Token Based Authentication #30
@ -35,8 +35,6 @@ public final class ClientConfig extends Config {
|
||||
put("server", "s", identity());
|
||||
put("port", "p", Integer::parseInt);
|
||||
put("localDB", "db", File::new);
|
||||
put("user", "u", identity());
|
||||
put("password", "pw", identity());
|
||||
}
|
||||
|
||||
/**
|
||||
@ -56,28 +54,4 @@ public final class ClientConfig extends Config {
|
||||
* @since Envoy Client v0.1-alpha
|
||||
*/
|
||||
public File getLocalDB() { return (File) items.get("localDB").get(); }
|
||||
|
||||
/**
|
||||
* @return the user name
|
||||
* @since Envoy Client v0.3-alpha
|
||||
*/
|
||||
public String getUser() {
|
||||
final String user = (String) items.get("user").get();
|
||||
return user.equals("") ? null : user;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the password
|
||||
* @since Envoy Client v0.3-alpha
|
||||
*/
|
||||
public String getPassword() {
|
||||
final String password = (String) items.get("password").get();
|
||||
return password.equals("") ? null : password;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return {@code true} if user name and password are set
|
||||
* @since Envoy Client v0.3-alpha
|
||||
*/
|
||||
public boolean hasLoginCredentials() { return getUser() != null && getPassword() != null; }
|
||||
}
|
||||
|
@ -8,6 +8,10 @@ import envoy.data.*;
|
||||
import envoy.event.*;
|
||||
import envoy.util.SerializationUtils;
|
||||
|
||||
import dev.kske.eventbus.Event;
|
||||
import dev.kske.eventbus.EventBus;
|
||||
import dev.kske.eventbus.EventListener;
|
||||
|
||||
/**
|
||||
* Stores information about the current {@link User} and their {@link Chat}s.
|
||||
* For message ID generation a {@link IDGenerator} is stored as well.
|
||||
@ -21,7 +25,7 @@ import envoy.util.SerializationUtils;
|
||||
* @author Kai S. K. Engelbart
|
||||
* @since Envoy Client v0.3-alpha
|
||||
*/
|
||||
public final class LocalDB {
|
||||
public final class LocalDB implements EventListener {
|
||||
|
||||
private User user;
|
||||
private Map<String, User> users = new HashMap<>();
|
||||
@ -29,7 +33,8 @@ public final class LocalDB {
|
||||
private IDGenerator idGenerator;
|
||||
private CacheMap cacheMap = new CacheMap();
|
||||
private Instant lastSync = Instant.EPOCH;
|
||||
private File dbDir, userFile, idGeneratorFile, usersFile;
|
||||
private String authToken;
|
||||
private File dbDir, userFile, idGeneratorFile, lastLoginFile, usersFile;
|
||||
|
||||
/**
|
||||
* Constructs an empty local database. To serialize any user-specific data to
|
||||
@ -42,6 +47,7 @@ public final class LocalDB {
|
||||
*/
|
||||
public LocalDB(File dbDir) throws IOException {
|
||||
this.dbDir = dbDir;
|
||||
EventBus.getInstance().registerListener(this);
|
||||
|
||||
// Test if the database directory is actually a directory
|
||||
if (dbDir.exists() && !dbDir.isDirectory())
|
||||
@ -49,6 +55,7 @@ public final class LocalDB {
|
||||
|
||||
// Initialize global files
|
||||
idGeneratorFile = new File(dbDir, "id_gen.db");
|
||||
lastLoginFile = new File(dbDir, "last_login.db");
|
||||
usersFile = new File(dbDir, "users.db");
|
||||
|
||||
// Initialize offline caches
|
||||
@ -76,12 +83,16 @@ public final class LocalDB {
|
||||
* @since Envoy Client v0.3-alpha
|
||||
*/
|
||||
public void save(boolean isOnline) throws IOException {
|
||||
|
||||
// Save users
|
||||
SerializationUtils.write(usersFile, users);
|
||||
|
||||
// Save user data and last sync time stamp
|
||||
if (user != null) SerializationUtils.write(userFile, chats, cacheMap, isOnline ? Instant.now() : lastSync);
|
||||
|
||||
// Save last login information
|
||||
if (authToken != null) SerializationUtils.write(lastLoginFile, user, authToken);
|
||||
|
||||
// Save id generator
|
||||
if (hasIDGenerator()) SerializationUtils.write(idGeneratorFile, idGenerator);
|
||||
}
|
||||
@ -120,6 +131,20 @@ public final class LocalDB {
|
||||
idGenerator = SerializationUtils.read(idGeneratorFile, IDGenerator.class);
|
||||
} catch (ClassNotFoundException | IOException e) {}
|
||||
}
|
||||
|
||||
/**
|
||||
* Loads the last login information. Any exception thrown during this process is
|
||||
* ignored.
|
||||
*
|
||||
* @since Envoy Client v0.2-beta
|
||||
*/
|
||||
public void loadLastLogin() {
|
||||
try (var in = new ObjectInputStream(new FileInputStream(lastLoginFile))) {
|
||||
user = (User) in.readObject();
|
||||
authToken = (String) in.readObject();
|
||||
} catch (ClassNotFoundException | IOException e) {}
|
||||
}
|
||||
|
||||
/**
|
||||
* Synchronizes the contact list of the client user with the chat and user
|
||||
* storage.
|
||||
@ -143,6 +168,11 @@ public final class LocalDB {
|
||||
.forEach(chats::add);
|
||||
}
|
||||
|
||||
@Event
|
||||
private void onNewAuthToken(NewAuthToken evt) {
|
||||
authToken = evt.get();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return a {@code Map<String, User>} of all users stored locally with their
|
||||
* user names as keys
|
||||
@ -204,6 +234,12 @@ public final class LocalDB {
|
||||
*/
|
||||
public Instant getLastSync() { return lastSync; }
|
||||
|
||||
/**
|
||||
* @return the authentication token of the user
|
||||
* @since Envoy Client v0.2-beta
|
||||
*/
|
||||
public String getAuthToken() { return authToken; }
|
||||
|
||||
/**
|
||||
* Searches for a message by ID.
|
||||
*
|
||||
|
@ -77,10 +77,12 @@ public final class Client implements EventListener, Closeable {
|
||||
// Create object receiver
|
||||
receiver = new Receiver(socket.getInputStream());
|
||||
|
||||
// Register user creation processor, contact list processor and message cache
|
||||
// Register user creation processor, contact list processor, message cache and
|
||||
// authentication token
|
||||
receiver.registerProcessor(User.class, sender -> this.sender = sender);
|
||||
receiver.registerProcessors(cacheMap.getMap());
|
||||
receiver.registerProcessor(HandshakeRejection.class, evt -> { rejected = true; eventBus.dispatch(evt); });
|
||||
receiver.registerProcessor(NewAuthToken.class, eventBus::dispatch);
|
||||
|
||||
rejected = false;
|
||||
|
||||
@ -173,8 +175,7 @@ public final class Client implements EventListener, Closeable {
|
||||
receiver.registerProcessor(ProfilePicChange.class, eventBus::dispatch);
|
||||
|
||||
// Process requests to not send any more attachments as they will not be shown
|
||||
// to
|
||||
// other users
|
||||
// to other users
|
||||
receiver.registerProcessor(NoAttachments.class, eventBus::dispatch);
|
||||
|
||||
// Process group creation results - they might have been disabled on the server
|
||||
|
@ -77,27 +77,40 @@ public final class Startup extends Application {
|
||||
|
||||
// Prepare handshake
|
||||
localDB.loadIDGenerator();
|
||||
localDB.loadLastLogin();
|
||||
context.setLocalDB(localDB);
|
||||
|
||||
// Configure stage
|
||||
stage.setTitle("Envoy");
|
||||
stage.getIcons().add(IconUtil.loadIcon("envoy_logo"));
|
||||
|
||||
// Create scene context
|
||||
final var sceneContext = new SceneContext(stage);
|
||||
context.setSceneContext(sceneContext);
|
||||
|
||||
// Perform automatic login if configured
|
||||
if (config.hasLoginCredentials())
|
||||
performHandshake(new LoginCredentials(config.getUser(), config.getPassword(), false, Startup.VERSION, loadLastSync(config.getUser())));
|
||||
else sceneContext.load(SceneInfo.LOGIN_SCENE);
|
||||
// Authenticate with token if present
|
||||
if (localDB.getAuthToken() != null) {
|
||||
logger.info("Attempting authentication with token...");
|
||||
localDB.initializeUserStorage();
|
||||
localDB.loadUserData();
|
||||
if (!performHandshake(
|
||||
LoginCredentials.loginWithToken(localDB.getUser().getName(), localDB.getAuthToken(), VERSION, localDB.getLastSync())))
|
||||
sceneContext.load(SceneInfo.LOGIN_SCENE);
|
||||
} else {
|
||||
|
||||
// Load login scene
|
||||
sceneContext.load(SceneInfo.LOGIN_SCENE);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Tries to perform a Handshake with the server.
|
||||
*
|
||||
* @param credentials the credentials to use for the handshake
|
||||
* @return whether the handshake was successful or offline mode could be entered
|
||||
* @since Envoy Client v0.2-beta
|
||||
*/
|
||||
public static void performHandshake(LoginCredentials credentials) {
|
||||
public static boolean performHandshake(LoginCredentials credentials) {
|
||||
final var cacheMap = new CacheMap();
|
||||
cacheMap.put(Message.class, new Cache<Message>());
|
||||
cacheMap.put(GroupMessage.class, new Cache<GroupMessage>());
|
||||
@ -109,10 +122,13 @@ public final class Startup extends Application {
|
||||
if (client.isOnline()) {
|
||||
loadChatScene();
|
||||
client.initReceiver(localDB, cacheMap);
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
} catch (IOException | InterruptedException | TimeoutException e) {
|
||||
logger.log(Level.INFO, "Could not connect to server. Entering offline mode...");
|
||||
attemptOfflineMode(credentials.getIdentifier());
|
||||
return attemptOfflineMode(credentials.getIdentifier());
|
||||
}
|
||||
}
|
||||
|
||||
@ -121,9 +137,10 @@ public final class Startup extends Application {
|
||||
* for a given user.
|
||||
*
|
||||
* @param identifier the identifier of the user - currently his username
|
||||
* @return whether the offline mode could be entered
|
||||
* @since Envoy Client v0.2-beta
|
||||
*/
|
||||
public static void attemptOfflineMode(String identifier) {
|
||||
public static boolean attemptOfflineMode(String identifier) {
|
||||
try {
|
||||
// Try entering offline mode
|
||||
localDB.loadUsers();
|
||||
@ -131,10 +148,12 @@ public final class Startup extends Application {
|
||||
if (clientUser == null) throw new EnvoyException("Could not enter offline mode: user name unknown");
|
||||
client.setSender(clientUser);
|
||||
loadChatScene();
|
||||
return true;
|
||||
} catch (final Exception e) {
|
||||
new Alert(AlertType.ERROR, "Client error: " + e).showAndWait();
|
||||
logger.log(Level.SEVERE, "Offline mode could not be loaded: ", e);
|
||||
System.exit(1);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,6 @@
|
||||
package envoy.client.ui.controller;
|
||||
|
||||
import java.time.Instant;
|
||||
import java.util.logging.*;
|
||||
|
||||
import javafx.fxml.FXML;
|
||||
@ -45,6 +46,9 @@ public final class LoginScene implements EventListener {
|
||||
@FXML
|
||||
private Button loginButton;
|
||||
|
||||
@FXML
|
||||
private CheckBox cbStaySignedIn;
|
||||
|
||||
@FXML
|
||||
private Button offlineModeButton;
|
||||
|
||||
@ -54,7 +58,7 @@ public final class LoginScene implements EventListener {
|
||||
@FXML
|
||||
private ImageView logo;
|
||||
|
||||
private boolean registration = false;
|
||||
private boolean registration;
|
||||
|
||||
private static final Logger logger = EnvoyLog.getLogger(LoginScene.class);
|
||||
private static final ClientConfig config = ClientConfig.getInstance();
|
||||
@ -74,16 +78,21 @@ public final class LoginScene implements EventListener {
|
||||
|
||||
@FXML
|
||||
private void loginButtonPressed() {
|
||||
final String user = userTextField.getText(), pass = passwordField.getText(), repeatPass = repeatPasswordField.getText();
|
||||
final boolean requestToken = cbStaySignedIn.isSelected();
|
||||
|
||||
// Prevent registration with unequal passwords
|
||||
if (registration && !passwordField.getText().equals(repeatPasswordField.getText())) {
|
||||
if (registration && !pass.equals(repeatPass)) {
|
||||
new Alert(AlertType.ERROR, "The entered password is unequal to the repeated one").showAndWait();
|
||||
repeatPasswordField.clear();
|
||||
} else if (!Bounds.isValidContactName(userTextField.getText())) {
|
||||
} else if (!Bounds.isValidContactName(user)) {
|
||||
new Alert(AlertType.ERROR, "The entered user name is not valid (" + Bounds.CONTACT_NAME_PATTERN + ")").showAndWait();
|
||||
userTextField.clear();
|
||||
} else Startup.performHandshake(new LoginCredentials(userTextField.getText(), passwordField.getText(), registration, Startup.VERSION,
|
||||
Startup.loadLastSync(userTextField.getText())));
|
||||
} else {
|
||||
Instant lastSync = Startup.loadLastSync(userTextField.getText());
|
||||
Startup.performHandshake(registration ? LoginCredentials.registration(user, pass, requestToken, Startup.VERSION, lastSync)
|
||||
: LoginCredentials.login(user, pass, requestToken, Startup.VERSION, lastSync));
|
||||
}
|
||||
}
|
||||
|
||||
@FXML
|
||||
|
@ -23,4 +23,5 @@ module envoy.client {
|
||||
opens envoy.client.ui.custom to javafx.graphics, javafx.fxml;
|
||||
opens envoy.client.ui.settings to envoy.client.util;
|
||||
opens envoy.client.net to dev.kske.eventbus;
|
||||
opens envoy.client.data to dev.kske.eventbus;
|
||||
}
|
||||
|
@ -2,6 +2,7 @@
|
||||
|
||||
<?import javafx.geometry.Insets?>
|
||||
<?import javafx.scene.control.Button?>
|
||||
<?import javafx.scene.control.CheckBox?>
|
||||
<?import javafx.scene.control.Label?>
|
||||
<?import javafx.scene.control.PasswordField?>
|
||||
<?import javafx.scene.control.TextField?>
|
||||
@ -32,9 +33,7 @@
|
||||
<Insets bottom="5.0" left="5.0" right="5.0" top="5.0" />
|
||||
</padding>
|
||||
</Label>
|
||||
<Label alignment="TOP_CENTER" contentDisplay="CENTER"
|
||||
prefHeight="33.0" prefWidth="110.0" text="LOGIN"
|
||||
textAlignment="CENTER">
|
||||
<Label alignment="TOP_CENTER" contentDisplay="CENTER" prefHeight="33.0" prefWidth="110.0" text="LOGIN" textAlignment="CENTER">
|
||||
<font>
|
||||
<Font size="26.0" />
|
||||
</font>
|
||||
@ -92,6 +91,11 @@
|
||||
<Insets bottom="2.0" left="125.0" right="125.0" top="2.0" />
|
||||
</padding>
|
||||
</Button>
|
||||
<CheckBox fx:id="cbStaySignedIn" mnemonicParsing="false" text="Keep me signed in">
|
||||
<VBox.margin>
|
||||
<Insets bottom="10.0" top="10.0" />
|
||||
</VBox.margin>
|
||||
</CheckBox>
|
||||
<HBox alignment="CENTER" prefHeight="30.0" prefWidth="200.0">
|
||||
<children>
|
||||
<Label fx:id="registerTextLabel" text="No account yet?" />
|
||||
|
@ -7,6 +7,9 @@ import java.time.Instant;
|
||||
* Contains a {@link User}'s login / registration information as well as the
|
||||
* client version.
|
||||
* <p>
|
||||
* If the authentication is performed with a token, the token is stored instead
|
||||
* of the password.
|
||||
* <p>
|
||||
* Project: <strong>envoy-common</strong><br>
|
||||
* File: <strong>LoginCredentials.java</strong><br>
|
||||
* Created: <strong>29.12.2019</strong><br>
|
||||
@ -17,35 +20,73 @@ import java.time.Instant;
|
||||
public final class LoginCredentials implements Serializable {
|
||||
|
||||
private final String identifier, password, clientVersion;
|
||||
private final boolean registration;
|
||||
private final boolean registration, token, requestToken;
|
||||
private final Instant lastSync;
|
||||
|
||||
private static final long serialVersionUID = 3;
|
||||
private static final long serialVersionUID = 4;
|
||||
|
||||
/**
|
||||
* Initializes login credentials for a handshake.
|
||||
*
|
||||
* @param identifier the identifier of the user
|
||||
* @param password the password of the user
|
||||
* @param registration signifies that these credentials are used for user
|
||||
* registration instead of user login
|
||||
* @param clientVersion the version of the client sending these credentials
|
||||
* @param lastSync the time stamp of the last synchronization
|
||||
* @since Envoy Common v0.2-beta
|
||||
*/
|
||||
public LoginCredentials(String identifier, String password, boolean registration, String clientVersion, Instant lastSync) {
|
||||
private LoginCredentials(String identifier, String password, boolean registration, boolean token, boolean requestToken, String clientVersion,
|
||||
Instant lastSync) {
|
||||
this.identifier = identifier;
|
||||
this.password = password;
|
||||
this.registration = registration;
|
||||
this.token = token;
|
||||
this.requestToken = requestToken;
|
||||
this.clientVersion = clientVersion;
|
||||
this.lastSync = lastSync;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates login credentials for a regular login.
|
||||
*
|
||||
* @param identifier the identifier of the user
|
||||
* @param password the password of the user
|
||||
* @param requestToken requests the server to generate an authentication token
|
||||
* @param clientVersion the version of the client sending these credentials
|
||||
* @param lastSync the timestamp of the last synchronization
|
||||
* @return the created login credentials
|
||||
* @since Envoy Common v0.2-beta
|
||||
*/
|
||||
public static LoginCredentials login(String identifier, String password, boolean requestToken, String clientVersion, Instant lastSync) {
|
||||
return new LoginCredentials(identifier, password, false, false, requestToken, clientVersion, lastSync);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates login credentials for a login with an authentication token.
|
||||
*
|
||||
* @param identifier the identifier of the user
|
||||
* @param token the authentication token of the user
|
||||
* @param clientVersion the version of the client sending these credentials
|
||||
* @param lastSync the timestamp of the last synchronization
|
||||
* @return the created login credentials
|
||||
* @since Envoy Common v0.2-beta
|
||||
*/
|
||||
public static LoginCredentials loginWithToken(String identifier, String token, String clientVersion, Instant lastSync) {
|
||||
return new LoginCredentials(identifier, token, false, true, false, clientVersion, lastSync);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates login credentials for a registration.
|
||||
*
|
||||
* @param identifier the identifier of the user
|
||||
* @param password the password of the user
|
||||
* @param requestToken requests the server to generate an authentication token
|
||||
* @param clientVersion the version of the client sending these credentials
|
||||
* @param lastSync the timestamp of the last synchronization
|
||||
* @return the created login credentials
|
||||
* @since Envoy Common v0.2-beta
|
||||
*/
|
||||
public static LoginCredentials registration(String identifier, String password, boolean requestToken, String clientVersion, Instant lastSync) {
|
||||
return new LoginCredentials(identifier, password, true, false, requestToken, clientVersion, lastSync);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return String.format("LoginCredentials[identifier=%s,registration=%b,clientVersion=%s,lastSync=%s]",
|
||||
return String.format("LoginCredentials[identifier=%s,registration=%b,token=%b,requestToken=%b,clientVersion=%s,lastSync=%s]",
|
||||
identifier,
|
||||
registration,
|
||||
token,
|
||||
requestToken,
|
||||
clientVersion,
|
||||
lastSync);
|
||||
}
|
||||
@ -69,6 +110,19 @@ public final class LoginCredentials implements Serializable {
|
||||
*/
|
||||
public boolean isRegistration() { return registration; }
|
||||
|
||||
/**
|
||||
* @return {@code true} if these credentials use an authentication token instead
|
||||
* of a password
|
||||
* @since Envoy Common v0.2-beta
|
||||
*/
|
||||
public boolean usesToken() { return token; }
|
||||
|
||||
/**
|
||||
* @return {@code true} if the server should generate a new authentication token
|
||||
* @since Envoy Common v0.2-beta
|
||||
*/
|
||||
public boolean requestToken() { return requestToken; }
|
||||
|
||||
/**
|
||||
* @return the version of the client sending these credentials
|
||||
* @since Envoy Common v0.1-beta
|
||||
@ -76,7 +130,7 @@ public final class LoginCredentials implements Serializable {
|
||||
public String getClientVersion() { return clientVersion; }
|
||||
|
||||
/**
|
||||
* @return the time stamp of the last synchronization
|
||||
* @return the timestamp of the last synchronization
|
||||
* @since Envoy Common v0.2-beta
|
||||
*/
|
||||
public Instant getLastSync() { return lastSync; }
|
||||
|
@ -35,6 +35,13 @@ public final class HandshakeRejection extends Event<String> {
|
||||
*/
|
||||
public static final String WRONG_VERSION = "Incompatible client version";
|
||||
|
||||
/**
|
||||
* Select this value if the client provided an invalid authentication token.
|
||||
*
|
||||
* @since Envoy Common v0.2-beta
|
||||
*/
|
||||
public static final String INVALID_TOKEN = "Invalid authentication token";
|
||||
|
||||
/**
|
||||
* Select this value if the handshake could not be completed for some different
|
||||
* reason.
|
||||
|
29
common/src/main/java/envoy/event/NewAuthToken.java
Normal file
29
common/src/main/java/envoy/event/NewAuthToken.java
Normal file
@ -0,0 +1,29 @@
|
||||
package envoy.event;
|
||||
|
||||
/**
|
||||
* This event can be used to transmit a new authentication token to a client.
|
||||
* <p>
|
||||
* Project: <strong>envoy-common</strong><br>
|
||||
* File: <strong>NewAuthToken.java</strong><br>
|
||||
* Created: <strong>19.09.2020</strong><br>
|
||||
*
|
||||
* @author Kai S. K. Engelbart
|
||||
* @since Envoy Common v0.2-beta
|
||||
*/
|
||||
public class NewAuthToken extends Event<String> {
|
||||
|
||||
private static final long serialVersionUID = 0L;
|
||||
|
||||
/**
|
||||
* Constructs a new authentication token event.
|
||||
*
|
||||
* @param token the token to transmit
|
||||
* @since Envoy Common v0.2-beta
|
||||
*/
|
||||
public NewAuthToken(String token) {
|
||||
super(token);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() { return "NewAuthToken"; }
|
||||
}
|
@ -35,6 +35,8 @@ public final class ServerConfig extends Config {
|
||||
put("enableIssueReporting", "e-ir", Boolean::parseBoolean);
|
||||
put("enableGroups", "e-g", Boolean::parseBoolean);
|
||||
put("enableAttachments", "e-a", Boolean::parseBoolean);
|
||||
// user authentication
|
||||
put("authTokenExpiration", "tok-exp", Integer::parseInt);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -93,4 +95,10 @@ public final class ServerConfig extends Config {
|
||||
* @since Envoy Server v0.2-beta
|
||||
*/
|
||||
public String getIssueAuthToken() { return (String) items.get("issueAuthToken").get(); }
|
||||
|
||||
/**
|
||||
* @return the amount of days after which user authentication tokens expire
|
||||
* @since Envoy Server v0.2-beta
|
||||
*/
|
||||
public Integer getAuthTokenExpiration() { return (Integer) items.get("authTokenExpiration").get(); }
|
||||
}
|
||||
|
@ -65,6 +65,12 @@ public final class User extends Contact {
|
||||
@Column(name = "password_hash")
|
||||
private String passwordHash;
|
||||
|
||||
@Column(name = "auth_token")
|
||||
private String authToken;
|
||||
|
||||
@Column(name = "auth_token_expiration")
|
||||
private Instant authTokenExpiration;
|
||||
|
||||
@Column(name = "last_seen")
|
||||
private Instant lastSeen;
|
||||
|
||||
@ -90,6 +96,31 @@ public final class User extends Contact {
|
||||
*/
|
||||
public void setPasswordHash(String passwordHash) { this.passwordHash = passwordHash; }
|
||||
|
||||
/**
|
||||
* @return the authentication token
|
||||
* @since Envoy Server v0.2-beta
|
||||
*/
|
||||
public String getAuthToken() { return authToken; }
|
||||
|
||||
/**
|
||||
* @param authToken the authentication token to set
|
||||
* @since Envoy Server v0.2-beta
|
||||
*/
|
||||
public void setAuthToken(String authToken) { this.authToken = authToken; }
|
||||
|
||||
/**
|
||||
* @return the time at which the authentication token expires
|
||||
* @since Envoy Server v0.2-beta
|
||||
*/
|
||||
public Instant getAuthTokenExpiration() { return authTokenExpiration; }
|
||||
|
||||
/**
|
||||
* @param authTokenExpiration the authentication token expiration timestamp to
|
||||
* set
|
||||
* @since Envoy Server v0.2-beta
|
||||
*/
|
||||
public void setAuthTokenExpiration(Instant authTokenExpiration) { this.authTokenExpiration = authTokenExpiration; }
|
||||
|
||||
/**
|
||||
* @return the last date the user has been online
|
||||
* @since Envoy Server Standalone v0.2-beta
|
||||
|
@ -5,26 +5,18 @@ import static envoy.data.User.UserStatus.ONLINE;
|
||||
import static envoy.event.HandshakeRejection.*;
|
||||
|
||||
import java.time.Instant;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.time.temporal.ChronoUnit;
|
||||
import java.util.*;
|
||||
import java.util.logging.Logger;
|
||||
|
||||
import javax.persistence.NoResultException;
|
||||
|
||||
import envoy.data.LoginCredentials;
|
||||
import envoy.event.GroupMessageStatusChange;
|
||||
import envoy.event.HandshakeRejection;
|
||||
import envoy.event.MessageStatusChange;
|
||||
import envoy.server.data.GroupMessage;
|
||||
import envoy.server.data.PersistenceManager;
|
||||
import envoy.server.data.User;
|
||||
import envoy.server.net.ConnectionManager;
|
||||
import envoy.server.net.ObjectWriteProxy;
|
||||
import envoy.server.util.PasswordUtil;
|
||||
import envoy.server.util.VersionUtil;
|
||||
import envoy.util.Bounds;
|
||||
import envoy.util.EnvoyLog;
|
||||
import envoy.event.*;
|
||||
import envoy.server.data.*;
|
||||
import envoy.server.net.*;
|
||||
import envoy.server.util.*;
|
||||
import envoy.util.*;
|
||||
|
||||
/**
|
||||
* This {@link ObjectProcessor} handles {@link LoginCredentials}.<br>
|
||||
@ -62,24 +54,39 @@ public final class LoginCredentialProcessor implements ObjectProcessor<LoginCred
|
||||
try {
|
||||
user = persistenceManager.getUserByName(credentials.getIdentifier());
|
||||
|
||||
// Checking if user is already online
|
||||
// Check if the user is already online
|
||||
if (connectionManager.isOnline(user.getID())) {
|
||||
logger.warning(user + " is already online!");
|
||||
writeProxy.write(socketID, new HandshakeRejection(INTERNAL_ERROR));
|
||||
return;
|
||||
}
|
||||
// Evaluating the correctness of the password hash
|
||||
|
||||
// Authenticate with password or token
|
||||
if (credentials.usesToken()) {
|
||||
|
||||
// Check the token
|
||||
if (user.getAuthToken() == null || user.getAuthTokenExpiration().isBefore(Instant.now())
|
||||
|| !user.getAuthToken().equals(credentials.getPassword())) {
|
||||
logger.info(user + " tried to use an invalid token.");
|
||||
writeProxy.write(socketID, new HandshakeRejection(INVALID_TOKEN));
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
|
||||
// Check the password hash
|
||||
if (!PasswordUtil.validate(credentials.getPassword(), user.getPasswordHash())) {
|
||||
logger.info(user + " has entered the wrong password.");
|
||||
writeProxy.write(socketID, new HandshakeRejection(WRONG_PASSWORD_OR_USER));
|
||||
return;
|
||||
}
|
||||
}
|
||||
} catch (NoResultException e) {
|
||||
logger.info("The requested user does not exist.");
|
||||
writeProxy.write(socketID, new HandshakeRejection(WRONG_PASSWORD_OR_USER));
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
|
||||
// Validate user name
|
||||
if (!Bounds.isValidContactName(credentials.getIdentifier())) {
|
||||
logger.info("The requested user name is not valid.");
|
||||
@ -87,7 +94,8 @@ public final class LoginCredentialProcessor implements ObjectProcessor<LoginCred
|
||||
return;
|
||||
}
|
||||
try {
|
||||
// Checking that no user already has this identifier
|
||||
|
||||
// Check if the name is taken
|
||||
PersistenceManager.getInstance().getUserByName(credentials.getIdentifier());
|
||||
|
||||
// This code only gets executed if this user already exists
|
||||
@ -114,6 +122,25 @@ public final class LoginCredentialProcessor implements ObjectProcessor<LoginCred
|
||||
user.setStatus(ONLINE);
|
||||
UserStatusChangeProcessor.updateUserStatus(user);
|
||||
|
||||
// Process token request
|
||||
if (credentials.requestToken()) {
|
||||
String token;
|
||||
|
||||
if (user.getAuthToken() != null && user.getAuthTokenExpiration().isAfter(Instant.now())) {
|
||||
|
||||
// Reuse existing token and delay expiration date
|
||||
token = user.getAuthToken();
|
||||
} else {
|
||||
|
||||
// Generate new token
|
||||
token = AuthTokenGenerator.nextToken();
|
||||
user.setAuthToken(token);
|
||||
}
|
||||
user.setAuthTokenExpiration(Instant.now().plus(ServerConfig.getInstance().getAuthTokenExpiration().longValue(), ChronoUnit.DAYS));
|
||||
persistenceManager.updateContact(user);
|
||||
writeProxy.write(socketID, new NewAuthToken(token));
|
||||
}
|
||||
|
||||
final var pendingMessages = PersistenceManager.getInstance().getPendingMessages(user, credentials.getLastSync());
|
||||
pendingMessages.removeIf(GroupMessage.class::isInstance);
|
||||
logger.fine("Sending " + pendingMessages.size() + " pending messages to " + user + "...");
|
||||
|
@ -0,0 +1,35 @@
|
||||
package envoy.server.util;
|
||||
|
||||
import java.security.SecureRandom;
|
||||
|
||||
/**
|
||||
* Provides a secure token generation algorithm.
|
||||
* <p>
|
||||
* Project: <strong>envoy-server</strong><br>
|
||||
* File: <strong>AuthTokenGenerator.java</strong><br>
|
||||
* Created: <strong>19.09.2020</strong><br>
|
||||
*
|
||||
* @author Kai S. K. Engelbart
|
||||
* @since Envoy Server v0.2-beta
|
||||
*/
|
||||
public final class AuthTokenGenerator {
|
||||
|
||||
private static final int TOKEN_LENGTH = 128;
|
||||
private static final char[] CHARACTERS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789".toCharArray();
|
||||
private static final char[] BUFF = new char[TOKEN_LENGTH];
|
||||
private static final SecureRandom RANDOM = new SecureRandom();
|
||||
|
||||
private AuthTokenGenerator() {}
|
||||
|
||||
/**
|
||||
* Generates a random authentication token.
|
||||
*
|
||||
* @return a random authentication token
|
||||
* @since Envoy Server v0.2-beta
|
||||
*/
|
||||
public static String nextToken() {
|
||||
for (int i = 0; i < BUFF.length; ++i)
|
||||
BUFF[i] = CHARACTERS[RANDOM.nextInt(CHARACTERS.length)];
|
||||
return new String(BUFF);
|
||||
}
|
||||
}
|
@ -10,3 +10,4 @@ featureLabel=119
|
||||
issueAuthToken=
|
||||
consoleLevelBarrier=FINEST
|
||||
fileLevelBarrier=WARNING
|
||||
authTokenExpiration=90
|
Reference in New Issue
Block a user