From 12f893e0cb856d745c9b97e04d1a9ad82b274843 Mon Sep 17 00:00:00 2001 From: Lucas Nicodemus Date: Mon, 13 Apr 2015 14:24:12 -0600 Subject: [PATCH] Require minimum password length of 4, and trim new passwords for whitespace. Fixes problems reported by @MarioE and @Simon311: - Users can no longer register with whitespace for a password. - Users can no longer register with 4 whitespaces for a password. --- TShockAPI/Commands.cs | 22 +++++++++++++++++++--- TShockAPI/ConfigFile.cs | 3 +++ TShockAPI/DB/UserManager.cs | 8 ++++++-- 3 files changed, 28 insertions(+), 5 deletions(-) diff --git a/TShockAPI/Commands.cs b/TShockAPI/Commands.cs index 0d6c7275..d1ad31a3 100755 --- a/TShockAPI/Commands.cs +++ b/TShockAPI/Commands.cs @@ -924,13 +924,24 @@ namespace TShockAPI { user.Name = args.Player.Name; echoPassword = args.Parameters[0]; - user.CreateBCryptHash(args.Parameters[0]); + try { + user.CreateBCryptHash(args.Parameters[0]); + } + catch (ArgumentOutOfRangeException) { + args.Player.SendErrorMessage("Password must be > " + TShock.Config.MinimumPasswordLength + " characters."); + return; + } } else if (args.Parameters.Count == 2 && TShock.Config.AllowRegisterAnyUsername) { user.Name = args.Parameters[0]; echoPassword = args.Parameters[1]; - user.CreateBCryptHash(args.Parameters[1]); + try { + user.CreateBCryptHash(args.Parameters[1]); + } catch (ArgumentOutOfRangeException) { + args.Player.SendErrorMessage("Password must be > " + TShock.Config.MinimumPasswordLength + " characters."); + return; + } } else { @@ -978,7 +989,12 @@ namespace TShockAPI var user = new User(); user.Name = args.Parameters[1]; - user.CreateBCryptHash(args.Parameters[2]); + try { + user.CreateBCryptHash(args.Parameters[2]); + } catch (ArgumentOutOfRangeException) { + args.Player.SendErrorMessage("Password must be > " + TShock.Config.MinimumPasswordLength + " characters."); + return; + } user.Group = args.Parameters[3]; try diff --git a/TShockAPI/ConfigFile.cs b/TShockAPI/ConfigFile.cs index d01aea77..3eee17c6 100755 --- a/TShockAPI/ConfigFile.cs +++ b/TShockAPI/ConfigFile.cs @@ -401,6 +401,9 @@ namespace TShockAPI [Description("Determines the BCrypt work factor to use. If increased, all passwords will be upgraded to new work-factor on verify. Range: 5-31.")] public int BCryptWorkFactor = 7; + [Description("The minimum password length for new user accounts. Minimum value is 4.")] + public int MinimumPasswordLength = 4; + /// /// Reads a configuration file from a given path /// diff --git a/TShockAPI/DB/UserManager.cs b/TShockAPI/DB/UserManager.cs index 8b7d0c64..290f06d4 100755 --- a/TShockAPI/DB/UserManager.cs +++ b/TShockAPI/DB/UserManager.cs @@ -412,11 +412,15 @@ namespace TShockAPI.DB /// Creates a BCrypt hash for a user and stores it in this object. /// string password - the plain text password to hash public void CreateBCryptHash(string password) { + + if (password.Trim().Length < Math.Max(4, TShock.Config.MinimumPasswordLength)) { + throw new ArgumentOutOfRangeException("password", "Password must be > " + TShock.Config.MinimumPasswordLength + " characters."); + } try { - this.Password = BCrypt.Net.BCrypt.HashPassword(password, TShock.Config.BCryptWorkFactor); + this.Password = BCrypt.Net.BCrypt.HashPassword(password.Trim(), TShock.Config.BCryptWorkFactor); } catch (ArgumentOutOfRangeException) { TShock.Log.ConsoleError("Invalid BCrypt work factor in config file! Creating new hash using default work factor."); - this.Password = BCrypt.Net.BCrypt.HashPassword(password); + this.Password = BCrypt.Net.BCrypt.HashPassword(password.Trim()); } }