use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.
the class MigrationService method changePlainTextToSha256.
/**
* Hash all passwords to Sha256 and updated the setting if the password hash is set to the deprecated PLAINTEXT.
*
* @param settings The settings instance
* @param dataSource The data source
* @param authmeSha256 Instance to the AuthMe Sha256 encryption method implementation
*/
public static void changePlainTextToSha256(Settings settings, DataSource dataSource, Sha256 authmeSha256) {
if (HashAlgorithm.PLAINTEXT == settings.getProperty(SecuritySettings.PASSWORD_HASH)) {
logger.warning("Your HashAlgorithm has been detected as plaintext and is now deprecated;" + " it will be changed and hashed now to the AuthMe default hashing method");
logger.warning("Don't stop your server; wait for the conversion to have been completed!");
List<PlayerAuth> allAuths = dataSource.getAllAuths();
for (PlayerAuth auth : allAuths) {
String hash = auth.getPassword().getHash();
if (hash.startsWith("$SHA$")) {
logger.warning("Skipping conversion for " + auth.getNickname() + "; detected SHA hash");
} else {
HashedPassword hashedPassword = authmeSha256.computeHash(hash, auth.getNickname());
auth.setPassword(hashedPassword);
dataSource.updatePassword(auth);
}
}
settings.setProperty(SecuritySettings.PASSWORD_HASH, HashAlgorithm.SHA256);
settings.save();
logger.info("Migrated " + allAuths.size() + " accounts from plaintext to SHA256");
}
}
use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.
the class AbstractPasswordRegisterExecutor method buildPlayerAuth.
@Override
public PlayerAuth buildPlayerAuth(P params) {
HashedPassword hashedPassword = passwordSecurity.computeHash(params.getPassword(), params.getPlayerName());
params.setHashedPassword(hashedPassword);
return createPlayerAuthObject(params);
}
use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.
the class AsyncChangePasswordTest method shouldUpdatePasswordOfOfflineUser.
@Test
public void shouldUpdatePasswordOfOfflineUser() {
// given
CommandSender sender = mock(CommandSender.class);
String player = "my_user12";
String password = "passPass";
given(playerCache.isAuthenticated(player)).willReturn(false);
given(dataSource.isAuthAvailable(player)).willReturn(true);
HashedPassword hashedPassword = mock(HashedPassword.class);
given(passwordSecurity.computeHash(password, player)).willReturn(hashedPassword);
given(dataSource.updatePassword(player, hashedPassword)).willReturn(true);
// when
asyncChangePassword.changePasswordAsAdmin(sender, player, password);
// then
verify(commonService).send(sender, MessageKey.PASSWORD_CHANGED_SUCCESS);
verify(passwordSecurity).computeHash(password, player);
verify(dataSource).updatePassword(player, hashedPassword);
}
use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.
the class PlayerAuthBuilderHelperTest method shouldConstructPlayerAuth.
@Test
public void shouldConstructPlayerAuth() {
// given
Player player = mock(Player.class);
given(player.getName()).willReturn("Noah");
String ip = "192.168.34.47";
TestHelper.mockPlayerIp(player, ip);
HashedPassword hashedPassword = new HashedPassword("myHash0001");
String email = "test@example.org";
// when
PlayerAuth auth = PlayerAuthBuilderHelper.createPlayerAuth(player, hashedPassword, email);
// then
assertThat(auth, hasAuthBasicData("noah", "Noah", email, null));
assertThat(auth.getRegistrationIp(), equalTo("192.168.34.47"));
assertThat(Math.abs(auth.getRegistrationDate() - System.currentTimeMillis()), lessThan(1000L));
assertThat(auth.getPassword(), equalToHash("myHash0001"));
}
use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.
the class PasswordSecurityTest method shouldSkipCheckIfMandatorySaltIsUnavailable.
@Test
public void shouldSkipCheckIfMandatorySaltIsUnavailable() {
// given
String password = "?topSecretPass\\";
String username = "someone12";
HashedPassword hashedPassword = new HashedPassword("~T!est#Hash");
given(method.hasSeparateSalt()).willReturn(true);
given(settings.getProperty(SecuritySettings.PASSWORD_HASH)).willReturn(HashAlgorithm.XAUTH);
passwordSecurity.reload();
// when
boolean result = passwordSecurity.comparePassword(password, hashedPassword, username);
// then
assertThat(result, equalTo(false));
verify(dataSource, never()).getAuth(anyString());
// Check that an event was fired twice: once on test setup, and once because we called reload()
verify(pluginManager, times(2)).callEvent(any(PasswordEncryptionEvent.class));
verify(method, never()).comparePassword(anyString(), any(HashedPassword.class), anyString());
}
Aggregations