From d89a11fba0d4290b0fe9acb2d561126d0621dc0d Mon Sep 17 00:00:00 2001 From: jeffcheasey88 Date: Mon, 16 Sep 2024 07:52:37 +0200 Subject: [PATCH] Rework verify code from unlogged action --- .../backend/routes/users/ForgotPassword.java | 47 ++++++++++++---- .../routes/users/MailConfirmation.java | 55 ++++++++++++++----- .../peerat/backend/routes/users/Register.java | 48 ++++++++++++---- 3 files changed, 116 insertions(+), 34 deletions(-) diff --git a/src/dev/peerat/backend/routes/users/ForgotPassword.java b/src/dev/peerat/backend/routes/users/ForgotPassword.java index 9494d7a..0f5d0ff 100644 --- a/src/dev/peerat/backend/routes/users/ForgotPassword.java +++ b/src/dev/peerat/backend/routes/users/ForgotPassword.java @@ -2,9 +2,14 @@ package dev.peerat.backend.routes.users; import static dev.peerat.framework.RequestType.POST; +import java.lang.reflect.Constructor; +import java.security.SecureRandom; +import java.util.ArrayList; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.Random; +import java.util.UUID; import java.util.regex.Matcher; import dev.peerat.backend.model.PeerAtUser; @@ -23,13 +28,28 @@ public class ForgotPassword extends FormResponse{ private Router router; private DatabaseRepository repo; private Mail mail; - private Map codes; + private Map codes; + private List randoms; public ForgotPassword(Router router, DatabaseRepository repo, Mail mail){ this.router = router; this.repo = repo; this.mail = mail; this.codes = new HashMap<>(); + + this.randoms = new ArrayList<>(); + + Random random = new Random(); + int randoms = random.nextInt(10)+3; + for(int i = 0; i < randoms; i++) this.randoms.add(new SecureRandom()); + + try { + Constructor constructor = UUID.class.getDeclaredConstructor(byte[].class); + constructor.setAccessible(true); + this.uuidBuilder = constructor; + } catch (Exception e){ + e.printStackTrace(); + } } @Route(path = "^/user/fpw$", type = POST) @@ -54,16 +74,16 @@ public class ForgotPassword extends FormResponse{ } if(hasFields("code") && areValids("password")){ - Integer checkCode = codes.get(email); + String checkCode = codes.get(email); if(checkCode == null){ context.response(400); return; } - int code = json.get("code").intValue(); + String code = json.get("code"); String password = json.get("password"); - if(code == checkCode.intValue()){ + if(checkCode.equals(code)){ codes.remove(email); repo.updatePassword(player, password); @@ -74,18 +94,25 @@ public class ForgotPassword extends FormResponse{ context.response(400); } }else{ - int code = codeGenerator(); + String code = codeGenerator(); codes.put(email, code); mail.send(email, "Forgot your Peer @ Code password ?", "Your check code is "+code+" !"); context.response(200); } } - private int codeGenerator(){ - int min = 1000; - int max = 9999; - return new Random().nextInt((max-min)) + min; - + private Constructor uuidBuilder; + + private String codeGenerator() throws Exception{ + Random random = new Random(); + Random target = this.randoms.get(random.nextInt(this.randoms.size())); + byte[] arrayOfByte = new byte[16]; + target.nextBytes(arrayOfByte); + arrayOfByte[6] = (byte)(arrayOfByte[6] & 0xF); + arrayOfByte[6] = (byte)(arrayOfByte[6] | 0x40); + arrayOfByte[8] = (byte)(arrayOfByte[8] & 0x3F); + arrayOfByte[8] = (byte)(arrayOfByte[8] | 0x80); + return uuidBuilder.newInstance(arrayOfByte).toString(); } } diff --git a/src/dev/peerat/backend/routes/users/MailConfirmation.java b/src/dev/peerat/backend/routes/users/MailConfirmation.java index 27892b0..9ce7f89 100644 --- a/src/dev/peerat/backend/routes/users/MailConfirmation.java +++ b/src/dev/peerat/backend/routes/users/MailConfirmation.java @@ -5,6 +5,7 @@ import static dev.peerat.framework.RequestType.POST; import java.io.BufferedWriter; import java.io.IOException; import java.io.OutputStreamWriter; +import java.lang.reflect.Constructor; import java.net.URL; import java.nio.ByteBuffer; import java.nio.file.Files; @@ -12,11 +13,15 @@ import java.nio.file.Paths; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; import java.security.interfaces.RSAPublicKey; +import java.util.ArrayList; import java.util.Base64; import java.util.Base64.Encoder; +import java.util.List; import java.util.Map; import java.util.Random; +import java.util.UUID; import java.util.regex.Matcher; import javax.net.ssl.HttpsURLConnection; @@ -37,7 +42,7 @@ import dev.peerat.framework.Route; import dev.peerat.framework.Router; import dev.peerat.framework.utils.json.JsonMap; -public class MailConfirmation extends FormResponse { +public class MailConfirmation extends FormResponse{ private DatabaseRepository databaseRepo; private Router router; @@ -45,15 +50,16 @@ public class MailConfirmation extends FormResponse { private KeyPairGenerator generator; private Encoder encoder; private String gitToken; - private Map playersWaiting; + private Map playersWaiting; private Mail mail; - + private List randoms; + public MailConfirmation( DatabaseRepository databaseRepo, Router router, @Injection("usersFiles") String initUsersFilesPath, @Injection("gitToken") String gitToken, - @Injection("waitting") Map playersWaiting, + @Injection("waitting") Map playersWaiting, Mail mail) throws NoSuchAlgorithmException{ this.databaseRepo = databaseRepo; @@ -67,6 +73,20 @@ public class MailConfirmation extends FormResponse { generator.initialize(4096); encoder = Base64.getEncoder(); + this.randoms = new ArrayList<>(); + + Random random = new Random(); + int randoms = random.nextInt(10)+3; + for(int i = 0; i < randoms; i++) this.randoms.add(new SecureRandom()); + + try { + Constructor constructor = UUID.class.getDeclaredConstructor(byte[].class); + constructor.setAccessible(true); + this.uuidBuilder = constructor; + } catch (Exception e){ + e.printStackTrace(); + } + validator("pseudo", "[a-zA-Z0-9&|!?{}\\[\\]%/*\\-+=:;,_#@ ]{3,100}"); validator("firstname", "^(?>[a-zA-Z]+ ?)+$"); validator("lastname", "^(?>[a-zA-Z]+ ?)+$"); @@ -88,13 +108,13 @@ public class MailConfirmation extends FormResponse { return; } String email = json.get("email"); - int code = json.get("code").intValue(); + String code = json.get("code"); String pseudo = json.get("pseudo"); String firstname = json.get("firstname"); String lastname = json.get("lastname"); String password = json.get("passwd"); - Integer checkCode = playersWaiting.get(email); + String checkCode = playersWaiting.get(email); if(checkCode == null){ context.response(400); return; @@ -103,7 +123,7 @@ public class MailConfirmation extends FormResponse { boolean pseudoAvailable = databaseRepo.checkPseudoAvailability(pseudo); boolean emailAvailable = databaseRepo.checkEmailAvailability(email); if(pseudoAvailable && emailAvailable){ - if(code == checkCode.intValue()){ + if(code.equals(checkCode)){ playersWaiting.remove(email); int id = databaseRepo.register(pseudo, email, password, firstname, lastname, "", "", ""); if(id >= 0){ @@ -118,7 +138,7 @@ public class MailConfirmation extends FormResponse { error.set("username_valid", pseudo); error.set("email_valid", email); writer.write(error.toString()); - int ncode = codeGenerator(); + String ncode = codeGenerator()+codeGenerator(); playersWaiting.put(email, ncode); mail.send(email, "Welcome @ Peer @ Code", "Your check code is "+ncode+" !"); } @@ -134,13 +154,20 @@ public class MailConfirmation extends FormResponse { } } - private int codeGenerator(){ - int min = 1000; - int max = 9999; - return new Random().nextInt((max-min)) + min; - + private Constructor uuidBuilder; + + private String codeGenerator() throws Exception{ + Random random = new Random(); + Random target = this.randoms.get(random.nextInt(this.randoms.size())); + byte[] arrayOfByte = new byte[16]; + target.nextBytes(arrayOfByte); + arrayOfByte[6] = (byte)(arrayOfByte[6] & 0xF); + arrayOfByte[6] = (byte)(arrayOfByte[6] | 0x40); + arrayOfByte[8] = (byte)(arrayOfByte[8] & 0x3F); + arrayOfByte[8] = (byte)(arrayOfByte[8] | 0x80); + return uuidBuilder.newInstance(arrayOfByte).toString(); } - + private void createFolderToSaveSourceCode(String pseudo) throws IOException { Files.createDirectories(Paths.get(String.format("%s/%s", usersFilesPath, pseudo))); diff --git a/src/dev/peerat/backend/routes/users/Register.java b/src/dev/peerat/backend/routes/users/Register.java index 96a4ccb..c8f6ab5 100644 --- a/src/dev/peerat/backend/routes/users/Register.java +++ b/src/dev/peerat/backend/routes/users/Register.java @@ -2,8 +2,13 @@ package dev.peerat.backend.routes.users; import static dev.peerat.framework.RequestType.POST; +import java.lang.reflect.Constructor; +import java.security.SecureRandom; +import java.util.ArrayList; +import java.util.List; import java.util.Map; import java.util.Random; +import java.util.UUID; import java.util.regex.Matcher; import dev.peerat.backend.bonus.extract.RouteDoc; @@ -17,16 +22,32 @@ import dev.peerat.framework.Injection; import dev.peerat.framework.Route; import dev.peerat.framework.utils.json.JsonMap; -public class Register extends FormResponse { +public class Register extends FormResponse{ private DatabaseRepository databaseRepo; - private Map playersWaiting; + private Map playersWaiting; private Mail mail; + private String host; + private List randoms; - public Register(DatabaseRepository databaseRepo, @Injection("waitting") Map playersWaiting, Mail mail){ + public Register(DatabaseRepository databaseRepo, @Injection("waitting") Map playersWaiting, Mail mail, @Injection("issuer") String host){ this.databaseRepo = databaseRepo; this.playersWaiting = playersWaiting; this.mail = mail; + this.host = host; + this.randoms = new ArrayList<>(); + + Random random = new Random(); + int randoms = random.nextInt(10)+3; + for(int i = 0; i < randoms; i++) this.randoms.add(new SecureRandom()); + + try { + Constructor constructor = UUID.class.getDeclaredConstructor(byte[].class); + constructor.setAccessible(true); + this.uuidBuilder = constructor; + } catch (Exception e){ + e.printStackTrace(); + } } @RouteDoc(path = "/register", responseCode = 200, responseDescription = "L'utilisateur est inscrit") @@ -49,9 +70,9 @@ public class Register extends FormResponse { boolean emailAvailable = databaseRepo.checkEmailAvailability(email); if(emailAvailable){ - int code = codeGenerator(); + String code = codeGenerator()+codeGenerator(); playersWaiting.put(email, code); - mail.send(email, "Welcome @ Peer @ Code", "Your check code is "+code+" !"); + mail.send(email, "Welcome @ Peer @ Code", "Please, confirm your code on "+host+"/?code="+code+" !"); context.response(200); }else{ context.response(400); @@ -61,11 +82,18 @@ public class Register extends FormResponse { } } - private int codeGenerator(){ - int min = 1000; - int max = 9999; - return new Random().nextInt((max-min)) + min; - + private Constructor uuidBuilder; + + private String codeGenerator() throws Exception{ + Random random = new Random(); + Random target = this.randoms.get(random.nextInt(this.randoms.size())); + byte[] arrayOfByte = new byte[16]; + target.nextBytes(arrayOfByte); + arrayOfByte[6] = (byte)(arrayOfByte[6] & 0xF); + arrayOfByte[6] = (byte)(arrayOfByte[6] | 0x40); + arrayOfByte[8] = (byte)(arrayOfByte[8] & 0x3F); + arrayOfByte[8] = (byte)(arrayOfByte[8] | 0x80); + return uuidBuilder.newInstance(arrayOfByte).toString(); } }