themaster1970sf/TShock
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Require minimum password length of 4, and trim new passwords for whitespace.

Browse source 
Fixes problems reported by @MarioE and @Simon311:
- Users can no longer register with whitespace for a password.
- Users can no longer register with 4 whitespaces for a password.
This commit is contained in:
Lucas Nicodemus 2015-04-13 14:24:12 -06:00
parent 845c8c4b3d
commit 12f893e0cb
3 changed files with 28 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

22
TShockAPI/Commands.cs
View file

@ -924,13 +924,24 @@ namespace TShockAPI
{
user.Name = args.Player.Name;
echoPassword = args.Parameters[0];
user.CreateBCryptHash(args.Parameters[0]);
try {
user.CreateBCryptHash(args.Parameters[0]);
}
catch (ArgumentOutOfRangeException) {
args.Player.SendErrorMessage("Password must be > " + TShock.Config.MinimumPasswordLength + " characters.");
return;
}
}
else if (args.Parameters.Count == 2 && TShock.Config.AllowRegisterAnyUsername)
{
user.Name = args.Parameters[0];
echoPassword = args.Parameters[1];
user.CreateBCryptHash(args.Parameters[1]);
try {
user.CreateBCryptHash(args.Parameters[1]);
} catch (ArgumentOutOfRangeException) {
args.Player.SendErrorMessage("Password must be > " + TShock.Config.MinimumPasswordLength + " characters.");
return;
}
}
else
{
@ -978,7 +989,12 @@ namespace TShockAPI
var user = new User();
user.Name = args.Parameters[1];
user.CreateBCryptHash(args.Parameters[2]);
try {
user.CreateBCryptHash(args.Parameters[2]);
} catch (ArgumentOutOfRangeException) {
args.Player.SendErrorMessage("Password must be > " + TShock.Config.MinimumPasswordLength + " characters.");
return;
}
user.Group = args.Parameters[3];
try

3
TShockAPI/ConfigFile.cs
View file

@ -401,6 +401,9 @@ namespace TShockAPI
[Description("Determines the BCrypt work factor to use. If increased, all passwords will be upgraded to new work-factor on verify. Range: 5-31.")]
public int BCryptWorkFactor = 7;
[Description("The minimum password length for new user accounts. Minimum value is 4.")]
public int MinimumPasswordLength = 4;
/// <summary>
/// Reads a configuration file from a given path
/// </summary>

8
TShockAPI/DB/UserManager.cs
View file

@ -412,11 +412,15 @@ namespace TShockAPI.DB
/// <summary>Creates a BCrypt hash for a user and stores it in this object.</summary>
/// <param name="password">string password - the plain text password to hash</param>
public void CreateBCryptHash(string password) {
if (password.Trim().Length < Math.Max(4, TShock.Config.MinimumPasswordLength)) {
throw new ArgumentOutOfRangeException("password", "Password must be > " + TShock.Config.MinimumPasswordLength + " characters.");
}
try {
this.Password = BCrypt.Net.BCrypt.HashPassword(password, TShock.Config.BCryptWorkFactor);
this.Password = BCrypt.Net.BCrypt.HashPassword(password.Trim(), TShock.Config.BCryptWorkFactor);
} catch (ArgumentOutOfRangeException) {
TShock.Log.ConsoleError("Invalid BCrypt work factor in config file! Creating new hash using default work factor.");
this.Password = BCrypt.Net.BCrypt.HashPassword(password);
this.Password = BCrypt.Net.BCrypt.HashPassword(password.Trim());
}
}