mirror of
https://github.com/correl/mage.git
synced 2024-12-25 11:11:16 +00:00
Merge pull request #1456 from menocar/password
Skip password authentication when it's not activated by the server config.
This commit is contained in:
commit
23d47be04c
7 changed files with 72 additions and 36 deletions
|
@ -346,10 +346,7 @@ public class ConnectDialog extends MageDialog {
|
|||
JOptionPane.showMessageDialog(rootPane, "Please provide a user name");
|
||||
return;
|
||||
}
|
||||
if (txtPassword.getText().isEmpty()) {
|
||||
JOptionPane.showMessageDialog(rootPane, "Please provide a password");
|
||||
return;
|
||||
}
|
||||
// txtPassword is not checked here, because authentication might be disabled by the server config.
|
||||
if (Integer.valueOf(txtPort.getText()) < 1 || Integer.valueOf(txtPort.getText()) > 65535) {
|
||||
JOptionPane.showMessageDialog(rootPane, "Invalid port number");
|
||||
txtPort.setText(MageFrame.getPreferences().get("serverPort", Integer.toString(Config.port)));
|
||||
|
|
|
@ -32,7 +32,9 @@
|
|||
maxSecondsIdle="600"
|
||||
minUserNameLength="3"
|
||||
maxUserNameLength="14"
|
||||
userNamePattern="[^a-z0-9_]"
|
||||
invalidUserNamePattern="[^a-z0-9_]"
|
||||
minPasswordLength="8"
|
||||
maxPasswordLength="100"
|
||||
maxAiOpponents="15"
|
||||
saveGameActivated="false"
|
||||
authenticationActivated="false"
|
||||
|
|
|
@ -63,6 +63,10 @@ public class GmailClient {
|
|||
}
|
||||
|
||||
public static boolean sendMessage(String email, String subject, String text) {
|
||||
if (email.length() == 0) {
|
||||
logger.info("Email is not sent because the address is empty");
|
||||
return false;
|
||||
}
|
||||
try {
|
||||
Gmail gmail = new Builder(httpTransport, JSON_FACTORY, credential).setApplicationName("XMage Server").build();
|
||||
|
||||
|
|
|
@ -55,6 +55,10 @@ import org.jboss.remoting.callback.InvokerCallbackHandler;
|
|||
public class Session {
|
||||
|
||||
private static final Logger logger = Logger.getLogger(Session.class);
|
||||
private static Pattern invalidUserNamePattern =
|
||||
Pattern.compile(ConfigSettings.getInstance().getInvalidUserNamePattern(), Pattern.CASE_INSENSITIVE);
|
||||
private static Pattern alphabetsPattern = Pattern.compile("[a-zA-Z]");
|
||||
private static Pattern digitsPattern = Pattern.compile("[0-9]");
|
||||
|
||||
private final String sessionId;
|
||||
private UUID userId;
|
||||
|
@ -75,13 +79,18 @@ public class Session {
|
|||
}
|
||||
|
||||
public String registerUser(String userName, String password, String email) throws MageException {
|
||||
if (!ConfigSettings.getInstance().isAuthenticationActivated()) {
|
||||
String returnMessage = "Registration is disabled by the server config";
|
||||
sendErrorMessageToClient(returnMessage);
|
||||
return returnMessage;
|
||||
}
|
||||
synchronized(AuthorizedUserRepository.instance) {
|
||||
String returnMessage = validateUserName(userName);
|
||||
if (returnMessage != null) {
|
||||
sendErrorMessageToClient(returnMessage);
|
||||
return returnMessage;
|
||||
}
|
||||
returnMessage = validatePassword(password);
|
||||
returnMessage = validatePassword(password, userName);
|
||||
if (returnMessage != null) {
|
||||
sendErrorMessageToClient(returnMessage);
|
||||
return returnMessage;
|
||||
|
@ -101,14 +110,14 @@ public class Session {
|
|||
if (userName.equals("Admin")) {
|
||||
return "User name Admin already in use";
|
||||
}
|
||||
if (userName.length() > ConfigSettings.getInstance().getMaxUserNameLength()) {
|
||||
return "User name may not be longer than " + ConfigSettings.getInstance().getMaxUserNameLength() + " characters";
|
||||
ConfigSettings config = ConfigSettings.getInstance();
|
||||
if (userName.length() < config.getMinUserNameLength()) {
|
||||
return "User name may not be shorter than " + config.getMinUserNameLength() + " characters";
|
||||
}
|
||||
if (userName.length() < ConfigSettings.getInstance().getMinUserNameLength()) {
|
||||
return "User name may not be shorter than " + ConfigSettings.getInstance().getMinUserNameLength() + " characters";
|
||||
if (userName.length() > config.getMaxUserNameLength()) {
|
||||
return "User name may not be longer than " + config.getMaxUserNameLength() + " characters";
|
||||
}
|
||||
Pattern p = Pattern.compile(ConfigSettings.getInstance().getUserNamePattern(), Pattern.CASE_INSENSITIVE);
|
||||
Matcher m = p.matcher(userName);
|
||||
Matcher m = invalidUserNamePattern.matcher(userName);
|
||||
if (m.find()) {
|
||||
return "User name '" + userName + "' includes not allowed characters: use a-z, A-Z and 0-9";
|
||||
}
|
||||
|
@ -119,9 +128,21 @@ public class Session {
|
|||
return null;
|
||||
}
|
||||
|
||||
static private String validatePassword(String password) {
|
||||
if (password.length() == 0) {
|
||||
return "Password needs to be non-empty";
|
||||
static private String validatePassword(String password, String userName) {
|
||||
ConfigSettings config = ConfigSettings.getInstance();
|
||||
if (password.length() < config.getMinPasswordLength()) {
|
||||
return "Password may not be shorter than " + config.getMinPasswordLength() + " characters";
|
||||
}
|
||||
if (password.length() > config.getMaxPasswordLength()) {
|
||||
return "Password may not be longer than " + config.getMaxPasswordLength() + " characters";
|
||||
}
|
||||
if (password.equals(userName)) {
|
||||
return "Password may not be the same as your username";
|
||||
}
|
||||
Matcher alphabetsMatcher = alphabetsPattern.matcher(password);
|
||||
Matcher digitsMatcher = digitsPattern.matcher(password);
|
||||
if (!alphabetsMatcher.find() || !digitsMatcher.find()) {
|
||||
return "Password has to include at least one alphabet (a-zA-Z) and also at least one digit (0-9)";
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
@ -140,9 +161,12 @@ public class Session {
|
|||
|
||||
public String connectUserHandling(String userName, String password) throws MageException {
|
||||
this.isAdmin = false;
|
||||
AuthorizedUser authorizedUser = AuthorizedUserRepository.instance.get(userName);
|
||||
if (authorizedUser == null || !authorizedUser.doCredentialsMatch(userName, password)) {
|
||||
return "Wrong username or password";
|
||||
|
||||
if (ConfigSettings.getInstance().isAuthenticationActivated()) {
|
||||
AuthorizedUser authorizedUser = AuthorizedUserRepository.instance.get(userName);
|
||||
if (authorizedUser == null || !authorizedUser.doCredentialsMatch(userName, password)) {
|
||||
return "Wrong username or password";
|
||||
}
|
||||
}
|
||||
|
||||
User user = UserManager.getInstance().createUser(userName, host);
|
||||
|
|
|
@ -72,23 +72,22 @@ public class SessionManager {
|
|||
|
||||
public boolean registerUser(String sessionId, String userName, String password, String email) throws MageException {
|
||||
Session session = sessions.get(sessionId);
|
||||
if (session != null) {
|
||||
String returnMessage = session.registerUser(userName, password, email);
|
||||
if (returnMessage == null) {
|
||||
LogServiceImpl.instance.log(LogKeys.KEY_USER_REGISTERED, userName, session.getHost(), sessionId);
|
||||
|
||||
logger.info(userName + " registered");
|
||||
logger.debug("- userId: " + session.getUserId());
|
||||
logger.debug("- sessionId: " + sessionId);
|
||||
logger.debug("- host: " + session.getHost());
|
||||
return true;
|
||||
} else {
|
||||
logger.debug(userName + " not registered: " + returnMessage);
|
||||
}
|
||||
} else {
|
||||
if (session == null) {
|
||||
logger.error(userName + " tried to register with no sessionId");
|
||||
return false;
|
||||
}
|
||||
return false;
|
||||
String returnMessage = session.registerUser(userName, password, email);
|
||||
if (returnMessage != null) {
|
||||
logger.debug(userName + " not registered: " + returnMessage);
|
||||
return false;
|
||||
}
|
||||
LogServiceImpl.instance.log(LogKeys.KEY_USER_REGISTERED, userName, session.getHost(), sessionId);
|
||||
|
||||
logger.info(userName + " registered");
|
||||
logger.debug("- userId: " + session.getUserId());
|
||||
logger.debug("- sessionId: " + sessionId);
|
||||
logger.debug("- host: " + session.getHost());
|
||||
return true;
|
||||
}
|
||||
|
||||
public boolean connectUser(String sessionId, String userName, String password) throws MageException {
|
||||
|
|
|
@ -111,8 +111,16 @@ public class ConfigSettings {
|
|||
return config.getServer().getMaxUserNameLength().intValue();
|
||||
}
|
||||
|
||||
public String getUserNamePattern() {
|
||||
return config.getServer().getUserNamePattern();
|
||||
public String getInvalidUserNamePattern() {
|
||||
return config.getServer().getInvalidUserNamePattern();
|
||||
}
|
||||
|
||||
public int getMinPasswordLength() {
|
||||
return config.getServer().getMinPasswordLength().intValue();
|
||||
}
|
||||
|
||||
public int getMaxPasswordLength() {
|
||||
return config.getServer().getMaxPasswordLength().intValue();
|
||||
}
|
||||
|
||||
public String getMaxAiOpponents() {
|
||||
|
|
|
@ -29,7 +29,9 @@
|
|||
<xs:attribute name="leasePeriod" type="xs:positiveInteger" use="required"/>
|
||||
<xs:attribute name="minUserNameLength" type="xs:positiveInteger" use="required"/>
|
||||
<xs:attribute name="maxUserNameLength" type="xs:positiveInteger" use="required"/>
|
||||
<xs:attribute name="userNamePattern" type="xs:string" use="required"/>
|
||||
<xs:attribute name="invalidUserNamePattern" type="xs:string" use="required"/>
|
||||
<xs:attribute name="minPasswordLength" type="xs:positiveInteger" use="required"/>
|
||||
<xs:attribute name="maxPasswordLength" type="xs:positiveInteger" use="required"/>
|
||||
<xs:attribute name="maxAiOpponents" type="xs:string" use="optional"/>
|
||||
<xs:attribute name="saveGameActivated" type="xs:boolean" use="optional"/>
|
||||
<xs:attribute name="authenticationActivated" type="xs:boolean" use="optional"/>
|
||||
|
|
Loading…
Reference in a new issue