Search in sources :

Example 21 with HashedPassword

use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.

the class MigrationService method changePlainTextToSha256.

/**
 * Hash all passwords to Sha256 and updated the setting if the password hash is set to the deprecated PLAINTEXT.
 *
 * @param settings The settings instance
 * @param dataSource The data source
 * @param authmeSha256 Instance to the AuthMe Sha256 encryption method implementation
 */
public static void changePlainTextToSha256(Settings settings, DataSource dataSource, Sha256 authmeSha256) {
    if (HashAlgorithm.PLAINTEXT == settings.getProperty(SecuritySettings.PASSWORD_HASH)) {
        logger.warning("Your HashAlgorithm has been detected as plaintext and is now deprecated;" + " it will be changed and hashed now to the AuthMe default hashing method");
        logger.warning("Don't stop your server; wait for the conversion to have been completed!");
        List<PlayerAuth> allAuths = dataSource.getAllAuths();
        for (PlayerAuth auth : allAuths) {
            String hash = auth.getPassword().getHash();
            if (hash.startsWith("$SHA$")) {
                logger.warning("Skipping conversion for " + auth.getNickname() + "; detected SHA hash");
            } else {
                HashedPassword hashedPassword = authmeSha256.computeHash(hash, auth.getNickname());
                auth.setPassword(hashedPassword);
                dataSource.updatePassword(auth);
            }
        }
        settings.setProperty(SecuritySettings.PASSWORD_HASH, HashAlgorithm.SHA256);
        settings.save();
        logger.info("Migrated " + allAuths.size() + " accounts from plaintext to SHA256");
    }
}
Also used : PlayerAuth(fr.xephi.authme.data.auth.PlayerAuth) HashedPassword(fr.xephi.authme.security.crypts.HashedPassword)

Example 22 with HashedPassword

use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.

the class AbstractPasswordRegisterExecutor method buildPlayerAuth.

@Override
public PlayerAuth buildPlayerAuth(P params) {
    HashedPassword hashedPassword = passwordSecurity.computeHash(params.getPassword(), params.getPlayerName());
    params.setHashedPassword(hashedPassword);
    return createPlayerAuthObject(params);
}
Also used : HashedPassword(fr.xephi.authme.security.crypts.HashedPassword)

Example 23 with HashedPassword

use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.

the class AsyncChangePasswordTest method shouldUpdatePasswordOfOfflineUser.

@Test
public void shouldUpdatePasswordOfOfflineUser() {
    // given
    CommandSender sender = mock(CommandSender.class);
    String player = "my_user12";
    String password = "passPass";
    given(playerCache.isAuthenticated(player)).willReturn(false);
    given(dataSource.isAuthAvailable(player)).willReturn(true);
    HashedPassword hashedPassword = mock(HashedPassword.class);
    given(passwordSecurity.computeHash(password, player)).willReturn(hashedPassword);
    given(dataSource.updatePassword(player, hashedPassword)).willReturn(true);
    // when
    asyncChangePassword.changePasswordAsAdmin(sender, player, password);
    // then
    verify(commonService).send(sender, MessageKey.PASSWORD_CHANGED_SUCCESS);
    verify(passwordSecurity).computeHash(password, player);
    verify(dataSource).updatePassword(player, hashedPassword);
}
Also used : CommandSender(org.bukkit.command.CommandSender) HashedPassword(fr.xephi.authme.security.crypts.HashedPassword) Test(org.junit.Test)

Example 24 with HashedPassword

use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.

the class PlayerAuthBuilderHelperTest method shouldConstructPlayerAuth.

@Test
public void shouldConstructPlayerAuth() {
    // given
    Player player = mock(Player.class);
    given(player.getName()).willReturn("Noah");
    String ip = "192.168.34.47";
    TestHelper.mockPlayerIp(player, ip);
    HashedPassword hashedPassword = new HashedPassword("myHash0001");
    String email = "test@example.org";
    // when
    PlayerAuth auth = PlayerAuthBuilderHelper.createPlayerAuth(player, hashedPassword, email);
    // then
    assertThat(auth, hasAuthBasicData("noah", "Noah", email, null));
    assertThat(auth.getRegistrationIp(), equalTo("192.168.34.47"));
    assertThat(Math.abs(auth.getRegistrationDate() - System.currentTimeMillis()), lessThan(1000L));
    assertThat(auth.getPassword(), equalToHash("myHash0001"));
}
Also used : Player(org.bukkit.entity.Player) PlayerAuth(fr.xephi.authme.data.auth.PlayerAuth) HashedPassword(fr.xephi.authme.security.crypts.HashedPassword) Test(org.junit.Test)

Example 25 with HashedPassword

use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.

the class PasswordSecurityTest method shouldSkipCheckIfMandatorySaltIsUnavailable.

@Test
public void shouldSkipCheckIfMandatorySaltIsUnavailable() {
    // given
    String password = "?topSecretPass\\";
    String username = "someone12";
    HashedPassword hashedPassword = new HashedPassword("~T!est#Hash");
    given(method.hasSeparateSalt()).willReturn(true);
    given(settings.getProperty(SecuritySettings.PASSWORD_HASH)).willReturn(HashAlgorithm.XAUTH);
    passwordSecurity.reload();
    // when
    boolean result = passwordSecurity.comparePassword(password, hashedPassword, username);
    // then
    assertThat(result, equalTo(false));
    verify(dataSource, never()).getAuth(anyString());
    // Check that an event was fired twice: once on test setup, and once because we called reload()
    verify(pluginManager, times(2)).callEvent(any(PasswordEncryptionEvent.class));
    verify(method, never()).comparePassword(anyString(), any(HashedPassword.class), anyString());
}
Also used : PasswordEncryptionEvent(fr.xephi.authme.events.PasswordEncryptionEvent) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) HashedPassword(fr.xephi.authme.security.crypts.HashedPassword) Test(org.junit.Test)

Aggregations

HashedPassword (fr.xephi.authme.security.crypts.HashedPassword)55 Test (org.junit.Test)35 PlayerAuth (fr.xephi.authme.data.auth.PlayerAuth)22 Player (org.bukkit.entity.Player)14 ValidationResult (fr.xephi.authme.service.ValidationService.ValidationResult)9 CommandSender (org.bukkit.command.CommandSender)9 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)6 PasswordEncryptionEvent (fr.xephi.authme.events.PasswordEncryptionEvent)5 PreparedStatement (java.sql.PreparedStatement)4 ResultSet (java.sql.ResultSet)3 SQLException (java.sql.SQLException)3 ValidationService (fr.xephi.authme.service.ValidationService)2 Connection (java.sql.Connection)2 PotionEffect (org.bukkit.potion.PotionEffect)2 AuthMeMatchers.hasAuthLocation (fr.xephi.authme.AuthMeMatchers.hasAuthLocation)1 EncryptionMethod (fr.xephi.authme.security.crypts.EncryptionMethod)1 Joomla (fr.xephi.authme.security.crypts.Joomla)1 BufferedReader (java.io.BufferedReader)1 File (java.io.File)1 FileReader (java.io.FileReader)1