Skip to content

Commit

Permalink
- Introduce /email code
Browse files Browse the repository at this point in the history
- Add max tries for /email code
- Introduce a PasswordRecoveryService
  • Loading branch information
EbonJaeger committed Mar 6, 2017
1 parent a64f758 commit 7d4bfcd
Show file tree
Hide file tree
Showing 40 changed files with 529 additions and 240 deletions.
8 changes: 6 additions & 2 deletions docs/config.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<!-- AUTO-GENERATED FILE! Do not edit this directly -->
<!-- File auto-generated on Sat Feb 25 21:59:18 CET 2017. See docs/config/config.tpl.md -->
<!-- File auto-generated on Mon Mar 06 13:51:04 EST 2017. See docs/config/config.tpl.md -->

## AuthMe Configuration
The first time you run AuthMe it will create a config.yml file in the plugins/AuthMe folder,
Expand Down Expand Up @@ -323,6 +323,8 @@ Email:
mailSMTP: 'smtp.gmail.com'
# Email SMTP server port
mailPort: 465
# Only affects port 25: enable TLS/STARTTLS?
useTls: true
# Email account which sends the mails
mailAccount: ''
# Email account password
Expand Down Expand Up @@ -440,6 +442,8 @@ Security:
length: 8
# How many hours is a recovery code valid for?
validForHours: 4
# Max number of tries to enter recovery code
maxTries: 3
emailRecovery:
# Seconds a user has to wait for before a password recovery mail may be sent again
# This prevents an attacker from abusing AuthMe's email feature.
Expand All @@ -460,4 +464,4 @@ To change settings on a running server, save your changes to config.yml and use

---

This page was automatically generated on the [AuthMe/AuthMeReloaded repository](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/) on Sat Feb 25 21:59:18 CET 2017
This page was automatically generated on the [AuthMe/AuthMeReloaded repository](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/) on Mon Mar 06 13:51:04 EST 2017
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
package fr.xephi.authme.command.executable.email;

import fr.xephi.authme.command.PlayerCommand;
import fr.xephi.authme.data.auth.PlayerAuth;
import fr.xephi.authme.datasource.DataSource;
import fr.xephi.authme.message.MessageKey;
import fr.xephi.authme.service.CommonService;
import fr.xephi.authme.service.PasswordRecoveryService;
import fr.xephi.authme.service.RecoveryCodeService;
import org.bukkit.entity.Player;

import javax.inject.Inject;
import java.util.List;

/**
* Command for submitting email recovery code.
*/
public class ProcessCodeCommand extends PlayerCommand {

@Inject
private CommonService commonService;

@Inject
private DataSource dataSource;

@Inject
private RecoveryCodeService codeService;

@Inject
private PasswordRecoveryService recoveryService;

@Override
protected void runCommand(Player player, List<String> arguments) {
String name = player.getName();
String code = arguments.get(0);

if (codeService.hasTriesLeft(name)) {
if (codeService.isCodeValid(name, code)) {
PlayerAuth auth = dataSource.getAuth(name);
String email = auth.getEmail();
if (email == null || "your@email.com".equalsIgnoreCase(email)) {
commonService.send(player, MessageKey.INVALID_EMAIL);
return;
}

recoveryService.generateAndSendNewPassword(player, email);
codeService.removeCode(name);
} else {
commonService.send(player, MessageKey.INCORRECT_RECOVERY_CODE,
Integer.toString(codeService.getTriesLeft(name)));
}
} else {
codeService.removeCode(name);
commonService.send(player, MessageKey.RECOVERY_TRIES_EXCEEDED);
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -5,34 +5,20 @@
import fr.xephi.authme.data.auth.PlayerAuth;
import fr.xephi.authme.data.auth.PlayerCache;
import fr.xephi.authme.datasource.DataSource;
import fr.xephi.authme.initialization.Reloadable;
import fr.xephi.authme.mail.EmailService;
import fr.xephi.authme.message.MessageKey;
import fr.xephi.authme.message.Messages;
import fr.xephi.authme.security.PasswordSecurity;
import fr.xephi.authme.security.crypts.HashedPassword;
import fr.xephi.authme.service.CommonService;
import fr.xephi.authme.service.PasswordRecoveryService;
import fr.xephi.authme.service.RecoveryCodeService;
import fr.xephi.authme.settings.properties.SecuritySettings;
import fr.xephi.authme.util.RandomStringUtils;
import fr.xephi.authme.util.expiring.Duration;
import fr.xephi.authme.util.expiring.ExpiringSet;
import org.bukkit.entity.Player;

import javax.annotation.PostConstruct;
import javax.inject.Inject;
import java.util.List;
import java.util.concurrent.TimeUnit;

import static fr.xephi.authme.settings.properties.EmailSettings.RECOVERY_PASSWORD_LENGTH;

/**
* Command for password recovery by email.
*/
public class RecoverEmailCommand extends PlayerCommand implements Reloadable {

@Inject
private PasswordSecurity passwordSecurity;
public class RecoverEmailCommand extends PlayerCommand {

@Inject
private CommonService commonService;
Expand All @@ -47,18 +33,10 @@ public class RecoverEmailCommand extends PlayerCommand implements Reloadable {
private EmailService emailService;

@Inject
private RecoveryCodeService recoveryCodeService;
private PasswordRecoveryService recoveryService;

@Inject
private Messages messages;

private ExpiringSet<String> emailCooldown;

@PostConstruct
private void initEmailCooldownSet() {
emailCooldown = new ExpiringSet<>(
commonService.getProperty(SecuritySettings.EMAIL_RECOVERY_COOLDOWN_SECONDS), TimeUnit.SECONDS);
}
private RecoveryCodeService recoveryCodeService;

@Override
protected void runCommand(Player player, List<String> arguments) {
Expand Down Expand Up @@ -89,73 +67,9 @@ protected void runCommand(Player player, List<String> arguments) {

if (recoveryCodeService.isRecoveryCodeNeeded()) {
// Process /email recovery addr@example.com
if (arguments.size() == 1) {
createAndSendRecoveryCode(player, email);
} else {
// Process /email recovery addr@example.com 12394
processRecoveryCode(player, arguments.get(1), email);
}
} else {
boolean maySendMail = checkEmailCooldown(player);
if (maySendMail) {
generateAndSendNewPassword(player, email);
}
}
}

@Override
public void reload() {
emailCooldown.setExpiration(
commonService.getProperty(SecuritySettings.EMAIL_RECOVERY_COOLDOWN_SECONDS), TimeUnit.SECONDS);
}

private void createAndSendRecoveryCode(Player player, String email) {
if (!checkEmailCooldown(player)) {
return;
}

String recoveryCode = recoveryCodeService.generateCode(player.getName());
boolean couldSendMail = emailService.sendRecoveryCode(player.getName(), email, recoveryCode);
if (couldSendMail) {
commonService.send(player, MessageKey.RECOVERY_CODE_SENT);
emailCooldown.add(player.getName().toLowerCase());
} else {
commonService.send(player, MessageKey.EMAIL_SEND_FAILURE);
}
}

private void processRecoveryCode(Player player, String code, String email) {
final String name = player.getName();
if (recoveryCodeService.isCodeValid(name, code)) {
generateAndSendNewPassword(player, email);
recoveryCodeService.removeCode(name);
recoveryService.createAndSendRecoveryCode(player, email);
} else {
commonService.send(player, MessageKey.INCORRECT_RECOVERY_CODE);
}
}

private void generateAndSendNewPassword(Player player, String email) {
String name = player.getName();
String thePass = RandomStringUtils.generate(commonService.getProperty(RECOVERY_PASSWORD_LENGTH));
HashedPassword hashNew = passwordSecurity.computeHash(thePass, name);

dataSource.updatePassword(name, hashNew);
boolean couldSendMail = emailService.sendPasswordMail(name, email, thePass);
if (couldSendMail) {
commonService.send(player, MessageKey.RECOVERY_EMAIL_SENT_MESSAGE);
emailCooldown.add(player.getName().toLowerCase());
} else {
commonService.send(player, MessageKey.EMAIL_SEND_FAILURE);
}
}

private boolean checkEmailCooldown(Player player) {
Duration waitDuration = emailCooldown.getExpiration(player.getName().toLowerCase());
if (waitDuration.getDuration() > 0) {
String durationText = messages.formatDuration(waitDuration);
messages.send(player, MessageKey.EMAIL_COOLDOWN_ERROR, durationText);
return false;
recoveryService.generateAndSendNewPassword(player, email);
}
return true;
}
}
7 changes: 5 additions & 2 deletions src/main/java/fr/xephi/authme/message/MessageKey.java
Original file line number Diff line number Diff line change
Expand Up @@ -224,8 +224,11 @@ public enum MessageKey {
/** A recovery code to reset your password has been sent to your email. */
RECOVERY_CODE_SENT("recovery_code_sent"),

/** The recovery code is not correct! Use "/email recovery [email]" to generate a new one */
INCORRECT_RECOVERY_CODE("recovery_code_incorrect"),
/** The recovery code is not correct! You have %count tries remaining. */
INCORRECT_RECOVERY_CODE("recovery_code_incorrect", "%count"),

/** You have exceeded the maximum number of attempts to enter the recovery code. Use "/email recovery [email]" to generate a new one. */
RECOVERY_TRIES_EXCEEDED("recovery_tries_exceeded"),

/** An email was already sent recently. You must wait %time before you can send a new one. */
EMAIL_COOLDOWN_ERROR("email_cooldown_error", "%time"),
Expand Down
125 changes: 125 additions & 0 deletions src/main/java/fr/xephi/authme/service/PasswordRecoveryService.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,125 @@
package fr.xephi.authme.service;

import fr.xephi.authme.datasource.DataSource;
import fr.xephi.authme.initialization.Reloadable;
import fr.xephi.authme.mail.EmailService;
import fr.xephi.authme.message.MessageKey;
import fr.xephi.authme.message.Messages;
import fr.xephi.authme.security.PasswordSecurity;
import fr.xephi.authme.security.crypts.HashedPassword;
import fr.xephi.authme.settings.properties.SecuritySettings;
import fr.xephi.authme.util.RandomStringUtils;
import fr.xephi.authme.util.expiring.Duration;
import fr.xephi.authme.util.expiring.ExpiringSet;
import org.bukkit.entity.Player;

import javax.annotation.PostConstruct;
import javax.inject.Inject;
import java.util.concurrent.TimeUnit;

import static fr.xephi.authme.settings.properties.EmailSettings.RECOVERY_PASSWORD_LENGTH;

/**
* Manager for password recovery.
*/
public class PasswordRecoveryService implements Reloadable {

@Inject
private CommonService commonService;

@Inject
private RecoveryCodeService codeService;

@Inject
private DataSource dataSource;

@Inject
private EmailService emailService;

@Inject
private PasswordSecurity passwordSecurity;

@Inject
private RecoveryCodeService recoveryCodeService;

@Inject
private Messages messages;

private ExpiringSet<String> emailCooldown;

@PostConstruct
private void initEmailCooldownSet() {
emailCooldown = new ExpiringSet<>(
commonService.getProperty(SecuritySettings.EMAIL_RECOVERY_COOLDOWN_SECONDS), TimeUnit.SECONDS);
}

/**
* Create a new recovery code and send it to the player
* via email.
*
* @param player The player getting the code.
* @param email The email to send the code to.
*/
public void createAndSendRecoveryCode(Player player, String email) {
if (!checkEmailCooldown(player)) {
return;
}

String recoveryCode = recoveryCodeService.generateCode(player.getName());
boolean couldSendMail = emailService.sendRecoveryCode(player.getName(), email, recoveryCode);
if (couldSendMail) {
commonService.send(player, MessageKey.RECOVERY_CODE_SENT);
emailCooldown.add(player.getName().toLowerCase());
} else {
commonService.send(player, MessageKey.EMAIL_SEND_FAILURE);
}
}

/**
* Generate a new password and send it to the player via
* email. This will update the database with the new password.
*
* @param player The player recovering their password.
* @param email The email to send the password to.
*/
public void generateAndSendNewPassword(Player player, String email) {
if (!checkEmailCooldown(player)) {
return;
}

String name = player.getName();
String thePass = RandomStringUtils.generate(commonService.getProperty(RECOVERY_PASSWORD_LENGTH));
HashedPassword hashNew = passwordSecurity.computeHash(thePass, name);

dataSource.updatePassword(name, hashNew);
boolean couldSendMail = emailService.sendPasswordMail(name, email, thePass);
if (couldSendMail) {
commonService.send(player, MessageKey.RECOVERY_EMAIL_SENT_MESSAGE);
emailCooldown.add(player.getName().toLowerCase());
} else {
commonService.send(player, MessageKey.EMAIL_SEND_FAILURE);
}
}

/**
* Check if a player is able to have emails sent.
*
* @param player The player to check.
* @return True if the player is not on cooldown.
*/
public boolean checkEmailCooldown(Player player) {
Duration waitDuration = emailCooldown.getExpiration(player.getName().toLowerCase());
if (waitDuration.getDuration() > 0) {
String durationText = messages.formatDuration(waitDuration);
messages.send(player, MessageKey.EMAIL_COOLDOWN_ERROR, durationText);
return false;
}
return true;
}

@Override
public void reload() {
emailCooldown.setExpiration(
commonService.getProperty(SecuritySettings.EMAIL_RECOVERY_COOLDOWN_SECONDS), TimeUnit.SECONDS);
}
}
Loading

0 comments on commit 7d4bfcd

Please sign in to comment.