Use SecureRandom for passwords

2025-07-29 18:27:36 +02:00 · 2017-10-30 17:57:01 +01:00
parent 57eff4b3ec
commit 82a258097d
7 changed files with 20 additions and 18 deletions
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@ -9,7 +9,7 @@
 [//]: # (What did you expect?)

 ### Steps/models to reproduce:
-[//]: # (The actions that cause the issue)
+[//]: # (The actions that cause the issue. Please explain it in detail)

 ### Plugin list:
 [//]: # (This can be found by running `/pl`)
--- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/MojangApiBukkit.java
+++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/MojangApiBukkit.java
@ -37,7 +37,6 @@ public class MojangApiBukkit extends MojangApiConnector {
            String url = String.format(HAS_JOINED_URL, playerSession.getUsername(), serverId, encodedIp);

            HttpURLConnection conn = getConnection(url);
-
            try (BufferedReader reader = new BufferedReader(
                    new InputStreamReader(conn.getInputStream(), StandardCharsets.UTF_8))) {
                //validate parsing
--- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/SkinApplyListener.java
+++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/SkinApplyListener.java
@ -57,17 +57,17 @@ public class SkinApplyListener implements Listener {

    private void applySkin(Player player, String skinData, String signature) {
        WrappedGameProfile gameProfile = WrappedGameProfile.fromPlayer(player);
-        if (skinData != null && signature != null) {
-            WrappedSignedProperty skin = WrappedSignedProperty.fromValues(SkinProperties.TEXTURE_KEY, skinData, signature);
+
+        WrappedSignedProperty skin = WrappedSignedProperty.fromValues(SkinProperties.TEXTURE_KEY, skinData, signature);
+        try {
+            gameProfile.getProperties().put(SkinProperties.TEXTURE_KEY, skin);
+        } catch (ClassCastException castException) {
+            //Cauldron, MCPC, Thermos, ...
+            Object map = GET_PROPERTIES.invoke(gameProfile.getHandle());
            try {
-                gameProfile.getProperties().put(SkinProperties.TEXTURE_KEY, skin);
-            } catch (ClassCastException castException) {
-                Object map = GET_PROPERTIES.invoke(gameProfile.getHandle());
-                try {
-                    MethodUtils.invokeMethod(map, "put", new Object[]{SkinProperties.TEXTURE_KEY, skin.getHandle()});
-                } catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException ex) {
-                    plugin.getLog().error("Error setting premium skin", ex);
-                }
+                MethodUtils.invokeMethod(map, "put", new Object[]{SkinProperties.TEXTURE_KEY, skin.getHandle()});
+            } catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException ex) {
+                plugin.getLog().error("Error setting premium skin", ex);
            }
        }
    }
--- a/core/src/main/java/com/github/games647/fastlogin/core/AuthStorage.java
+++ b/core/src/main/java/com/github/games647/fastlogin/core/AuthStorage.java
@ -50,13 +50,14 @@ public class AuthStorage {
            config.setThreadFactory(platformThreadFactory);
        }

-        String pluginFolder = core.getPlugin().getPluginFolder().toAbsolutePath().toString();
-        databasePath = databasePath.replace("{pluginDir}", pluginFolder);
-
        String jdbcUrl = "jdbc:";
        if (driver.contains("sqlite")) {
+            String pluginFolder = core.getPlugin().getPluginFolder().toAbsolutePath().toString();
+            databasePath = databasePath.replace("{pluginDir}", pluginFolder);
+
            jdbcUrl += "sqlite://" + databasePath;
            config.setConnectionTestQuery("SELECT 1");
+            config.setMaximumPoolSize(1);
        } else {
            jdbcUrl += "mysql://" + host + ':' + port + '/' + databasePath;
        }
--- a/core/src/main/java/com/github/games647/fastlogin/core/hooks/DefaultPasswordGenerator.java
+++ b/core/src/main/java/com/github/games647/fastlogin/core/hooks/DefaultPasswordGenerator.java
@ -1,12 +1,14 @@
 package com.github.games647.fastlogin.core.hooks;

+import java.security.SecureRandom;
 import java.util.Random;

 public class DefaultPasswordGenerator<P> implements PasswordGenerator<P> {

    private static final char[] PASSWORD_CHARACTERS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
            .toCharArray();
-    private final Random random = new Random();
+
+    private final Random random = new SecureRandom();

    @Override
    public String getRandomPassword(P player) {
--- a/core/src/main/java/com/github/games647/fastlogin/core/mojang/SkinProperties.java
+++ b/core/src/main/java/com/github/games647/fastlogin/core/mojang/SkinProperties.java
@ -4,7 +4,7 @@ public class SkinProperties {

    public static final String TEXTURE_KEY = "textures";

-    private final String name = "textures";
+    private final String name = TEXTURE_KEY;

    private String value;
    private String signature;
--- a/core/src/main/resources/config.yml
+++ b/core/src/main/resources/config.yml
@ -167,7 +167,7 @@ database: '{pluginDir}/FastLogin.db'

 # MySQL/MariaDB
 #driver: com.mysql.jdbc.Driver
-#host: localhost
+#host: 127.0.0.1
 #port: 3306
 #database: fastlogin
 #username: myUser