Add password requirements
* Adds several configurable options for server owners to set requirements for passwords. * This system can be enabled/disabled with the password_requirements option. * Checks new and updated passwords against these requirements.
This commit is contained in:
		
							parent
							
								
									b7d95de9dc
								
							
						
					
					
						commit
						7c09ce6b5c
					
				| @ -29,3 +29,12 @@ max_dice=100 | ||||
| webhook_enabled=false | ||||
| webhook_url=Your webhook url here. | ||||
| webhook_sendfile=false | ||||
| 
 | ||||
| [Password] | ||||
| password_requirements = true | ||||
| pass_min_length = 8 | ||||
| pass_max_length = 0 | ||||
| pass_required_mix_case = true | ||||
| pass_required_numbers = true | ||||
| pass_required_special = true | ||||
| pass_contain_username = false | ||||
|  | ||||
| @ -1874,6 +1874,17 @@ class AOClient : public QObject { | ||||
|      * @return IC-Message stored in the QVector. | ||||
|      */ | ||||
|     QStringList playTestimony(); | ||||
| 
 | ||||
|     /**
 | ||||
|      * @brief Checks if a password meets the server's password requirements. | ||||
|      * | ||||
|      * @param username The chosen username. | ||||
|      * | ||||
|      * @param password The password to check. | ||||
|      * | ||||
|      * @return True if the password meets the requirements, otherwise false. | ||||
|      */ | ||||
|     bool checkPasswordRequirements(QString username, QString password); | ||||
|     ///@}
 | ||||
| 
 | ||||
|     /**
 | ||||
|  | ||||
| @ -318,6 +318,41 @@ class Server : public QObject { | ||||
|      */ | ||||
|     int message_floodguard; | ||||
| 
 | ||||
|     /**
 | ||||
|      * @brief Whether password requirements are enabled. | ||||
|      */ | ||||
|     bool password_requirements = true; | ||||
| 
 | ||||
|     /**
 | ||||
|      * @brief The minimum length passwords can be. | ||||
|      */ | ||||
|     int password_minimum_length; | ||||
| 
 | ||||
|     /**
 | ||||
|      * @brief The maximum length passwords can be. | ||||
|      */ | ||||
|     int password_maximum_length; | ||||
| 
 | ||||
|     /**
 | ||||
|      * @brief Whether passwords must be mixed case. | ||||
|      */ | ||||
|     bool password_require_mixed_case = true; | ||||
| 
 | ||||
|     /**
 | ||||
|      * @brief Whether passwords must contain numbers. | ||||
|      */ | ||||
|     bool password_require_numbers = true; | ||||
| 
 | ||||
|     /**
 | ||||
|      * @brief Whether passwords must contain special characters. | ||||
|      */ | ||||
|     bool password_require_special_characters = true; | ||||
| 
 | ||||
|     /**
 | ||||
|      * @brief Whether passwords can contain the associated username. | ||||
|      */ | ||||
|     bool password_can_contain_username = false; | ||||
| 
 | ||||
|   public slots: | ||||
|     /**
 | ||||
|      * @brief Handles a new connection. | ||||
|  | ||||
| @ -57,6 +57,11 @@ void AOClient::cmdSetRootPass(int argc, QStringList argv) | ||||
|     if (!change_auth_started) | ||||
|         return; | ||||
| 
 | ||||
|     if (!checkPasswordRequirements("root", argv[0])) { | ||||
|         sendServerMessage("Password does not meet server requirements."); | ||||
|         return; | ||||
|     } | ||||
| 
 | ||||
|     sendServerMessage("Changing auth type and setting root password.\nLogin again with /login root [password]"); | ||||
|     authenticated = false; | ||||
|     QSettings settings("config/config.ini", QSettings::IniFormat); | ||||
| @ -79,6 +84,10 @@ void AOClient::cmdSetRootPass(int argc, QStringList argv) | ||||
| 
 | ||||
| void AOClient::cmdAddUser(int argc, QStringList argv) | ||||
| { | ||||
|     if (!checkPasswordRequirements(argv[0], argv[1])) { | ||||
|         sendServerMessage("Password does not meet server requirements."); | ||||
|         return; | ||||
|     } | ||||
| #if QT_VERSION < QT_VERSION_CHECK(5, 10, 0) | ||||
|     qsrand(QDateTime::currentMSecsSinceEpoch()); | ||||
|     quint32 upper_salt = qrand(); | ||||
| @ -252,6 +261,11 @@ void AOClient::cmdChangePassword(int argc, QStringList argv) | ||||
|         return; | ||||
|     } | ||||
| 
 | ||||
|     if (!checkPasswordRequirements(username, password)) { | ||||
|         sendServerMessage("Password does not meet server requirements."); | ||||
|         return; | ||||
|     } | ||||
| 
 | ||||
|     if (server->db_manager->updatePassword(username, password)) { | ||||
|         sendServerMessage("Successfully changed password."); | ||||
|     } | ||||
|  | ||||
| @ -169,3 +169,40 @@ QString AOClient::getReprimand(bool positive) | ||||
|         return server->reprimands_list[genRand(0, server->reprimands_list.size() - 1)]; | ||||
|         } | ||||
| } | ||||
| 
 | ||||
| bool AOClient::checkPasswordRequirements(QString username, QString password) | ||||
| { | ||||
|     QString decoded_password = decodeMessage(password); | ||||
|     if (!server->password_requirements) | ||||
|         return true; | ||||
| 
 | ||||
|     if (server->password_minimum_length > decoded_password.length()) | ||||
|         return false; | ||||
| 
 | ||||
|     if (server->password_maximum_length < decoded_password.length() && server->password_maximum_length != 0) | ||||
|         return false; | ||||
| 
 | ||||
|     else if (server->password_require_mixed_case) { | ||||
|         if (decoded_password.toLower() == decoded_password) | ||||
|             return false; | ||||
|         if (decoded_password.toUpper() == decoded_password) | ||||
|             return false; | ||||
|     } | ||||
|     else if (server->password_require_numbers) { | ||||
|         QRegularExpression regex("[0123456789]"); | ||||
|         QRegularExpressionMatch match = regex.match(decoded_password); | ||||
|         if (!match.hasMatch()) | ||||
|             return false; | ||||
|     } | ||||
|     else if (server->password_require_special_characters) { | ||||
|         QRegularExpression regex("[~!@#$%^&*_-+=`|\\(){}\[]:;\"'<>,.?/]"); | ||||
|         QRegularExpressionMatch match = regex.match(decoded_password); | ||||
|         if (!match.hasMatch()) | ||||
|             return false; | ||||
|     } | ||||
|     else if (!server->password_can_contain_username) { | ||||
|         if (decoded_password.contains(username)) | ||||
|             return false; | ||||
|     } | ||||
|     return true; | ||||
| } | ||||
|  | ||||
| @ -309,6 +309,25 @@ void Server::loadServerConfig() | ||||
|     webhook_url = config.value("webhook_url", "Your webhook url here.").toString(); | ||||
|     webhook_sendfile = config.value("webhook_sendfile", false).toBool(); | ||||
|     config.endGroup(); | ||||
| 
 | ||||
|     //Load password configuration
 | ||||
|     config.beginGroup("Password"); | ||||
|     password_requirements = config.value("password_requirements", "false").toBool(); | ||||
|     if (password_requirements) { | ||||
|         bool password_minimum_length_conversion_success; | ||||
|         password_minimum_length = config.value("pass_min_length", "8").toInt(&password_minimum_length_conversion_success); | ||||
|         if (!password_minimum_length_conversion_success) | ||||
|             password_minimum_length = 8; | ||||
|         bool password_maximum_length_conversion_success; | ||||
|         password_maximum_length = config.value("pass_max_length", "16").toInt(&password_maximum_length_conversion_success); | ||||
|         if (!password_minimum_length_conversion_success) | ||||
|             password_maximum_length = 16; | ||||
|         password_require_mixed_case = config.value("pass_require_mix_case", "true").toBool(); | ||||
|         password_require_numbers = config.value("pass_require_numbers", "true").toBool(); | ||||
|         password_require_special_characters = config.value("pass_require_special", "true").toBool(); | ||||
|         password_can_contain_username = config.value("pass_contain_username", "false").toBool(); | ||||
|     } | ||||
|     config.endGroup(); | ||||
| } | ||||
| 
 | ||||
| void Server::allowMessage() | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 MangosArentLiterature
						MangosArentLiterature