Merge pull request #128 from AttorneyOnline/password-requirements

Add password requirements
2021-06-06 14:08:33 -05:00 · 2021-06-06 14:08:33 -05:00 · 4c32cf86cc
commit 4c32cf86cc
parent 1a0cb3c6ef 65467df4ba
6 changed files with 131 additions and 0 deletions
--- a/bin/config_sample/config.ini
+++ b/bin/config_sample/config.ini
@ -31,3 +31,12 @@ webhook_enabled=false
 webhook_url=Your webhook url here.
 webhook_sendfile=false
 webhook_content=
+
+[Password]
+password_requirements = true
+pass_min_length = 8
+pass_max_length = 0
+pass_required_mix_case = true
+pass_required_numbers = true
+pass_required_special = true
+pass_can_contain_username = false
--- a/core/include/aoclient.h
+++ b/core/include/aoclient.h
@ -1878,6 +1878,23 @@ class AOClient : public QObject {
     */
    QStringList updateStatement(QStringList packet);

+    /**
+     * @brief Called when area enum is set to PLAYBACK. Sends the IC-Message stored at the current statement.
+     * @return IC-Message stored in the QVector.
+     */
+    QStringList playTestimony();
+
+    /**
+     * @brief Checks if a password meets the server's password requirements.
+     *
+     * @param username The chosen username.
+     *
+     * @param password The password to check.
+     *
+     * @return True if the password meets the requirements, otherwise false.
+     */
+    bool checkPasswordRequirements(QString username, QString password);
+    
    ///@}

    /**
--- a/core/include/server.h
+++ b/core/include/server.h
@ -318,6 +318,41 @@ class Server : public QObject {
     */
    int message_floodguard;

+    /**
+     * @brief Whether password requirements are enabled.
+     */
+    bool password_requirements = true;
+
+    /**
+     * @brief The minimum length passwords can be.
+     */
+    int password_minimum_length;
+
+    /**
+     * @brief The maximum length passwords can be.
+     */
+    int password_maximum_length;
+
+    /**
+     * @brief Whether passwords must be mixed case.
+     */
+    bool password_require_mixed_case = true;
+
+    /**
+     * @brief Whether passwords must contain numbers.
+     */
+    bool password_require_numbers = true;
+
+    /**
+     * @brief Whether passwords must contain special characters.
+     */
+    bool password_require_special_characters = true;
+
+    /**
+     * @brief Whether passwords can contain the associated username.
+     */
+    bool password_can_contain_username = false;
+
    /**
     * @brief URL send to the client during handshake to set the remote repository URL.
     */
--- a/core/src/commands/authentication.cpp
+++ b/core/src/commands/authentication.cpp
@ -57,6 +57,11 @@ void AOClient::cmdSetRootPass(int argc, QStringList argv)
    if (!change_auth_started)
        return;

+    if (!checkPasswordRequirements("root", argv[0])) {
+        sendServerMessage("Password does not meet server requirements.");
+        return;
+    }
+
    sendServerMessage("Changing auth type and setting root password.\nLogin again with /login root [password]");
    authenticated = false;
    QSettings settings("config/config.ini", QSettings::IniFormat);
@ -79,6 +84,10 @@ void AOClient::cmdSetRootPass(int argc, QStringList argv)

 void AOClient::cmdAddUser(int argc, QStringList argv)
 {
+    if (!checkPasswordRequirements(argv[0], argv[1])) {
+        sendServerMessage("Password does not meet server requirements.");
+        return;
+    }
 #if QT_VERSION < QT_VERSION_CHECK(5, 10, 0)
    qsrand(QDateTime::currentMSecsSinceEpoch());
    quint32 upper_salt = qrand();
@ -254,6 +263,11 @@ void AOClient::cmdChangePassword(int argc, QStringList argv)
        return;
    }

+    if (!checkPasswordRequirements(username, password)) {
+        sendServerMessage("Password does not meet server requirements.");
+        return;
+    }
+
    if (server->db_manager->updatePassword(username, password)) {
        sendServerMessage("Successfully changed password.");
    }
--- a/core/src/commands/command_helper.cpp
+++ b/core/src/commands/command_helper.cpp
@ -169,3 +169,40 @@ QString AOClient::getReprimand(bool positive)
        return server->reprimands_list[genRand(0, server->reprimands_list.size() - 1)];
        }
 }
+
+bool AOClient::checkPasswordRequirements(QString username, QString password)
+{
+    QString decoded_password = decodeMessage(password);
+    if (!server->password_requirements)
+        return true;
+
+    if (server->password_minimum_length > decoded_password.length())
+        return false;
+
+    if (server->password_maximum_length < decoded_password.length() && server->password_maximum_length != 0)
+        return false;
+
+    else if (server->password_require_mixed_case) {
+        if (decoded_password.toLower() == decoded_password)
+            return false;
+        if (decoded_password.toUpper() == decoded_password)
+            return false;
+    }
+    else if (server->password_require_numbers) {
+        QRegularExpression regex("[0123456789]");
+        QRegularExpressionMatch match = regex.match(decoded_password);
+        if (!match.hasMatch())
+            return false;
+    }
+    else if (server->password_require_special_characters) {
+        QRegularExpression regex("[~!@#$%^&*_-+=`|\\(){}\[]:;\"'<>,.?/]");
+        QRegularExpressionMatch match = regex.match(decoded_password);
+        if (!match.hasMatch())
+            return false;
+    }
+    else if (!server->password_can_contain_username) {
+        if (decoded_password.contains(username))
+            return false;
+    }
+    return true;
+}
--- a/core/src/server.cpp
+++ b/core/src/server.cpp
@ -313,6 +313,25 @@ void Server::loadServerConfig()
    webhook_sendfile = config.value("webhook_sendfile", false).toBool();
    webhook_content = config.value("webhook_content", "").toString();
    config.endGroup();
+
+    //Load password configuration
+    config.beginGroup("Password");
+    password_requirements = config.value("password_requirements", "false").toBool();
+    if (password_requirements) {
+        bool password_minimum_length_conversion_success;
+        password_minimum_length = config.value("pass_min_length", "8").toInt(&password_minimum_length_conversion_success);
+        if (!password_minimum_length_conversion_success)
+            password_minimum_length = 8;
+        bool password_maximum_length_conversion_success;
+        password_maximum_length = config.value("pass_max_length", "16").toInt(&password_maximum_length_conversion_success);
+        if (!password_minimum_length_conversion_success)
+            password_maximum_length = 16;
+        password_require_mixed_case = config.value("pass_require_mix_case", "true").toBool();
+        password_require_numbers = config.value("pass_require_numbers", "true").toBool();
+        password_require_special_characters = config.value("pass_require_special", "true").toBool();
+        password_can_contain_username = config.value("pass_can_contain_username", "false").toBool();
+    }
+    config.endGroup();
 }

 void Server::allowMessage()