings.properties.EmailSettings;
import fr.xephi.authme.settings.properties.SecuritySettings;
import org.bukkit.entity.Player; import org.bukkit.entity.Player;
import org.junit.BeforeClass; import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
@ -23,11 +24,14 @@ import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import static fr.xephi.authme.AuthMeMatchers.stringWithLength; import static fr.xephi.authme.AuthMeMatchers.stringWithLength;
import static fr.xephi.authme.util.Utils.MILLIS_PER_HOUR;
import static org.hamcrest.Matchers.allOf;
import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.lessThan;
import static org.junit.Assert.assertThat; import static org.junit.Assert.assertThat;
import static org.mockito.BDDMockito.given; import static org.mockito.BDDMockito.given;
import static org.mockito.Matchers.any; import static org.mockito.Matchers.any;
import static org.mockito.Matchers.anyLong;
import static org.mockito.Matchers.anyString; import static org.mockito.Matchers.anyString;
import static org.mockito.Matchers.argThat; import static org.mockito.Matchers.argThat;
import static org.mockito.Matchers.eq; import static org.mockito.Matchers.eq;
@ -170,6 +174,10 @@ public class RecoverEmailCommandTest {
given(playerCache.isAuthenticated(name)).willReturn(false); given(playerCache.isAuthenticated(name)).willReturn(false);
String email = "v@example.com"; String email = "v@example.com";
given(dataSource.getEmailRecoveryData(name)).willReturn(newEmailRecoveryData(email)); given(dataSource.getEmailRecoveryData(name)).willReturn(newEmailRecoveryData(email));
int codeLength = 7;
given(commandService.getProperty(SecuritySettings.RECOVERY_CODE_LENGTH)).willReturn(codeLength);
int hoursValid = 12;
given(commandService.getProperty(SecuritySettings.RECOVERY_CODE_HOURS_VALID)).willReturn(hoursValid);
// when // when
command.executeCommand(sender, Collections.singletonList(email.toUpperCase())); command.executeCommand(sender, Collections.singletonList(email.toUpperCase()));
@ -178,9 +186,13 @@ public class RecoverEmailCommandTest {
verify(sendMailSsl).hasAllInformation(); verify(sendMailSsl).hasAllInformation();
verify(dataSource).getEmailRecoveryData(name); verify(dataSource).getEmailRecoveryData(name);
ArgumentCaptor<String> codeCaptor = ArgumentCaptor.forClass(String.class); ArgumentCaptor<String> codeCaptor = ArgumentCaptor.forClass(String.class);
verify(dataSource).setRecoveryCode(eq(name), codeCaptor.capture(), anyLong()); ArgumentCaptor<Long> expirationCaptor = ArgumentCaptor.forClass(Long.class);
assertThat(codeCaptor.getValue(), stringWithLength(8)); verify(dataSource).setRecoveryCode(eq(name), codeCaptor.capture(), expirationCaptor.capture());
verify(sendMailSsl).sendRecoveryCode(email, codeCaptor.getValue()); assertThat(codeCaptor.getValue(), stringWithLength(codeLength));
// Check expiration with a tolerance
assertThat(expirationCaptor.getValue() - System.currentTimeMillis(),
allOf(lessThan(12L * MILLIS_PER_HOUR), greaterThan((long) (11.9 * MILLIS_PER_HOUR))));
verify(sendMailSsl).sendRecoveryCode(name, email, codeCaptor.getValue());
} }
@Test @Test

View File

@ -23,9 +23,10 @@ import java.util.List;
import static fr.xephi.authme.settings.properties.PluginSettings.MESSAGES_LANGUAGE; import static fr.xephi.authme.settings.properties.PluginSettings.MESSAGES_LANGUAGE;
import static fr.xephi.authme.util.StringUtils.makePath; import static fr.xephi.authme.util.StringUtils.makePath;
import static org.hamcrest.Matchers.arrayContaining;
import static org.hamcrest.Matchers.arrayWithSize;
import static org.hamcrest.Matchers.endsWith; import static org.hamcrest.Matchers.endsWith;
import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.not; import static org.hamcrest.Matchers.not;
import static org.hamcrest.Matchers.nullValue; import static org.hamcrest.Matchers.nullValue;
import static org.junit.Assert.assertThat; import static org.junit.Assert.assertThat;
@ -127,12 +128,11 @@ public class SettingsTest {
TestSettingsMigrationServices.alwaysFulfilled(), knownProperties); TestSettingsMigrationServices.alwaysFulfilled(), knownProperties);
// when // when
List<String> result = settings.getWelcomeMessage(); String[] result = settings.getWelcomeMessage();
// then // then
assertThat(result, hasSize(2)); assertThat(result, arrayWithSize(2));
assertThat(result.get(0), equalTo(welcomeMessage.split("\\n")[0])); assertThat(result, arrayContaining(welcomeMessage.split("\\n")));
assertThat(result.get(1), equalTo(welcomeMessage.split("\\n")[1]));
} }
@Test @Test
@ -148,7 +148,7 @@ public class SettingsTest {
TestSettingsMigrationServices.alwaysFulfilled(), knownProperties); TestSettingsMigrationServices.alwaysFulfilled(), knownProperties);
// when // when
String result = settings.getEmailMessage(); String result = settings.getPasswordEmailMessage();
// then // then
assertThat(result, equalTo(emailMessage)); assertThat(result, equalTo(emailMessage));