Add some password validation.

Mage.Client/src/main/java/mage/client/dialog/ConnectDialog.java

@@ -346,10 +346,7 @@ public class ConnectDialog extends MageDialog {
             JOptionPane.showMessageDialog(rootPane, "Please provide a user name");
             return;
         }
-        if (txtPassword.getText().isEmpty()) {
+        // txtPassword is not checked here, because authentication might be disabled by the server config.
-            JOptionPane.showMessageDialog(rootPane, "Please provide a password");
-            return;
-        }
         if (Integer.valueOf(txtPort.getText()) < 1 || Integer.valueOf(txtPort.getText()) > 65535) {
             JOptionPane.showMessageDialog(rootPane, "Invalid port number");
             txtPort.setText(MageFrame.getPreferences().get("serverPort", Integer.toString(Config.port)));

Mage.Server/config/config.xml

@@ -32,7 +32,9 @@
             maxSecondsIdle="600"
             minUserNameLength="3"
             maxUserNameLength="14"
-            userNamePattern="[^a-z0-9_]"
+            invalidUserNamePattern="[^a-z0-9_]"
+            minPasswordLength="8"
+            maxPasswordLength="100"
             maxAiOpponents="15"
             saveGameActivated="false"
             authenticationActivated="false"

Mage.Server/src/main/java/mage/server/GmailClient.java

@@ -63,6 +63,10 @@ public class GmailClient {
     }
 
     public static boolean sendMessage(String email, String subject, String text) {
+        if (email.length() == 0) {
+            logger.info("Email is not sent because the address is empty");
+            return false;
+        }
         try {
             Gmail gmail = new Builder(httpTransport, JSON_FACTORY, credential).setApplicationName("XMage Server").build();
 

Mage.Server/src/main/java/mage/server/Session.java

@@ -55,6 +55,10 @@ import org.jboss.remoting.callback.InvokerCallbackHandler;
 public class Session {
 
     private static final Logger logger = Logger.getLogger(Session.class);
+    private static Pattern invalidUserNamePattern =
+            Pattern.compile(ConfigSettings.getInstance().getInvalidUserNamePattern(), Pattern.CASE_INSENSITIVE);
+    private static Pattern alphabetsPattern = Pattern.compile("[a-zA-Z]");
+    private static Pattern digitsPattern = Pattern.compile("[0-9]");
 
     private final String sessionId;
     private UUID userId;
@@ -76,7 +80,9 @@ public class Session {
 
     public String registerUser(String userName, String password, String email) throws MageException {
         if (!ConfigSettings.getInstance().isAuthenticationActivated()) {
-            return "Registration is disabled by the server config.";
+            String returnMessage = "Registration is disabled by the server config";
+            sendErrorMessageToClient(returnMessage);
+            return returnMessage;
         }
         synchronized(AuthorizedUserRepository.instance) {
             String returnMessage = validateUserName(userName);
@@ -84,7 +90,7 @@ public class Session {
                 sendErrorMessageToClient(returnMessage);
                 return returnMessage;
             }
-            returnMessage = validatePassword(password);
+            returnMessage = validatePassword(password, userName);
             if (returnMessage != null) {
                 sendErrorMessageToClient(returnMessage);
                 return returnMessage;
@@ -104,14 +110,14 @@ public class Session {
         if (userName.equals("Admin")) {
             return "User name Admin already in use";
         }
-        if (userName.length() > ConfigSettings.getInstance().getMaxUserNameLength()) {
+        ConfigSettings config = ConfigSettings.getInstance();
-            return "User name may not be longer than " + ConfigSettings.getInstance().getMaxUserNameLength() + " characters";
+        if (userName.length() < config.getMinUserNameLength()) {
+            return "User name may not be shorter than " + config.getMinUserNameLength() + " characters";
         }
-        if (userName.length() < ConfigSettings.getInstance().getMinUserNameLength()) {
+        if (userName.length() > config.getMaxUserNameLength()) {
-            return "User name may not be shorter than " + ConfigSettings.getInstance().getMinUserNameLength() + " characters";
+            return "User name may not be longer than " + config.getMaxUserNameLength() + " characters";
         }
-        Pattern p = Pattern.compile(ConfigSettings.getInstance().getUserNamePattern(), Pattern.CASE_INSENSITIVE);
+        Matcher m = invalidUserNamePattern.matcher(userName);
-        Matcher m = p.matcher(userName);
         if (m.find()) {
             return "User name '" + userName + "' includes not allowed characters: use a-z, A-Z and 0-9";
         }
@@ -122,9 +128,21 @@ public class Session {
         return null;
     }
 
-    static private String validatePassword(String password) {
+    static private String validatePassword(String password, String userName) {
-        if (password.length() == 0) {
+        ConfigSettings config = ConfigSettings.getInstance();
-            return "Password needs to be non-empty";
+        if (password.length() < config.getMinPasswordLength()) {
+            return "Password may not be shorter than " + config.getMinPasswordLength() + " characters";
+        }
+        if (password.length() > config.getMaxPasswordLength()) {
+            return "Password may not be longer than " + config.getMaxPasswordLength() + " characters";
+        }
+        if (password.equals(userName)) {
+            return "Password may not be the same as your username";
+        }
+        Matcher alphabetsMatcher = alphabetsPattern.matcher(password);
+        Matcher digitsMatcher = digitsPattern.matcher(password);
+        if (!alphabetsMatcher.find() || !digitsMatcher.find()) {
+            return "Password has to include at least one alphabet (a-zA-Z) and also at least one digit (0-9)";
         }
         return null;
     }

Mage.Server/src/main/java/mage/server/util/ConfigSettings.java

@@ -111,8 +111,16 @@ public class ConfigSettings {
         return config.getServer().getMaxUserNameLength().intValue();
     }
 
-    public String getUserNamePattern() {
+    public String getInvalidUserNamePattern() {
-        return config.getServer().getUserNamePattern();
+        return config.getServer().getInvalidUserNamePattern();
+    }
+
+    public int getMinPasswordLength() {
+        return config.getServer().getMinPasswordLength().intValue();
+    }
+
+    public int getMaxPasswordLength() {
+        return config.getServer().getMaxPasswordLength().intValue();
     }
 
     public String getMaxAiOpponents() {

Mage.Server/src/main/xml-resources/jaxb/Config/Config.xsd

@@ -29,7 +29,9 @@
 			<xs:attribute name="leasePeriod" type="xs:positiveInteger" use="required"/>
 			<xs:attribute name="minUserNameLength" type="xs:positiveInteger" use="required"/>
 			<xs:attribute name="maxUserNameLength" type="xs:positiveInteger" use="required"/>
-			<xs:attribute name="userNamePattern" type="xs:string" use="required"/>
+			<xs:attribute name="invalidUserNamePattern" type="xs:string" use="required"/>
+			<xs:attribute name="minPasswordLength" type="xs:positiveInteger" use="required"/>
+			<xs:attribute name="maxPasswordLength" type="xs:positiveInteger" use="required"/>
 			<xs:attribute name="maxAiOpponents" type="xs:string" use="optional"/>
 			<xs:attribute name="saveGameActivated" type="xs:boolean" use="optional"/>
 			<xs:attribute name="authenticationActivated" type="xs:boolean" use="optional"/>