Mamanyonyo/akashi-esquizolandia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add password requirements

Browse Source 
* Adds several configurable options for server owners to set requirements for passwords.
* This system can be enabled/disabled with the password_requirements option.
* Checks new and updated passwords against these requirements.
This commit is contained in:
MangosArentLiterature 2021-05-08 21:15:16 -05:00
parent b7d95de9dc
commit 7c09ce6b5c
6 changed files with 125 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
bin/config_sample/config.ini
View File

@ -29,3 +29,12 @@ max_dice=100
webhook_enabled=false webhook_enabled=false
webhook_url=Your webhook url here. webhook_url=Your webhook url here.
webhook_sendfile=false webhook_sendfile=false
[Password]
password_requirements = true
pass_min_length = 8
pass_max_length = 0
pass_required_mix_case = true
pass_required_numbers = true
pass_required_special = true
pass_contain_username = false

11
include/aoclient.h
View File

@ -1874,6 +1874,17 @@ class AOClient : public QObject {
* @return IC-Message stored in the QVector. * @return IC-Message stored in the QVector.
*/ */
QStringList playTestimony(); QStringList playTestimony();
/**
* @brief Checks if a password meets the server's password requirements.
*
* @param username The chosen username.
*
* @param password The password to check.
*
* @return True if the password meets the requirements, otherwise false.
*/
bool checkPasswordRequirements(QString username, QString password);
///@} ///@}
/** /**

35
include/server.h
View File

@ -318,6 +318,41 @@ class Server : public QObject {
*/ */
int message_floodguard; int message_floodguard;
/**
* @brief Whether password requirements are enabled.
*/
bool password_requirements = true;
/**
* @brief The minimum length passwords can be.
*/
int password_minimum_length;
/**
* @brief The maximum length passwords can be.
*/
int password_maximum_length;
/**
* @brief Whether passwords must be mixed case.
*/
bool password_require_mixed_case = true;
/**
* @brief Whether passwords must contain numbers.
*/
bool password_require_numbers = true;
/**
* @brief Whether passwords must contain special characters.
*/
bool password_require_special_characters = true;
/**
* @brief Whether passwords can contain the associated username.
*/
bool password_can_contain_username = false;
public slots: public slots:
/** /**
* @brief Handles a new connection. * @brief Handles a new connection.

14
src/commands/authentication.cpp
View File

@ -57,6 +57,11 @@ void AOClient::cmdSetRootPass(int argc, QStringList argv)
if (!change_auth_started) if (!change_auth_started)
return; return;
if (!checkPasswordRequirements("root", argv[0])) {
sendServerMessage("Password does not meet server requirements.");
return;
}
sendServerMessage("Changing auth type and setting root password.\nLogin again with /login root [password]"); sendServerMessage("Changing auth type and setting root password.\nLogin again with /login root [password]");
authenticated = false; authenticated = false;
QSettings settings("config/config.ini", QSettings::IniFormat); QSettings settings("config/config.ini", QSettings::IniFormat);
@ -79,6 +84,10 @@ void AOClient::cmdSetRootPass(int argc, QStringList argv)
void AOClient::cmdAddUser(int argc, QStringList argv) void AOClient::cmdAddUser(int argc, QStringList argv)
{ {
if (!checkPasswordRequirements(argv[0], argv[1])) {
sendServerMessage("Password does not meet server requirements.");
return;
}
#if QT_VERSION < QT_VERSION_CHECK(5, 10, 0) #if QT_VERSION < QT_VERSION_CHECK(5, 10, 0)
qsrand(QDateTime::currentMSecsSinceEpoch()); qsrand(QDateTime::currentMSecsSinceEpoch());
quint32 upper_salt = qrand(); quint32 upper_salt = qrand();
@ -252,6 +261,11 @@ void AOClient::cmdChangePassword(int argc, QStringList argv)
return; return;
} }
if (!checkPasswordRequirements(username, password)) {
sendServerMessage("Password does not meet server requirements.");
return;
}
if (server->db_manager->updatePassword(username, password)) { if (server->db_manager->updatePassword(username, password)) {
sendServerMessage("Successfully changed password."); sendServerMessage("Successfully changed password.");
} }

37
src/commands/command_helper.cpp
View File

@ -169,3 +169,40 @@ QString AOClient::getReprimand(bool positive)
return server->reprimands_list[genRand(0, server->reprimands_list.size() - 1)]; return server->reprimands_list[genRand(0, server->reprimands_list.size() - 1)];
} }
} }
bool AOClient::checkPasswordRequirements(QString username, QString password)
{
QString decoded_password = decodeMessage(password);
if (!server->password_requirements)
return true;
if (server->password_minimum_length > decoded_password.length())
return false;
if (server->password_maximum_length < decoded_password.length() && server->password_maximum_length != 0)
return false;
else if (server->password_require_mixed_case) {
if (decoded_password.toLower() == decoded_password)
return false;
if (decoded_password.toUpper() == decoded_password)
return false;
}
else if (server->password_require_numbers) {
QRegularExpression regex("[0123456789]");
QRegularExpressionMatch match = regex.match(decoded_password);
if (!match.hasMatch())
return false;
}
else if (server->password_require_special_characters) {
QRegularExpression regex("[~!@#$%^&*_-+=`|\\(){}\[]:;\"'<>,.?/]");
QRegularExpressionMatch match = regex.match(decoded_password);
if (!match.hasMatch())
return false;
}
else if (!server->password_can_contain_username) {
if (decoded_password.contains(username))
return false;
}
return true;
}

19
src/server.cpp
View File

@ -309,6 +309,25 @@ void Server::loadServerConfig()
webhook_url = config.value("webhook_url", "Your webhook url here.").toString(); webhook_url = config.value("webhook_url", "Your webhook url here.").toString();
webhook_sendfile = config.value("webhook_sendfile", false).toBool(); webhook_sendfile = config.value("webhook_sendfile", false).toBool();
config.endGroup(); config.endGroup();
//Load password configuration
config.beginGroup("Password");
password_requirements = config.value("password_requirements", "false").toBool();
if (password_requirements) {
bool password_minimum_length_conversion_success;
password_minimum_length = config.value("pass_min_length", "8").toInt(&password_minimum_length_conversion_success);
if (!password_minimum_length_conversion_success)
password_minimum_length = 8;
bool password_maximum_length_conversion_success;
password_maximum_length = config.value("pass_max_length", "16").toInt(&password_maximum_length_conversion_success);
if (!password_minimum_length_conversion_success)
password_maximum_length = 16;
password_require_mixed_case = config.value("pass_require_mix_case", "true").toBool();
password_require_numbers = config.value("pass_require_numbers", "true").toBool();
password_require_special_characters = config.value("pass_require_special", "true").toBool();
password_can_contain_username = config.value("pass_contain_username", "false").toBool();
}
config.endGroup();
} }
void Server::allowMessage() void Server::allowMessage()