Add some password validation.

This commit is contained in:
Me Car 2016-01-11 11:15:01 +09:00
parent 8dd1e21dba
commit f99660a451
6 changed files with 50 additions and 19 deletions

View file

@ -346,10 +346,7 @@ public class ConnectDialog extends MageDialog {
JOptionPane.showMessageDialog(rootPane, "Please provide a user name");
return;
}
if (txtPassword.getText().isEmpty()) {
JOptionPane.showMessageDialog(rootPane, "Please provide a password");
return;
}
// txtPassword is not checked here, because authentication might be disabled by the server config.
if (Integer.valueOf(txtPort.getText()) < 1 || Integer.valueOf(txtPort.getText()) > 65535) {
JOptionPane.showMessageDialog(rootPane, "Invalid port number");
txtPort.setText(MageFrame.getPreferences().get("serverPort", Integer.toString(Config.port)));

View file

@ -32,7 +32,9 @@
maxSecondsIdle="600"
minUserNameLength="3"
maxUserNameLength="14"
userNamePattern="[^a-z0-9_]"
invalidUserNamePattern="[^a-z0-9_]"
minPasswordLength="8"
maxPasswordLength="100"
maxAiOpponents="15"
saveGameActivated="false"
authenticationActivated="false"

View file

@ -63,6 +63,10 @@ public class GmailClient {
}
public static boolean sendMessage(String email, String subject, String text) {
if (email.length() == 0) {
logger.info("Email is not sent because the address is empty");
return false;
}
try {
Gmail gmail = new Builder(httpTransport, JSON_FACTORY, credential).setApplicationName("XMage Server").build();

View file

@ -55,6 +55,10 @@ import org.jboss.remoting.callback.InvokerCallbackHandler;
public class Session {
private static final Logger logger = Logger.getLogger(Session.class);
private static Pattern invalidUserNamePattern =
Pattern.compile(ConfigSettings.getInstance().getInvalidUserNamePattern(), Pattern.CASE_INSENSITIVE);
private static Pattern alphabetsPattern = Pattern.compile("[a-zA-Z]");
private static Pattern digitsPattern = Pattern.compile("[0-9]");
private final String sessionId;
private UUID userId;
@ -76,7 +80,9 @@ public class Session {
public String registerUser(String userName, String password, String email) throws MageException {
if (!ConfigSettings.getInstance().isAuthenticationActivated()) {
return "Registration is disabled by the server config.";
String returnMessage = "Registration is disabled by the server config";
sendErrorMessageToClient(returnMessage);
return returnMessage;
}
synchronized(AuthorizedUserRepository.instance) {
String returnMessage = validateUserName(userName);
@ -84,7 +90,7 @@ public class Session {
sendErrorMessageToClient(returnMessage);
return returnMessage;
}
returnMessage = validatePassword(password);
returnMessage = validatePassword(password, userName);
if (returnMessage != null) {
sendErrorMessageToClient(returnMessage);
return returnMessage;
@ -104,14 +110,14 @@ public class Session {
if (userName.equals("Admin")) {
return "User name Admin already in use";
}
if (userName.length() > ConfigSettings.getInstance().getMaxUserNameLength()) {
return "User name may not be longer than " + ConfigSettings.getInstance().getMaxUserNameLength() + " characters";
ConfigSettings config = ConfigSettings.getInstance();
if (userName.length() < config.getMinUserNameLength()) {
return "User name may not be shorter than " + config.getMinUserNameLength() + " characters";
}
if (userName.length() < ConfigSettings.getInstance().getMinUserNameLength()) {
return "User name may not be shorter than " + ConfigSettings.getInstance().getMinUserNameLength() + " characters";
if (userName.length() > config.getMaxUserNameLength()) {
return "User name may not be longer than " + config.getMaxUserNameLength() + " characters";
}
Pattern p = Pattern.compile(ConfigSettings.getInstance().getUserNamePattern(), Pattern.CASE_INSENSITIVE);
Matcher m = p.matcher(userName);
Matcher m = invalidUserNamePattern.matcher(userName);
if (m.find()) {
return "User name '" + userName + "' includes not allowed characters: use a-z, A-Z and 0-9";
}
@ -122,9 +128,21 @@ public class Session {
return null;
}
static private String validatePassword(String password) {
if (password.length() == 0) {
return "Password needs to be non-empty";
static private String validatePassword(String password, String userName) {
ConfigSettings config = ConfigSettings.getInstance();
if (password.length() < config.getMinPasswordLength()) {
return "Password may not be shorter than " + config.getMinPasswordLength() + " characters";
}
if (password.length() > config.getMaxPasswordLength()) {
return "Password may not be longer than " + config.getMaxPasswordLength() + " characters";
}
if (password.equals(userName)) {
return "Password may not be the same as your username";
}
Matcher alphabetsMatcher = alphabetsPattern.matcher(password);
Matcher digitsMatcher = digitsPattern.matcher(password);
if (!alphabetsMatcher.find() || !digitsMatcher.find()) {
return "Password has to include at least one alphabet (a-zA-Z) and also at least one digit (0-9)";
}
return null;
}

View file

@ -111,8 +111,16 @@ public class ConfigSettings {
return config.getServer().getMaxUserNameLength().intValue();
}
public String getUserNamePattern() {
return config.getServer().getUserNamePattern();
public String getInvalidUserNamePattern() {
return config.getServer().getInvalidUserNamePattern();
}
public int getMinPasswordLength() {
return config.getServer().getMinPasswordLength().intValue();
}
public int getMaxPasswordLength() {
return config.getServer().getMaxPasswordLength().intValue();
}
public String getMaxAiOpponents() {

View file

@ -29,7 +29,9 @@
<xs:attribute name="leasePeriod" type="xs:positiveInteger" use="required"/>
<xs:attribute name="minUserNameLength" type="xs:positiveInteger" use="required"/>
<xs:attribute name="maxUserNameLength" type="xs:positiveInteger" use="required"/>
<xs:attribute name="userNamePattern" type="xs:string" use="required"/>
<xs:attribute name="invalidUserNamePattern" type="xs:string" use="required"/>
<xs:attribute name="minPasswordLength" type="xs:positiveInteger" use="required"/>
<xs:attribute name="maxPasswordLength" type="xs:positiveInteger" use="required"/>
<xs:attribute name="maxAiOpponents" type="xs:string" use="optional"/>
<xs:attribute name="saveGameActivated" type="xs:boolean" use="optional"/>
<xs:attribute name="authenticationActivated" type="xs:boolean" use="optional"/>