zdm/envoy
zdm/envoy
Archived
3
Fork 0
Code Issues 22 Pull Requests Releases 1 Wiki Activity

Merge pull request 'Token Based Authentication' (#30) from f/token-based-authentication into develop

Browse Source 
Reviewed-on: https://git.kske.dev/zdm/envoy/pulls/30
Reviewed-by: delvh <leon@kske.dev>
This commit is contained in:
Kai S. K. Engelbart 2020-09-19 14:31:01 +02:00
commit 1ccf4354aa
15 changed files with 331 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
client/src/main/java/envoy/client/data/ClientConfig.java
View File

@ -35,8 +35,6 @@ public final class ClientConfig extends Config {
put("server", "s", identity());
put("port", "p", Integer::parseInt);
put("localDB", "db", File::new);
put("user", "u", identity());
put("password", "pw", identity());
}
/**
@ -56,28 +54,4 @@ public final class ClientConfig extends Config {
* @since Envoy Client v0.1-alpha
*/
public File getLocalDB() { return (File) items.get("localDB").get(); }
/**
* @return the user name
* @since Envoy Client v0.3-alpha
*/
public String getUser() {
final String user = (String) items.get("user").get();
return user.equals("") ? null : user;
}
/**
* @return the password
* @since Envoy Client v0.3-alpha
*/
public String getPassword() {
final String password = (String) items.get("password").get();
return password.equals("") ? null : password;
}
/**
* @return {@code true} if user name and password are set
* @since Envoy Client v0.3-alpha
*/
public boolean hasLoginCredentials() { return getUser() != null && getPassword() != null; }
}

44
client/src/main/java/envoy/client/data/LocalDB.java
View File

@ -8,6 +8,10 @@ import envoy.data.*;
import envoy.event.*;
import envoy.util.SerializationUtils;
import dev.kske.eventbus.Event;
import dev.kske.eventbus.EventBus;
import dev.kske.eventbus.EventListener;
/**
* Stores information about the current {@link User} and their {@link Chat}s.
* For message ID generation a {@link IDGenerator} is stored as well.
@ -21,7 +25,7 @@ import envoy.util.SerializationUtils;
* @author Kai S. K. Engelbart
* @since Envoy Client v0.3-alpha
*/
public final class LocalDB {
public final class LocalDB implements EventListener {
private User user;
private Map<String, User> users = new HashMap<>();
@ -29,7 +33,8 @@ public final class LocalDB {
private IDGenerator idGenerator;
private CacheMap cacheMap = new CacheMap();
private Instant lastSync = Instant.EPOCH;
private File dbDir, userFile, idGeneratorFile, usersFile;
private String authToken;
private File dbDir, userFile, idGeneratorFile, lastLoginFile, usersFile;
/**
* Constructs an empty local database. To serialize any user-specific data to
@ -42,6 +47,7 @@ public final class LocalDB {
*/
public LocalDB(File dbDir) throws IOException {
this.dbDir = dbDir;
EventBus.getInstance().registerListener(this);
// Test if the database directory is actually a directory
if (dbDir.exists() && !dbDir.isDirectory())
@ -49,6 +55,7 @@ public final class LocalDB {
// Initialize global files
idGeneratorFile = new File(dbDir, "id_gen.db");
lastLoginFile = new File(dbDir, "last_login.db");
usersFile = new File(dbDir, "users.db");
// Initialize offline caches
@ -76,12 +83,16 @@ public final class LocalDB {
* @since Envoy Client v0.3-alpha
*/
public void save(boolean isOnline) throws IOException {
// Save users
SerializationUtils.write(usersFile, users);
// Save user data and last sync time stamp
if (user != null) SerializationUtils.write(userFile, chats, cacheMap, isOnline ? Instant.now() : lastSync);
// Save last login information
if (authToken != null) SerializationUtils.write(lastLoginFile, user, authToken);
// Save id generator
if (hasIDGenerator()) SerializationUtils.write(idGeneratorFile, idGenerator);
}
@ -120,10 +131,24 @@ public final class LocalDB {
idGenerator = SerializationUtils.read(idGeneratorFile, IDGenerator.class);
} catch (ClassNotFoundException | IOException e) {}
}
/**
* Loads the last login information. Any exception thrown during this process is
* ignored.
*
* @since Envoy Client v0.2-beta
*/
public void loadLastLogin() {
try (var in = new ObjectInputStream(new FileInputStream(lastLoginFile))) {
user = (User) in.readObject();
authToken = (String) in.readObject();
} catch (ClassNotFoundException | IOException e) {}
}
/**
* Synchronizes the contact list of the client user with the chat and user
* storage.
*
*
* @since Envoy Client v0.1-beta
*/
public void synchronize() {
@ -143,6 +168,11 @@ public final class LocalDB {
.forEach(chats::add);
}
@Event
private void onNewAuthToken(NewAuthToken evt) {
authToken = evt.get();
}
/**
* @return a {@code Map<String, User>} of all users stored locally with their
* user names as keys
@ -204,6 +234,12 @@ public final class LocalDB {
*/
public Instant getLastSync() { return lastSync; }
/**
* @return the authentication token of the user
* @since Envoy Client v0.2-beta
*/
public String getAuthToken() { return authToken; }
/**
* Searches for a message by ID.
*
@ -217,7 +253,7 @@ public final class LocalDB {
/**
* Searches for a chat by recipient ID.
*
*
* @param recipientID the ID of the chat's recipient
* @return an optional containing the chat
* @since Envoy Client v0.1-beta

7
client/src/main/java/envoy/client/net/Client.java
View File

@ -77,10 +77,12 @@ public final class Client implements EventListener, Closeable {
// Create object receiver
receiver = new Receiver(socket.getInputStream());
// Register user creation processor, contact list processor and message cache
// Register user creation processor, contact list processor, message cache and
// authentication token
receiver.registerProcessor(User.class, sender -> this.sender = sender);
receiver.registerProcessors(cacheMap.getMap());
receiver.registerProcessor(HandshakeRejection.class, evt -> { rejected = true; eventBus.dispatch(evt); });
receiver.registerProcessor(NewAuthToken.class, eventBus::dispatch);
rejected = false;
@ -173,8 +175,7 @@ public final class Client implements EventListener, Closeable {
receiver.registerProcessor(ProfilePicChange.class, eventBus::dispatch);
// Process requests to not send any more attachments as they will not be shown
// to
// other users
// to other users
receiver.registerProcessor(NoAttachments.class, eventBus::dispatch);
// Process group creation results - they might have been disabled on the server

33
client/src/main/java/envoy/client/ui/Startup.java
View File

@ -77,27 +77,40 @@ public final class Startup extends Application {
// Prepare handshake
localDB.loadIDGenerator();
localDB.loadLastLogin();
context.setLocalDB(localDB);
// Configure stage
stage.setTitle("Envoy");
stage.getIcons().add(IconUtil.loadIcon("envoy_logo"));
// Create scene context
final var sceneContext = new SceneContext(stage);
context.setSceneContext(sceneContext);
// Perform automatic login if configured
if (config.hasLoginCredentials())
performHandshake(new LoginCredentials(config.getUser(), config.getPassword(), false, Startup.VERSION, loadLastSync(config.getUser())));
else sceneContext.load(SceneInfo.LOGIN_SCENE);
// Authenticate with token if present
if (localDB.getAuthToken() != null) {
logger.info("Attempting authentication with token...");
localDB.initializeUserStorage();
localDB.loadUserData();
if (!performHandshake(
LoginCredentials.loginWithToken(localDB.getUser().getName(), localDB.getAuthToken(), VERSION, localDB.getLastSync())))
sceneContext.load(SceneInfo.LOGIN_SCENE);
} else {
// Load login scene
sceneContext.load(SceneInfo.LOGIN_SCENE);
}
}
/**
* Tries to perform a Handshake with the server.
*
* @param credentials the credentials to use for the handshake
* @return whether the handshake was successful or offline mode could be entered
* @since Envoy Client v0.2-beta
*/
public static void performHandshake(LoginCredentials credentials) {
public static boolean performHandshake(LoginCredentials credentials) {
final var cacheMap = new CacheMap();
cacheMap.put(Message.class, new Cache<Message>());
cacheMap.put(GroupMessage.class, new Cache<GroupMessage>());
@ -109,10 +122,13 @@ public final class Startup extends Application {
if (client.isOnline()) {
loadChatScene();
client.initReceiver(localDB, cacheMap);
return true;
} else {
return false;
}
} catch (IOException | InterruptedException | TimeoutException e) {
logger.log(Level.INFO, "Could not connect to server. Entering offline mode...");
attemptOfflineMode(credentials.getIdentifier());
return attemptOfflineMode(credentials.getIdentifier());
}
}
@ -121,9 +137,10 @@ public final class Startup extends Application {
* for a given user.
*
* @param identifier the identifier of the user - currently his username
* @return whether the offline mode could be entered
* @since Envoy Client v0.2-beta
*/
public static void attemptOfflineMode(String identifier) {
public static boolean attemptOfflineMode(String identifier) {
try {
// Try entering offline mode
localDB.loadUsers();
@ -131,10 +148,12 @@ public final class Startup extends Application {
if (clientUser == null) throw new EnvoyException("Could not enter offline mode: user name unknown");
client.setSender(clientUser);
loadChatScene();
return true;
} catch (final Exception e) {
new Alert(AlertType.ERROR, "Client error: " + e).showAndWait();
logger.log(Level.SEVERE, "Offline mode could not be loaded: ", e);
System.exit(1);
return false;
}
}

23
client/src/main/java/envoy/client/ui/controller/LoginScene.java
View File

@ -1,5 +1,6 @@
package envoy.client.ui.controller;
import java.time.Instant;
import java.util.logging.*;
import javafx.fxml.FXML;
@ -45,6 +46,9 @@ public final class LoginScene implements EventListener {
@FXML
private Button loginButton;
@FXML
private CheckBox cbStaySignedIn;
@FXML
private Button offlineModeButton;
@ -54,10 +58,10 @@ public final class LoginScene implements EventListener {
@FXML
private ImageView logo;
private boolean registration = false;
private boolean registration;
private static final Logger logger = EnvoyLog.getLogger(LoginScene.class);
private static final ClientConfig config = ClientConfig.getInstance();
private static final Logger logger = EnvoyLog.getLogger(LoginScene.class);
private static final ClientConfig config = ClientConfig.getInstance();
@FXML
private void initialize() {
@ -74,16 +78,21 @@ public final class LoginScene implements EventListener {
@FXML
private void loginButtonPressed() {
final String user = userTextField.getText(), pass = passwordField.getText(), repeatPass = repeatPasswordField.getText();
final boolean requestToken = cbStaySignedIn.isSelected();
// Prevent registration with unequal passwords
if (registration && !passwordField.getText().equals(repeatPasswordField.getText())) {
if (registration && !pass.equals(repeatPass)) {
new Alert(AlertType.ERROR, "The entered password is unequal to the repeated one").showAndWait();
repeatPasswordField.clear();
} else if (!Bounds.isValidContactName(userTextField.getText())) {
} else if (!Bounds.isValidContactName(user)) {
new Alert(AlertType.ERROR, "The entered user name is not valid (" + Bounds.CONTACT_NAME_PATTERN + ")").showAndWait();
userTextField.clear();
} else Startup.performHandshake(new LoginCredentials(userTextField.getText(), passwordField.getText(), registration, Startup.VERSION,
Startup.loadLastSync(userTextField.getText())));
} else {
Instant lastSync = Startup.loadLastSync(userTextField.getText());
Startup.performHandshake(registration ? LoginCredentials.registration(user, pass, requestToken, Startup.VERSION, lastSync)
: LoginCredentials.login(user, pass, requestToken, Startup.VERSION, lastSync));
}
}
@FXML

1
client/src/main/java/module-info.java
View File

@ -23,4 +23,5 @@ module envoy.client {
opens envoy.client.ui.custom to javafx.graphics, javafx.fxml;
opens envoy.client.ui.settings to envoy.client.util;
opens envoy.client.net to dev.kske.eventbus;
opens envoy.client.data to dev.kske.eventbus;
}

10
client/src/main/resources/fxml/LoginScene.fxml
View File

@ -2,6 +2,7 @@
<?import javafx.geometry.Insets?>
<?import javafx.scene.control.Button?>
<?import javafx.scene.control.CheckBox?>
<?import javafx.scene.control.Label?>
<?import javafx.scene.control.PasswordField?>
<?import javafx.scene.control.TextField?>
@ -32,9 +33,7 @@
<Insets bottom="5.0" left="5.0" right="5.0" top="5.0" />
</padding>
</Label>
<Label alignment="TOP_CENTER" contentDisplay="CENTER"
prefHeight="33.0" prefWidth="110.0" text="LOGIN"
textAlignment="CENTER">
<Label alignment="TOP_CENTER" contentDisplay="CENTER" prefHeight="33.0" prefWidth="110.0" text="LOGIN" textAlignment="CENTER">
<font>
<Font size="26.0" />
</font>
@ -92,6 +91,11 @@
<Insets bottom="2.0" left="125.0" right="125.0" top="2.0" />
</padding>
</Button>
<CheckBox fx:id="cbStaySignedIn" mnemonicParsing="false" text="Keep me signed in">
<VBox.margin>
<Insets bottom="10.0" top="10.0" />
</VBox.margin>
</CheckBox>
<HBox alignment="CENTER" prefHeight="30.0" prefWidth="200.0">
<children>
<Label fx:id="registerTextLabel" text="No account yet?" />

86
common/src/main/java/envoy/data/LoginCredentials.java
View File

@ -7,6 +7,9 @@ import java.time.Instant;
* Contains a {@link User}'s login / registration information as well as the
* client version.
* <p>
* If the authentication is performed with a token, the token is stored instead
* of the password.
* <p>
* Project: <strong>envoy-common</strong><br>
* File: <strong>LoginCredentials.java</strong><br>
* Created: <strong>29.12.2019</strong><br>
@ -17,35 +20,73 @@ import java.time.Instant;
public final class LoginCredentials implements Serializable {
private final String identifier, password, clientVersion;
private final boolean registration;
private final boolean registration, token, requestToken;
private final Instant lastSync;
private static final long serialVersionUID = 3;
private static final long serialVersionUID = 4;
/**
* Initializes login credentials for a handshake.
*
* @param identifier the identifier of the user
* @param password the password of the user
* @param registration signifies that these credentials are used for user
* registration instead of user login
* @param clientVersion the version of the client sending these credentials
* @param lastSync the time stamp of the last synchronization
* @since Envoy Common v0.2-beta
*/
public LoginCredentials(String identifier, String password, boolean registration, String clientVersion, Instant lastSync) {
private LoginCredentials(String identifier, String password, boolean registration, boolean token, boolean requestToken, String clientVersion,
Instant lastSync) {
this.identifier = identifier;
this.password = password;
this.registration = registration;
this.token = token;
this.requestToken = requestToken;
this.clientVersion = clientVersion;
this.lastSync = lastSync;
}
/**
* Creates login credentials for a regular login.
*
* @param identifier the identifier of the user
* @param password the password of the user
* @param requestToken requests the server to generate an authentication token
* @param clientVersion the version of the client sending these credentials
* @param lastSync the timestamp of the last synchronization
* @return the created login credentials
* @since Envoy Common v0.2-beta
*/
public static LoginCredentials login(String identifier, String password, boolean requestToken, String clientVersion, Instant lastSync) {
return new LoginCredentials(identifier, password, false, false, requestToken, clientVersion, lastSync);
}
/**
* Creates login credentials for a login with an authentication token.
*
* @param identifier the identifier of the user
* @param token the authentication token of the user
* @param clientVersion the version of the client sending these credentials
* @param lastSync the timestamp of the last synchronization
* @return the created login credentials
* @since Envoy Common v0.2-beta
*/
public static LoginCredentials loginWithToken(String identifier, String token, String clientVersion, Instant lastSync) {
return new LoginCredentials(identifier, token, false, true, false, clientVersion, lastSync);
}
/**
* Creates login credentials for a registration.
*
* @param identifier the identifier of the user
* @param password the password of the user
* @param requestToken requests the server to generate an authentication token
* @param clientVersion the version of the client sending these credentials
* @param lastSync the timestamp of the last synchronization
* @return the created login credentials
* @since Envoy Common v0.2-beta
*/
public static LoginCredentials registration(String identifier, String password, boolean requestToken, String clientVersion, Instant lastSync) {
return new LoginCredentials(identifier, password, true, false, requestToken, clientVersion, lastSync);
}
@Override
public String toString() {
return String.format("LoginCredentials[identifier=%s,registration=%b,clientVersion=%s,lastSync=%s]",
return String.format("LoginCredentials[identifier=%s,registration=%b,token=%b,requestToken=%b,clientVersion=%s,lastSync=%s]",
identifier,
registration,
token,
requestToken,
clientVersion,
lastSync);
}
@ -69,6 +110,19 @@ public final class LoginCredentials implements Serializable {
*/
public boolean isRegistration() { return registration; }
/**
* @return {@code true} if these credentials use an authentication token instead
* of a password
* @since Envoy Common v0.2-beta
*/
public boolean usesToken() { return token; }
/**
* @return {@code true} if the server should generate a new authentication token
* @since Envoy Common v0.2-beta
*/
public boolean requestToken() { return requestToken; }
/**
* @return the version of the client sending these credentials
* @since Envoy Common v0.1-beta
@ -76,7 +130,7 @@ public final class LoginCredentials implements Serializable {
public String getClientVersion() { return clientVersion; }
/**
* @return the time stamp of the last synchronization
* @return the timestamp of the last synchronization
* @since Envoy Common v0.2-beta
*/
public Instant getLastSync() { return lastSync; }

15
common/src/main/java/envoy/event/HandshakeRejection.java
View File

@ -15,14 +15,14 @@ public final class HandshakeRejection extends Event<String> {
/**
* Select this value if a given password hash or user name was incorrect.
*
*
* @since Envoy Common v0.3-alpha
*/
public static final String WRONG_PASSWORD_OR_USER = "Incorrect user name or password.";
/**
* Select this value if a given user name for a registration is already taken.
*
*
* @since Envoy Common v0.1-beta
*/
public static final String USERNAME_TAKEN = "Incorrect user name or password.";
@ -30,15 +30,22 @@ public final class HandshakeRejection extends Event<String> {
/**
* Select this value if the version of the client is incompatible with the
* server.
*
*
* @since Envoy Common v0.1-beta
*/
public static final String WRONG_VERSION = "Incompatible client version";
/**
* Select this value if the client provided an invalid authentication token.
*
* @since Envoy Common v0.2-beta
*/
public static final String INVALID_TOKEN = "Invalid authentication token";
/**
* Select this value if the handshake could not be completed for some different
* reason.
*
*
* @since Envoy Common v0.3-alpha
*/
public static final String INTERNAL_ERROR = "An internal error occured.";

29
common/src/main/java/envoy/event/NewAuthToken.java Normal file
View File

@ -0,0 +1,29 @@
package envoy.event;
/**
* This event can be used to transmit a new authentication token to a client.
* <p>
* Project: <strong>envoy-common</strong><br>
* File: <strong>NewAuthToken.java</strong><br>
* Created: <strong>19.09.2020</strong><br>
*
* @author Kai S. K. Engelbart
* @since Envoy Common v0.2-beta
*/
public class NewAuthToken extends Event<String> {
private static final long serialVersionUID = 0L;
/**
* Constructs a new authentication token event.
*
* @param token the token to transmit
* @since Envoy Common v0.2-beta
*/
public NewAuthToken(String token) {
super(token);
}
@Override
public String toString() { return "NewAuthToken"; }
}

8
server/src/main/java/envoy/server/data/ServerConfig.java
View File

@ -35,6 +35,8 @@ public final class ServerConfig extends Config {
put("enableIssueReporting", "e-ir", Boolean::parseBoolean);
put("enableGroups", "e-g", Boolean::parseBoolean);
put("enableAttachments", "e-a", Boolean::parseBoolean);
// user authentication
put("authTokenExpiration", "tok-exp", Integer::parseInt);
}
/**
@ -93,4 +95,10 @@ public final class ServerConfig extends Config {
* @since Envoy Server v0.2-beta
*/
public String getIssueAuthToken() { return (String) items.get("issueAuthToken").get(); }
/**
* @return the amount of days after which user authentication tokens expire
* @since Envoy Server v0.2-beta
*/
public Integer getAuthTokenExpiration() { return (Integer) items.get("authTokenExpiration").get(); }
}

37
server/src/main/java/envoy/server/data/User.java
View File

@ -40,7 +40,7 @@ public final class User extends Contact {
/**
* Named query retrieving a user by name (parameter {@code :name}).
*
*
* @since Envoy Server Standalone v0.1-beta
*/
public static final String findByName = "User.findByName";
@ -48,7 +48,7 @@ public final class User extends Contact {
/**
* Named query retrieving the contacts of a given user (parameter
* {@code :user}).
*
*
* @since Envoy Server Standalone v0.1-beta
*/
public static final String findContacts = "User.findContacts";
@ -57,7 +57,7 @@ public final class User extends Contact {
* Named query searching for users with a name like a search phrase (parameter
* {@code :searchPhrase}) that are not in the contact list of a given user
* (parameter {@code :context}).
*
*
* @since Envoy Server Standalone v0.1-beta
*/
public static final String searchByName = "User.searchByName";
@ -65,6 +65,12 @@ public final class User extends Contact {
@Column(name = "password_hash")
private String passwordHash;
@Column(name = "auth_token")
private String authToken;
@Column(name = "auth_token_expiration")
private Instant authTokenExpiration;
@Column(name = "last_seen")
private Instant lastSeen;
@ -90,6 +96,31 @@ public final class User extends Contact {
*/
public void setPasswordHash(String passwordHash) { this.passwordHash = passwordHash; }
/**
* @return the authentication token
* @since Envoy Server v0.2-beta
*/
public String getAuthToken() { return authToken; }
/**
* @param authToken the authentication token to set
* @since Envoy Server v0.2-beta
*/
public void setAuthToken(String authToken) { this.authToken = authToken; }
/**
* @return the time at which the authentication token expires
* @since Envoy Server v0.2-beta
*/
public Instant getAuthTokenExpiration() { return authTokenExpiration; }
/**
* @param authTokenExpiration the authentication token expiration timestamp to
* set
* @since Envoy Server v0.2-beta
*/
public void setAuthTokenExpiration(Instant authTokenExpiration) { this.authTokenExpiration = authTokenExpiration; }
/**
* @return the last date the user has been online
* @since Envoy Server Standalone v0.2-beta

71
server/src/main/java/envoy/server/processors/LoginCredentialProcessor.java
View File

@ -5,26 +5,18 @@ import static envoy.data.User.UserStatus.ONLINE;
import static envoy.event.HandshakeRejection.*;
import java.time.Instant;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.time.temporal.ChronoUnit;
import java.util.*;
import java.util.logging.Logger;
import javax.persistence.NoResultException;
import envoy.data.LoginCredentials;
import envoy.event.GroupMessageStatusChange;
import envoy.event.HandshakeRejection;
import envoy.event.MessageStatusChange;
import envoy.server.data.GroupMessage;
import envoy.server.data.PersistenceManager;
import envoy.server.data.User;
import envoy.server.net.ConnectionManager;
import envoy.server.net.ObjectWriteProxy;
import envoy.server.util.PasswordUtil;
import envoy.server.util.VersionUtil;
import envoy.util.Bounds;
import envoy.util.EnvoyLog;
import envoy.event.*;
import envoy.server.data.*;
import envoy.server.net.*;
import envoy.server.util.*;
import envoy.util.*;
/**
* This {@link ObjectProcessor} handles {@link LoginCredentials}.<br>
@ -62,17 +54,31 @@ public final class LoginCredentialProcessor implements ObjectProcessor<LoginCred
try {
user = persistenceManager.getUserByName(credentials.getIdentifier());
// Checking if user is already online
// Check if the user is already online
if (connectionManager.isOnline(user.getID())) {
logger.warning(user + " is already online!");
writeProxy.write(socketID, new HandshakeRejection(INTERNAL_ERROR));
return;
}
// Evaluating the correctness of the password hash
if (!PasswordUtil.validate(credentials.getPassword(), user.getPasswordHash())) {
logger.info(user + " has entered the wrong password.");
writeProxy.write(socketID, new HandshakeRejection(WRONG_PASSWORD_OR_USER));
return;
// Authenticate with password or token
if (credentials.usesToken()) {
// Check the token
if (user.getAuthToken() == null || user.getAuthTokenExpiration().isBefore(Instant.now())
|| !user.getAuthToken().equals(credentials.getPassword())) {
logger.info(user + " tried to use an invalid token.");
writeProxy.write(socketID, new HandshakeRejection(INVALID_TOKEN));
return;
}
} else {
// Check the password hash
if (!PasswordUtil.validate(credentials.getPassword(), user.getPasswordHash())) {
logger.info(user + " has entered the wrong password.");
writeProxy.write(socketID, new HandshakeRejection(WRONG_PASSWORD_OR_USER));
return;
}
}
} catch (NoResultException e) {
logger.info("The requested user does not exist.");
@ -80,6 +86,7 @@ public final class LoginCredentialProcessor implements ObjectProcessor<LoginCred
return;
}
} else {
// Validate user name
if (!Bounds.isValidContactName(credentials.getIdentifier())) {
logger.info("The requested user name is not valid.");
@ -87,7 +94,8 @@ public final class LoginCredentialProcessor implements ObjectProcessor<LoginCred
return;
}
try {
// Checking that no user already has this identifier
// Check if the name is taken
PersistenceManager.getInstance().getUserByName(credentials.getIdentifier());
// This code only gets executed if this user already exists
@ -114,6 +122,25 @@ public final class LoginCredentialProcessor implements ObjectProcessor<LoginCred
user.setStatus(ONLINE);
UserStatusChangeProcessor.updateUserStatus(user);
// Process token request
if (credentials.requestToken()) {
String token;
if (user.getAuthToken() != null && user.getAuthTokenExpiration().isAfter(Instant.now())) {
// Reuse existing token and delay expiration date
token = user.getAuthToken();
} else {
// Generate new token
token = AuthTokenGenerator.nextToken();
user.setAuthToken(token);
}
user.setAuthTokenExpiration(Instant.now().plus(ServerConfig.getInstance().getAuthTokenExpiration().longValue(), ChronoUnit.DAYS));
persistenceManager.updateContact(user);
writeProxy.write(socketID, new NewAuthToken(token));
}
final var pendingMessages = PersistenceManager.getInstance().getPendingMessages(user, credentials.getLastSync());
pendingMessages.removeIf(GroupMessage.class::isInstance);
logger.fine("Sending " + pendingMessages.size() + " pending messages to " + user + "...");

35
server/src/main/java/envoy/server/util/AuthTokenGenerator.java Normal file
View File

@ -0,0 +1,35 @@
package envoy.server.util;
import java.security.SecureRandom;
/**
* Provides a secure token generation algorithm.
* <p>
* Project: <strong>envoy-server</strong><br>
* File: <strong>AuthTokenGenerator.java</strong><br>
* Created: <strong>19.09.2020</strong><br>
*
* @author Kai S. K. Engelbart
* @since Envoy Server v0.2-beta
*/
public final class AuthTokenGenerator {
private static final int TOKEN_LENGTH = 128;
private static final char[] CHARACTERS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789".toCharArray();
private static final char[] BUFF = new char[TOKEN_LENGTH];
private static final SecureRandom RANDOM = new SecureRandom();
private AuthTokenGenerator() {}
/**
* Generates a random authentication token.
*
* @return a random authentication token
* @since Envoy Server v0.2-beta
*/
public static String nextToken() {
for (int i = 0; i < BUFF.length; ++i)
BUFF[i] = CHARACTERS[RANDOM.nextInt(CHARACTERS.length)];
return new String(BUFF);
}
}

1
server/src/main/resources/server.properties
View File

@ -10,3 +10,4 @@ featureLabel=119
issueAuthToken=
consoleLevelBarrier=FINEST
fileLevelBarrier=WARNING
authTokenExpiration=90