From f99660a4512fdf55e9efefdfef76caf15a9db472 Mon Sep 17 00:00:00 2001 From: Me Car Date: Mon, 11 Jan 2016 11:15:01 +0900 Subject: [PATCH] Add some password validation. --- .../mage/client/dialog/ConnectDialog.java | 5 +-- Mage.Server/config/config.xml | 4 +- .../main/java/mage/server/GmailClient.java | 4 ++ .../src/main/java/mage/server/Session.java | 40 ++++++++++++++----- .../java/mage/server/util/ConfigSettings.java | 12 +++++- .../main/xml-resources/jaxb/Config/Config.xsd | 4 +- 6 files changed, 50 insertions(+), 19 deletions(-) diff --git a/Mage.Client/src/main/java/mage/client/dialog/ConnectDialog.java b/Mage.Client/src/main/java/mage/client/dialog/ConnectDialog.java index ddd4c10923..557e251042 100644 --- a/Mage.Client/src/main/java/mage/client/dialog/ConnectDialog.java +++ b/Mage.Client/src/main/java/mage/client/dialog/ConnectDialog.java @@ -346,10 +346,7 @@ public class ConnectDialog extends MageDialog { JOptionPane.showMessageDialog(rootPane, "Please provide a user name"); return; } - if (txtPassword.getText().isEmpty()) { - JOptionPane.showMessageDialog(rootPane, "Please provide a password"); - return; - } + // txtPassword is not checked here, because authentication might be disabled by the server config. if (Integer.valueOf(txtPort.getText()) < 1 || Integer.valueOf(txtPort.getText()) > 65535) { JOptionPane.showMessageDialog(rootPane, "Invalid port number"); txtPort.setText(MageFrame.getPreferences().get("serverPort", Integer.toString(Config.port))); diff --git a/Mage.Server/config/config.xml b/Mage.Server/config/config.xml index 4070d1a7ea..7695e7a663 100644 --- a/Mage.Server/config/config.xml +++ b/Mage.Server/config/config.xml @@ -32,7 +32,9 @@ maxSecondsIdle="600" minUserNameLength="3" maxUserNameLength="14" - userNamePattern="[^a-z0-9_]" + invalidUserNamePattern="[^a-z0-9_]" + minPasswordLength="8" + maxPasswordLength="100" maxAiOpponents="15" saveGameActivated="false" authenticationActivated="false" diff --git a/Mage.Server/src/main/java/mage/server/GmailClient.java b/Mage.Server/src/main/java/mage/server/GmailClient.java index 2d0516d4b1..3edc2f307e 100644 --- a/Mage.Server/src/main/java/mage/server/GmailClient.java +++ b/Mage.Server/src/main/java/mage/server/GmailClient.java @@ -63,6 +63,10 @@ public class GmailClient { } public static boolean sendMessage(String email, String subject, String text) { + if (email.length() == 0) { + logger.info("Email is not sent because the address is empty"); + return false; + } try { Gmail gmail = new Builder(httpTransport, JSON_FACTORY, credential).setApplicationName("XMage Server").build(); diff --git a/Mage.Server/src/main/java/mage/server/Session.java b/Mage.Server/src/main/java/mage/server/Session.java index 6d7792c91b..891acc7283 100644 --- a/Mage.Server/src/main/java/mage/server/Session.java +++ b/Mage.Server/src/main/java/mage/server/Session.java @@ -55,6 +55,10 @@ import org.jboss.remoting.callback.InvokerCallbackHandler; public class Session { private static final Logger logger = Logger.getLogger(Session.class); + private static Pattern invalidUserNamePattern = + Pattern.compile(ConfigSettings.getInstance().getInvalidUserNamePattern(), Pattern.CASE_INSENSITIVE); + private static Pattern alphabetsPattern = Pattern.compile("[a-zA-Z]"); + private static Pattern digitsPattern = Pattern.compile("[0-9]"); private final String sessionId; private UUID userId; @@ -76,7 +80,9 @@ public class Session { public String registerUser(String userName, String password, String email) throws MageException { if (!ConfigSettings.getInstance().isAuthenticationActivated()) { - return "Registration is disabled by the server config."; + String returnMessage = "Registration is disabled by the server config"; + sendErrorMessageToClient(returnMessage); + return returnMessage; } synchronized(AuthorizedUserRepository.instance) { String returnMessage = validateUserName(userName); @@ -84,7 +90,7 @@ public class Session { sendErrorMessageToClient(returnMessage); return returnMessage; } - returnMessage = validatePassword(password); + returnMessage = validatePassword(password, userName); if (returnMessage != null) { sendErrorMessageToClient(returnMessage); return returnMessage; @@ -104,14 +110,14 @@ public class Session { if (userName.equals("Admin")) { return "User name Admin already in use"; } - if (userName.length() > ConfigSettings.getInstance().getMaxUserNameLength()) { - return "User name may not be longer than " + ConfigSettings.getInstance().getMaxUserNameLength() + " characters"; + ConfigSettings config = ConfigSettings.getInstance(); + if (userName.length() < config.getMinUserNameLength()) { + return "User name may not be shorter than " + config.getMinUserNameLength() + " characters"; } - if (userName.length() < ConfigSettings.getInstance().getMinUserNameLength()) { - return "User name may not be shorter than " + ConfigSettings.getInstance().getMinUserNameLength() + " characters"; + if (userName.length() > config.getMaxUserNameLength()) { + return "User name may not be longer than " + config.getMaxUserNameLength() + " characters"; } - Pattern p = Pattern.compile(ConfigSettings.getInstance().getUserNamePattern(), Pattern.CASE_INSENSITIVE); - Matcher m = p.matcher(userName); + Matcher m = invalidUserNamePattern.matcher(userName); if (m.find()) { return "User name '" + userName + "' includes not allowed characters: use a-z, A-Z and 0-9"; } @@ -122,9 +128,21 @@ public class Session { return null; } - static private String validatePassword(String password) { - if (password.length() == 0) { - return "Password needs to be non-empty"; + static private String validatePassword(String password, String userName) { + ConfigSettings config = ConfigSettings.getInstance(); + if (password.length() < config.getMinPasswordLength()) { + return "Password may not be shorter than " + config.getMinPasswordLength() + " characters"; + } + if (password.length() > config.getMaxPasswordLength()) { + return "Password may not be longer than " + config.getMaxPasswordLength() + " characters"; + } + if (password.equals(userName)) { + return "Password may not be the same as your username"; + } + Matcher alphabetsMatcher = alphabetsPattern.matcher(password); + Matcher digitsMatcher = digitsPattern.matcher(password); + if (!alphabetsMatcher.find() || !digitsMatcher.find()) { + return "Password has to include at least one alphabet (a-zA-Z) and also at least one digit (0-9)"; } return null; } diff --git a/Mage.Server/src/main/java/mage/server/util/ConfigSettings.java b/Mage.Server/src/main/java/mage/server/util/ConfigSettings.java index c85f97c257..b73961956a 100644 --- a/Mage.Server/src/main/java/mage/server/util/ConfigSettings.java +++ b/Mage.Server/src/main/java/mage/server/util/ConfigSettings.java @@ -111,8 +111,16 @@ public class ConfigSettings { return config.getServer().getMaxUserNameLength().intValue(); } - public String getUserNamePattern() { - return config.getServer().getUserNamePattern(); + public String getInvalidUserNamePattern() { + return config.getServer().getInvalidUserNamePattern(); + } + + public int getMinPasswordLength() { + return config.getServer().getMinPasswordLength().intValue(); + } + + public int getMaxPasswordLength() { + return config.getServer().getMaxPasswordLength().intValue(); } public String getMaxAiOpponents() { diff --git a/Mage.Server/src/main/xml-resources/jaxb/Config/Config.xsd b/Mage.Server/src/main/xml-resources/jaxb/Config/Config.xsd index 25adcc1e0e..c2fa00ef8a 100644 --- a/Mage.Server/src/main/xml-resources/jaxb/Config/Config.xsd +++ b/Mage.Server/src/main/xml-resources/jaxb/Config/Config.xsd @@ -29,7 +29,9 @@ - + + +