From 5fe79b92327c082384068fa45c3b1d2691800e3d Mon Sep 17 00:00:00 2001 From: mdxd44 Date: Thu, 23 Dec 2021 12:15:10 +0900 Subject: Titles, auth time, bossbar, max and min auth time, unsafe passwords. (Closes LimboAPI#8) --- .../java/net/elytrium/limboauth/LimboAuth.java | 51 +- src/main/java/net/elytrium/limboauth/Settings.java | 76 +- .../limboauth/command/DestroySessionCommand.java | 2 +- .../limboauth/command/ForceUnregisterCommand.java | 8 +- .../limboauth/command/UnregisterCommand.java | 7 +- .../java/net/elytrium/limboauth/config/Config.java | 15 +- .../limboauth/handler/AuthSessionHandler.java | 182 +- .../elytrium/limboauth/listener/AuthListener.java | 1 + src/main/resources/unsafe_passwords.txt | 12319 +++++++++++++++++++ 9 files changed, 12573 insertions(+), 88 deletions(-) create mode 100644 src/main/resources/unsafe_passwords.txt (limited to 'src') diff --git a/src/main/java/net/elytrium/limboauth/LimboAuth.java b/src/main/java/net/elytrium/limboauth/LimboAuth.java index a901bc2..ba29a20 100644 --- a/src/main/java/net/elytrium/limboauth/LimboAuth.java +++ b/src/main/java/net/elytrium/limboauth/LimboAuth.java @@ -33,6 +33,7 @@ import com.velocitypowered.api.plugin.PluginContainer; import com.velocitypowered.api.plugin.annotation.DataDirectory; import com.velocitypowered.api.proxy.Player; import com.velocitypowered.api.proxy.ProxyServer; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import java.io.File; import java.io.IOException; import java.net.InetAddress; @@ -40,7 +41,9 @@ import java.net.URI; import java.net.http.HttpClient; import java.net.http.HttpRequest; import java.net.http.HttpResponse; +import java.nio.file.Files; import java.nio.file.Path; +import java.nio.file.Paths; import java.sql.SQLException; import java.util.ArrayList; import java.util.Collections; @@ -54,6 +57,7 @@ import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.Executors; import java.util.concurrent.TimeUnit; import java.util.regex.Pattern; +import java.util.stream.Collectors; import net.elytrium.limboapi.api.Limbo; import net.elytrium.limboapi.api.LimboFactory; import net.elytrium.limboapi.api.chunk.Dimension; @@ -82,6 +86,7 @@ import org.slf4j.Logger; authors = {"hevav", "mdxd44"}, dependencies = {@Dependency(id = "limboapi")} ) +@SuppressFBWarnings({"EI_EXPOSE_REP", "MS_EXPOSE_REP"}) public class LimboAuth { private static LimboAuth instance; @@ -92,11 +97,12 @@ public class LimboAuth { private final ProxyServer server; private final LimboFactory factory; + private final Set unsafePasswords = new HashSet<>(); + private Map cachedAuthChecks; private Dao playerDao; + private Pattern nicknameValidationPattern; private Limbo authServer; - private Map cachedAuthChecks; private Component nicknameInvalid; - private Pattern nicknameValidationPattern; @Inject @SuppressWarnings("OptionalGetWithoutIsPresent") @@ -110,7 +116,7 @@ public class LimboAuth { } @Subscribe - public void onProxyInitialization(ProxyInitializeEvent event) throws SQLException { + public void onProxyInitialization(ProxyInitializeEvent event) throws Exception { System.setProperty("com.j256.simplelogging.level", "ERROR"); this.reload(); @@ -119,20 +125,29 @@ public class LimboAuth { } @SuppressWarnings("SwitchStatementWithTooFewBranches") - public void reload() throws SQLException { + public void reload() throws Exception { Settings.IMP.reload(new File(this.dataDirectory.toFile().getAbsoluteFile(), "config.yml")); + if (Settings.IMP.MAIN.CHECK_PASSWORD_STRENGTH) { + this.unsafePasswords.clear(); + Path unsafePasswordsFile = Paths.get(this.dataDirectory.toFile().getAbsolutePath(), Settings.IMP.MAIN.UNSAFE_PASSWORDS_FILE); + if (!unsafePasswordsFile.toFile().exists()) { + Files.copy(Objects.requireNonNull(this.getClass().getResourceAsStream("/unsafe_passwords.txt")), unsafePasswordsFile); + } + + this.unsafePasswords.addAll(Files.lines(unsafePasswordsFile).collect(Collectors.toSet())); + } + this.cachedAuthChecks = new ConcurrentHashMap<>(); Settings.DATABASE dbConfig = Settings.IMP.DATABASE; - JdbcPooledConnectionSource connectionSource; // requireNonNull prevents the shade plugin from excluding the drivers in minimized jar. switch (dbConfig.STORAGE_TYPE.toLowerCase(Locale.ROOT)) { case "h2": { Objects.requireNonNull(org.h2.Driver.class); Objects.requireNonNull(org.h2.engine.Engine.class); - connectionSource = new JdbcPooledConnectionSource("jdbc:h2:" + this.dataDirectory.toFile().getAbsoluteFile() + "/" + "limboauth"); + connectionSource = new JdbcPooledConnectionSource("jdbc:h2:" + this.dataDirectory.toFile().getAbsoluteFile() + "/limboauth"); break; } case "mysql": { @@ -212,7 +227,7 @@ public class LimboAuth { this.authServer = this.factory.createLimbo(authWorld); - this.nicknameInvalid = LegacyComponentSerializer.legacyAmpersand().deserialize(Settings.IMP.MAIN.STRINGS.NICKNAME_INVALID); + this.nicknameInvalid = LegacyComponentSerializer.legacyAmpersand().deserialize(Settings.IMP.MAIN.STRINGS.NICKNAME_INVALID_KICK); this.server.getEventManager().unregisterListeners(this); this.server.getEventManager().register(this, new AuthListener(this.playerDao)); @@ -280,8 +295,8 @@ public class LimboAuth { this.cachedAuthChecks.put(username, new CachedUser(player.getRemoteAddress().getAddress(), System.currentTimeMillis())); } - public void removePlayerFromCache(Player player) { - this.cachedAuthChecks.remove(player.getUsername()); + public void removePlayerFromCache(String username) { + this.cachedAuthChecks.remove(username); } public boolean needAuth(Player player) { @@ -312,7 +327,7 @@ public class LimboAuth { // Send player to auth virtual server. try { - this.authServer.spawnPlayer(player, new AuthSessionHandler(this.playerDao, player, nickname)); + this.authServer.spawnPlayer(player, new AuthSessionHandler(this.playerDao, player, this, nickname)); } catch (Throwable t) { this.getLogger().error("Error", t); } @@ -331,10 +346,6 @@ public class LimboAuth { } } - public Logger getLogger() { - return this.logger; - } - private void checkCache(Map userMap, long time) { userMap.entrySet().stream() .filter(u -> u.getValue().getCheckTime() + time <= System.currentTimeMillis()) @@ -350,6 +361,18 @@ public class LimboAuth { return instance; } + public Set getUnsafePasswords() { + return this.unsafePasswords; + } + + public Logger getLogger() { + return this.logger; + } + + public ProxyServer getServer() { + return this.server; + } + private static class CachedUser { private final InetAddress inetAddress; diff --git a/src/main/java/net/elytrium/limboauth/Settings.java b/src/main/java/net/elytrium/limboauth/Settings.java index 9e59830..0886cdf 100644 --- a/src/main/java/net/elytrium/limboauth/Settings.java +++ b/src/main/java/net/elytrium/limboauth/Settings.java @@ -35,7 +35,18 @@ public class Settings extends Config { public static class MAIN { + @Comment("Maximum time for player to authenticate in milliseconds. If the player stays on the auth limbo for longer than this time, then the player will be kicked.") + public int AUTH_TIME = 60000; public boolean ENABLE_BOSSBAR = true; + @Comment("Available colors: PINK, BLUE, RED, GREEN, YELLOW, PURPLE, WHITE") + public String BOSSBAR_COLOR = "RED"; + @Comment("Available overlays: PROGRESS, NOTCHED_6, NOTCHED_10, NOTCHED_12, NOTCHED_20") + public String BOSSBAR_OVERLAY = "NOTCHED_20"; + public int MIN_PASSWORD_LENGTH = 4; + @Comment("Максимальная длинна пароля для BCrypt равняется 71 символу.") + public int MAX_PASSWORD_LENGTH = 71; + public boolean CHECK_PASSWORD_STRENGTH = true; + public String UNSAFE_PASSWORDS_FILE = "unsafe_passwords.txt"; public boolean ONLINE_MODE_NEED_AUTH = true; public boolean FORCE_OFFLINE_UUID = false; @Comment({ @@ -48,8 +59,8 @@ public class Settings extends Config { public boolean REGISTER_NEED_REPEAT_PASSWORD = true; public boolean CHANGE_PASSWORD_NEED_OLD_PASSWORD = true; @Comment({ - "If you want to migrate your database from another plugin, which is not using BCrypt", - "You can set an old hash algorithm to migrate from. Currently, only AUTHME is supported yet" + "If you want to migrate your database from another plugin, which is not using BCrypt.", + "You can set an old hash algorithm to migrate from. Currently, only AUTHME is supported yet." }) public String MIGRATION_HASH = ""; @Comment("Available dimensions: OVERWORLD, NETHER, THE_END") @@ -62,7 +73,7 @@ public class Settings extends Config { public int LOGIN_ATTEMPTS = 3; public int IP_LIMIT_REGISTRATIONS = 3; public int TOTP_RECOVERY_CODES_AMOUNT = 16; - @Comment("Time in milliseconds, when ip limit works, set to 0 for disable") + @Comment("Time in milliseconds, when ip limit works, set to 0 for disable.") public long IP_LIMIT_VALID_TIME = 21600000; @Comment({ "Regex of allowed nicknames", @@ -95,10 +106,23 @@ public class Settings extends Config { public int Z = 0; } + /* + @Create + public Settings.MAIN.EVENTS_PRIORITIES EVENTS_PRIORITIES; + + @Comment("Available priorities: FIRST, EARLY, NORMAL, LATE, LAST") + public static class EVENTS_PRIORITIES { + + public String PRE_LOGIN = "NORMAL"; + public String LOGIN_LIMBO_REGISTER = "NORMAL"; + public String SAFE_GAME_PROFILE_REQUEST = "NORMAL"; + } + */ + @Create public MAIN.STRINGS STRINGS; - //@Comment("Leave empty to disable.") + @Comment("Leave title fields empty to disable.") public static class STRINGS { public String RELOAD = "{PRFX} &aReloaded successfully!"; @@ -109,31 +133,41 @@ public class Settings extends Config { public String NOT_REGISTERED = "{PRFX} &cYou are not registered!"; public String WRONG_PASSWORD = "{PRFX} &cPassword is wrong!"; - public String NICKNAME_INVALID = "{NL}{NL}&cYour nickname contains forbidden characters. Please, change your nickname!"; + public String NICKNAME_INVALID_KICK = "{PRFX}{NL}&cYour nickname contains forbidden characters. Please, change your nickname!"; + @Comment("6 hours by default in ip-limit-valid-time") public String IP_LIMIT = "{PRFX} &cYour IP has reached max registered accounts. If this is an error, restart your router, or wait about 6 hours."; - public String WRONG_NICKNAME_CASE = "{NL}{NL}&cThe case of your nickname is wrong. Nickname is CaSe SeNsItIvE."; + public String WRONG_NICKNAME_CASE_KICK = "{PRFX}{NL}&cThe case of your nickname is wrong. Nickname is CaSe SeNsItIvE."; - public String LOGIN = "{PRFX} Please, login using &6/login &6. You have &6{0} &cattempts."; - public String LOGIN_SUCCESS = "{PRFX} &aSuccessfully logged in!"; - public String LOGIN_WRONG_PASSWORD = "{PRFX} &cYou've entered the wrong password. You have &6{0} &cattempts left."; - public String LOGIN_TITLE = ""; - public String LOGIN_SUBTITLE = ""; - public String LOGIN_SUCCESS_TITLE = ""; - public String LOGIN_SUCCESS_SUBTITLE = ""; + public String BOSSBAR = "{PRFX} У вас осталось &6{0} &fсекунд чтобы авторизироваться."; + public String TIMES_UP = "{PRFX}{NL}&cВремя авторизации вышло."; + + public String LOGIN = "{PRFX} &aPlease, login using &6/login &a, you have &6{0} &aattempts."; + public String LOGIN_WRONG_PASSWORD = "{PRFX} &cYou''ve entered the wrong password, you have &6{0} &cattempts left."; + public String LOGIN_WRONG_PASSWORD_KICK = "{PRFX}{NL}&cYou've entered the wrong password numerous times!"; + public String LOGIN_SUCCESSFUL = "{PRFX} &aSuccessfully logged in!"; + public String LOGIN_TITLE = "&fPlease, login using &6/login &a."; + public String LOGIN_SUBTITLE = "&aYou have &6{0} &aattempts."; + public String LOGIN_SUCCESSFUL_TITLE = "{PRFX}"; + public String LOGIN_SUCCESSFUL_SUBTITLE = "&aSuccessfully logged in!"; @Comment("Or if register-need-repeat-password set to false remove the \"\" part.") public String REGISTER = "{PRFX} Please, register using &6/register "; - public String REGISTER_TITLE = ""; - public String REGISTER_SUBTITLE = ""; - public String DIFFERENT_PASSWORDS = "{PRFX} The entered passwords differ from each other."; - public String KICK_PASSWORD_WRONG = "{NL}{NL}&cYou've entered the wrong password numerous times!"; - - public String UNREGISTER_SUCCESSFUL = "{PRFX}{NL}{NL}&aSuccessfully unregistered!"; + public String REGISTER_DIFFERENT_PASSWORDS = "{PRFX} &cThe entered passwords differ from each other!"; + public String REGISTER_PASSWORD_TOO_SHORT = "{PRFX} &cYou entered too short password, use a different one!"; + public String REGISTER_PASSWORD_TOO_LONG = "{PRFX} &cYou entered too long password, use a different one!"; + public String REGISTER_PASSWORD_UNSAFE = "{PRFX} &cYour password is unsafe, use a different one!"; + public String REGISTER_SUCCESSFUL = "{PRFX} &aSuccessfully registered!"; + public String REGISTER_TITLE = "{PRFX}"; + public String REGISTER_SUBTITLE = "&aPlease, register using &6/register "; + public String REGISTER_SUCCESSFUL_TITLE = "{PRFX}"; + public String REGISTER_SUCCESSFUL_SUBTITLE = "&aSuccessfully registered!"; + + public String UNREGISTER_SUCCESSFUL = "{PRFX}{NL}&aSuccessfully unregistered!"; public String UNREGISTER_USAGE = "{PRFX} Usage: &6/unregister confirm"; public String FORCE_UNREGISTER_SUCCESSFUL = "{PRFX} &a{0} successfully unregistered!"; - public String FORCE_UNREGISTER_SUCCESSFUL_PLAYER = "{PRFX}{NL}{NL}&aYou have been unregistered by administrator!"; + public String FORCE_UNREGISTER_KICK = "{PRFX}{NL}&aYou have been unregistered by administrator!"; public String FORCE_UNREGISTER_NOT_SUCCESSFUL = "{PRFX} &cUnable to unregister {0}. Most likely this player has never been on this server."; public String FORCE_UNREGISTER_USAGE = "{PRFX} Usage: &6/forceunregister "; @@ -142,6 +176,8 @@ public class Settings extends Config { public String CHANGE_PASSWORD_USAGE = "{PRFX} Usage: &6/changepassword "; public String TOTP = "{PRFX} Please, enter your 2FA key using &6/2fa "; + public String TOTP_TITLE = "{PRFX}"; + public String TOTP_SUBTITLE = "&aEnter your 2FA key using &6/2fa "; public String TOTP_SUCCESSFUL = "{PRFX} &aSuccessfully enabled 2FA!"; public String TOTP_DISABLED = "{PRFX} &aSuccessfully disabled 2FA!"; @Comment("Or if totp-need-pass set to false remove the \"\" part.") diff --git a/src/main/java/net/elytrium/limboauth/command/DestroySessionCommand.java b/src/main/java/net/elytrium/limboauth/command/DestroySessionCommand.java index 27dff72..b0e6cf4 100644 --- a/src/main/java/net/elytrium/limboauth/command/DestroySessionCommand.java +++ b/src/main/java/net/elytrium/limboauth/command/DestroySessionCommand.java @@ -49,7 +49,7 @@ public class DestroySessionCommand implements SimpleCommand { return; } - this.plugin.removePlayerFromCache((Player) source); + this.plugin.removePlayerFromCache(((Player) source).getUsername()); source.sendMessage(this.successful); } diff --git a/src/main/java/net/elytrium/limboauth/command/ForceUnregisterCommand.java b/src/main/java/net/elytrium/limboauth/command/ForceUnregisterCommand.java index d45eae9..2b97143 100644 --- a/src/main/java/net/elytrium/limboauth/command/ForceUnregisterCommand.java +++ b/src/main/java/net/elytrium/limboauth/command/ForceUnregisterCommand.java @@ -40,7 +40,7 @@ public class ForceUnregisterCommand implements SimpleCommand { private final ProxyServer server; private final Dao playerDao; - private final Component successfulPlayer; + private final Component kick; private final String successful; private final String notSuccessful; private final Component usage; @@ -50,7 +50,7 @@ public class ForceUnregisterCommand implements SimpleCommand { this.server = server; this.playerDao = playerDao; - this.successfulPlayer = LegacyComponentSerializer.legacyAmpersand().deserialize(Settings.IMP.MAIN.STRINGS.FORCE_UNREGISTER_SUCCESSFUL_PLAYER); + this.kick = LegacyComponentSerializer.legacyAmpersand().deserialize(Settings.IMP.MAIN.STRINGS.FORCE_UNREGISTER_KICK); this.successful = Settings.IMP.MAIN.STRINGS.FORCE_UNREGISTER_SUCCESSFUL; this.notSuccessful = Settings.IMP.MAIN.STRINGS.FORCE_UNREGISTER_NOT_SUCCESSFUL; this.usage = LegacyComponentSerializer.legacyAmpersand().deserialize(Settings.IMP.MAIN.STRINGS.FORCE_UNREGISTER_USAGE); @@ -83,9 +83,9 @@ public class ForceUnregisterCommand implements SimpleCommand { String playerNick = args[0]; try { this.playerDao.deleteById(playerNick.toLowerCase(Locale.ROOT)); + this.plugin.removePlayerFromCache(playerNick); this.server.getPlayer(playerNick).ifPresent(player -> { - this.plugin.removePlayerFromCache(player); - player.disconnect(this.successfulPlayer); + player.disconnect(this.kick); }); source.sendMessage(LegacyComponentSerializer.legacyAmpersand().deserialize(MessageFormat.format(this.successful, playerNick))); } catch (SQLException e) { diff --git a/src/main/java/net/elytrium/limboauth/command/UnregisterCommand.java b/src/main/java/net/elytrium/limboauth/command/UnregisterCommand.java index aeab6ec..5fe8643 100644 --- a/src/main/java/net/elytrium/limboauth/command/UnregisterCommand.java +++ b/src/main/java/net/elytrium/limboauth/command/UnregisterCommand.java @@ -67,13 +67,14 @@ public class UnregisterCommand implements SimpleCommand { if (args.length == 2) { if (args[1].equalsIgnoreCase("confirm")) { - RegisteredPlayer player = AuthSessionHandler.fetchInfo(this.playerDao, ((Player) source).getUsername()); + String username = ((Player) source).getUsername(); + RegisteredPlayer player = AuthSessionHandler.fetchInfo(this.playerDao, username); if (player == null) { source.sendMessage(this.notRegistered); } else if (AuthSessionHandler.checkPassword(args[0], player, this.playerDao)) { try { - this.playerDao.deleteById(((Player) source).getUsername().toLowerCase(Locale.ROOT)); - this.plugin.removePlayerFromCache((Player) source); + this.playerDao.deleteById(username.toLowerCase(Locale.ROOT)); + this.plugin.removePlayerFromCache(username); ((Player) source).disconnect(this.successful); } catch (SQLException e) { source.sendMessage(this.errorOccurred); diff --git a/src/main/java/net/elytrium/limboauth/config/Config.java b/src/main/java/net/elytrium/limboauth/config/Config.java index ed5b007..1cb9803 100644 --- a/src/main/java/net/elytrium/limboauth/config/Config.java +++ b/src/main/java/net/elytrium/limboauth/config/Config.java @@ -208,7 +208,7 @@ public class Config { } } - private void save(PrintWriter writer, Class clazz, final Object instance, int indent) { + private void save(PrintWriter writer, Class clazz, Object instance, int indent) { try { String lineSeparator = System.lineSeparator(); String spacing = this.repeat(" ", indent); @@ -356,9 +356,14 @@ public class Config { private void setAccessible(Field field) throws NoSuchFieldException, IllegalAccessException { field.setAccessible(true); if (Modifier.isFinal(field.getModifiers())) { - Field modifiersField = Field.class.getDeclaredField("modifiers"); - modifiersField.setAccessible(true); - modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL); + if (Runtime.version().feature() < 12) { + Field modifiersField = Field.class.getDeclaredField("modifiers"); + modifiersField.setAccessible(true); + modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL); + } else { + // TODO: Maybe use sun.misc.Unsafe?... + throw new UnsupportedOperationException(); + } } } @@ -377,7 +382,7 @@ public class Config { return array[0].toString(); } default: { - final StringBuilder result = new StringBuilder(); + StringBuilder result = new StringBuilder(); for (int i = 0, j = array.length; i < j; ++i) { if (i > 0) { result.append(delimiter); diff --git a/src/main/java/net/elytrium/limboauth/handler/AuthSessionHandler.java b/src/main/java/net/elytrium/limboauth/handler/AuthSessionHandler.java index 38a464d..59f5074 100644 --- a/src/main/java/net/elytrium/limboauth/handler/AuthSessionHandler.java +++ b/src/main/java/net/elytrium/limboauth/handler/AuthSessionHandler.java @@ -20,6 +20,7 @@ package net.elytrium.limboauth.handler; import at.favre.lib.crypto.bcrypt.BCrypt; import com.j256.ormlite.dao.Dao; import com.velocitypowered.api.proxy.Player; +import com.velocitypowered.api.scheduler.ScheduledTask; import dev.samstevens.totp.code.CodeVerifier; import dev.samstevens.totp.code.DefaultCodeGenerator; import dev.samstevens.totp.code.DefaultCodeVerifier; @@ -30,6 +31,7 @@ import java.text.MessageFormat; import java.util.List; import java.util.Locale; import java.util.UUID; +import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicInteger; import net.elytrium.limboapi.api.Limbo; import net.elytrium.limboapi.api.LimboSessionHandler; @@ -38,7 +40,10 @@ import net.elytrium.limboauth.LimboAuth; import net.elytrium.limboauth.Settings; import net.elytrium.limboauth.migration.MigrationHash; import net.elytrium.limboauth.model.RegisteredPlayer; +import net.kyori.adventure.bossbar.BossBar; +import net.kyori.adventure.text.Component; import net.kyori.adventure.text.serializer.legacy.LegacyComponentSerializer; +import net.kyori.adventure.title.Title; public class AuthSessionHandler implements LimboSessionHandler { @@ -47,16 +52,27 @@ public class AuthSessionHandler implements LimboSessionHandler { private final Dao playerDao; private final Player proxyPlayer; private final RegisteredPlayer playerInfo; + private final LimboAuth plugin; + + private final long joinTime = System.currentTimeMillis(); + private final BossBar bossBar = BossBar.bossBar( + Component.empty(), + 1, + BossBar.Color.valueOf(Settings.IMP.MAIN.BOSSBAR_COLOR.toUpperCase(Locale.ROOT)), + BossBar.Overlay.valueOf(Settings.IMP.MAIN.BOSSBAR_OVERLAY.toUpperCase(Locale.ROOT)) + ); + private ScheduledTask authMainTask; private LimboPlayer player; private String ip; private int attempts = Settings.IMP.MAIN.LOGIN_ATTEMPTS; private boolean totp = false; - public AuthSessionHandler(Dao playerDao, Player proxyPlayer, String lowercaseNickname) { + public AuthSessionHandler(Dao playerDao, Player proxyPlayer, LimboAuth plugin, String lowercaseNickname) { this.playerDao = playerDao; this.proxyPlayer = proxyPlayer; this.playerInfo = this.fetchInfo(lowercaseNickname); + this.plugin = plugin; } @Override @@ -71,7 +87,24 @@ public class AuthSessionHandler implements LimboSessionHandler { this.checkCase(); } - this.sendMessage(); + boolean bossBarEnabled = Settings.IMP.MAIN.ENABLE_BOSSBAR; + float bossBarMultiplier = 1000F / Settings.IMP.MAIN.AUTH_TIME; + if (bossBarEnabled) { + this.proxyPlayer.showBossBar(this.bossBar); + } + this.authMainTask = this.plugin.getServer().getScheduler().buildTask(this.plugin, () -> { + if (System.currentTimeMillis() - this.joinTime > Settings.IMP.MAIN.AUTH_TIME) { + this.proxyPlayer.disconnect(this.deserialize(Settings.IMP.MAIN.STRINGS.TIMES_UP)); + return; + } + if (bossBarEnabled) { + long timeSinceJoin = Settings.IMP.MAIN.AUTH_TIME - (System.currentTimeMillis() - AuthSessionHandler.this.joinTime); + this.bossBar.name(this.deserialize(MessageFormat.format(Settings.IMP.MAIN.STRINGS.BOSSBAR, (int) (timeSinceJoin / 1000)))); + this.bossBar.progress((timeSinceJoin * bossBarMultiplier) / 1000); + } + }).repeat(1, TimeUnit.SECONDS).schedule(); + + this.sendMessage(true); } @Override @@ -82,11 +115,22 @@ public class AuthSessionHandler implements LimboSessionHandler { case "/reg": case "/register": case "/r": { - if (!this.totp && this.playerInfo == null && this.checkPasswordsRepeat(args)) { - this.register(args[1]); - this.finishAuth(); + if (!this.totp && this.playerInfo == null) { + if (this.checkPasswordsRepeat(args) && this.checkPasswordLength(args[1]) && this.checkPasswordStrength(args[1])) { + this.register(args[1]); + this.proxyPlayer.sendMessage(this.deserialize(Settings.IMP.MAIN.STRINGS.REGISTER_SUCCESSFUL)); + if (!Settings.IMP.MAIN.STRINGS.REGISTER_SUCCESSFUL_TITLE.isEmpty() && !Settings.IMP.MAIN.STRINGS.REGISTER_SUCCESSFUL_SUBTITLE.isEmpty()) { + this.proxyPlayer.showTitle( + Title.title( + this.deserialize(Settings.IMP.MAIN.STRINGS.REGISTER_SUCCESSFUL_TITLE), + this.deserialize(Settings.IMP.MAIN.STRINGS.REGISTER_SUCCESSFUL_SUBTITLE) + ) + ); + } + this.finishAuth(); + } } else { - this.sendMessage(); + this.sendMessage(false); } break; } @@ -95,18 +139,14 @@ public class AuthSessionHandler implements LimboSessionHandler { case "/l": { if (!this.totp && this.playerInfo != null) { if (this.checkPassword(args[1])) { - this.finishOrTotp(); + this.loginOrTotp(); } else if (--this.attempts != 0) { - this.proxyPlayer.sendMessage( - LegacyComponentSerializer.legacyAmpersand().deserialize( - MessageFormat.format(Settings.IMP.MAIN.STRINGS.LOGIN_WRONG_PASSWORD, this.attempts) - ) - ); + this.proxyPlayer.sendMessage(this.deserialize(MessageFormat.format(Settings.IMP.MAIN.STRINGS.LOGIN_WRONG_PASSWORD, this.attempts))); } else { - this.proxyPlayer.disconnect(LegacyComponentSerializer.legacyAmpersand().deserialize(Settings.IMP.MAIN.STRINGS.KICK_PASSWORD_WRONG)); + this.proxyPlayer.disconnect(this.deserialize(Settings.IMP.MAIN.STRINGS.LOGIN_WRONG_PASSWORD_KICK)); } } else { - this.sendMessage(); + this.sendMessage(false); } break; } @@ -114,23 +154,31 @@ public class AuthSessionHandler implements LimboSessionHandler { case "/2fa": { if (this.totp) { if (verifier.isValidCode(this.playerInfo.getTotpToken(), args[1])) { - this.finishAuth(); + this.finishLogin(); } else { - this.sendMessage(); + this.sendMessage(false); } } else { - this.sendMessage(); + this.sendMessage(false); } break; } default: { - this.sendMessage(); - break; + this.sendMessage(false); } } } else { - this.sendMessage(); + this.sendMessage(false); + } + } + + @Override + public void onDisconnect() { + if (this.authMainTask != null) { + this.authMainTask.cancel(); } + + this.proxyPlayer.hideBossBar(this.bossBar); } public static RegisteredPlayer fetchInfo(Dao playerDao, String nickname) { @@ -163,10 +211,12 @@ public class AuthSessionHandler implements LimboSessionHandler { return verifier; } + private boolean checkPassword(String password) { + return checkPassword(password, this.playerInfo, this.playerDao); + } + public static boolean checkPassword(String password, RegisteredPlayer player, Dao playerDao) { - boolean isCorrect = BCrypt.verifyer().verify( - password.getBytes(StandardCharsets.UTF_8), player.getHash().getBytes(StandardCharsets.UTF_8) - ).verified; + boolean isCorrect = BCrypt.verifyer().verify(password.getBytes(StandardCharsets.UTF_8), player.getHash().getBytes(StandardCharsets.UTF_8)).verified; if (!isCorrect && !Settings.IMP.MAIN.MIGRATION_HASH.isEmpty()) { isCorrect = MigrationHash.valueOf(Settings.IMP.MAIN.MIGRATION_HASH).checkPassword(player.getHash(), password); @@ -184,10 +234,6 @@ public class AuthSessionHandler implements LimboSessionHandler { return isCorrect; } - private boolean checkPassword(String password) { - return checkPassword(password, this.playerInfo, this.playerDao); - } - private void checkIp() { try { List alreadyRegistered = this.playerDao.queryForEq("IP", this.ip); @@ -215,7 +261,7 @@ public class AuthSessionHandler implements LimboSessionHandler { } if (sizeOfValid.get() >= Settings.IMP.MAIN.IP_LIMIT_REGISTRATIONS) { - this.proxyPlayer.disconnect(LegacyComponentSerializer.legacyAmpersand().deserialize(Settings.IMP.MAIN.STRINGS.IP_LIMIT)); + this.proxyPlayer.disconnect(this.deserialize(Settings.IMP.MAIN.STRINGS.IP_LIMIT)); } } catch (SQLException e) { e.printStackTrace(); @@ -224,7 +270,7 @@ public class AuthSessionHandler implements LimboSessionHandler { private void checkCase() { if (!this.proxyPlayer.getUsername().equals(this.playerInfo.getNickname())) { - this.proxyPlayer.disconnect(LegacyComponentSerializer.legacyAmpersand().deserialize(Settings.IMP.MAIN.STRINGS.WRONG_NICKNAME_CASE)); + this.proxyPlayer.disconnect(this.deserialize(Settings.IMP.MAIN.STRINGS.WRONG_NICKNAME_CASE_KICK)); } } @@ -247,36 +293,86 @@ public class AuthSessionHandler implements LimboSessionHandler { } } - private void finishOrTotp() { + private void loginOrTotp() { if (this.playerInfo.getTotpToken().isEmpty()) { - this.finishAuth(); + this.finishLogin(); } else { this.totp = true; - this.sendMessage(); + this.sendMessage(true); } } + private void finishLogin() { + this.proxyPlayer.sendMessage(this.deserialize(Settings.IMP.MAIN.STRINGS.LOGIN_SUCCESSFUL)); + if (!Settings.IMP.MAIN.STRINGS.LOGIN_SUCCESSFUL_TITLE.isEmpty() && !Settings.IMP.MAIN.STRINGS.LOGIN_SUCCESSFUL_SUBTITLE.isEmpty()) { + this.proxyPlayer.showTitle( + Title.title( + this.deserialize(Settings.IMP.MAIN.STRINGS.LOGIN_SUCCESSFUL_TITLE), + this.deserialize(Settings.IMP.MAIN.STRINGS.LOGIN_SUCCESSFUL_SUBTITLE) + ) + ); + } + this.finishAuth(); + } + private void finishAuth() { - this.proxyPlayer.sendMessage(LegacyComponentSerializer.legacyAmpersand().deserialize(Settings.IMP.MAIN.STRINGS.LOGIN_SUCCESS)); - LimboAuth.getInstance().cacheAuthUser(this.proxyPlayer); + this.plugin.cacheAuthUser(this.proxyPlayer); this.player.disconnect(); } - private void sendMessage() { + private void sendMessage(boolean sendTitle) { if (this.totp) { - this.proxyPlayer.sendMessage(LegacyComponentSerializer.legacyAmpersand().deserialize(Settings.IMP.MAIN.STRINGS.TOTP)); + this.proxyPlayer.sendMessage(this.deserialize(Settings.IMP.MAIN.STRINGS.TOTP)); + if (sendTitle && !Settings.IMP.MAIN.STRINGS.TOTP_TITLE.isEmpty() && !Settings.IMP.MAIN.STRINGS.TOTP_SUBTITLE.isEmpty()) { + this.proxyPlayer.showTitle( + Title.title(this.deserialize(Settings.IMP.MAIN.STRINGS.TOTP_TITLE), this.deserialize(Settings.IMP.MAIN.STRINGS.TOTP_SUBTITLE)) + ); + } } else if (this.playerInfo == null) { - this.proxyPlayer.sendMessage(LegacyComponentSerializer.legacyAmpersand().deserialize(Settings.IMP.MAIN.STRINGS.REGISTER)); + this.proxyPlayer.sendMessage(this.deserialize(Settings.IMP.MAIN.STRINGS.REGISTER)); + if (sendTitle && !Settings.IMP.MAIN.STRINGS.REGISTER_TITLE.isEmpty() && !Settings.IMP.MAIN.STRINGS.REGISTER_SUBTITLE.isEmpty()) { + this.proxyPlayer.showTitle( + Title.title(this.deserialize(Settings.IMP.MAIN.STRINGS.REGISTER_TITLE), this.deserialize(Settings.IMP.MAIN.STRINGS.REGISTER_SUBTITLE)) + ); + } } else { - this.proxyPlayer.sendMessage( - LegacyComponentSerializer.legacyAmpersand().deserialize(MessageFormat.format(Settings.IMP.MAIN.STRINGS.LOGIN, this.attempts)) - ); + this.proxyPlayer.sendMessage(this.deserialize(MessageFormat.format(Settings.IMP.MAIN.STRINGS.LOGIN, this.attempts))); + if (sendTitle && !Settings.IMP.MAIN.STRINGS.LOGIN_TITLE.isEmpty() && !Settings.IMP.MAIN.STRINGS.LOGIN_SUBTITLE.isEmpty()) { + this.proxyPlayer.showTitle( + Title.title( + this.deserialize(MessageFormat.format(Settings.IMP.MAIN.STRINGS.LOGIN_TITLE, this.attempts)), + this.deserialize(MessageFormat.format(Settings.IMP.MAIN.STRINGS.LOGIN_SUBTITLE, this.attempts)) + ) + ); + } } } + private boolean checkPasswordLength(String password) { + int length = password.length(); + if (length > Settings.IMP.MAIN.MAX_PASSWORD_LENGTH) { + this.proxyPlayer.sendMessage(this.deserialize(Settings.IMP.MAIN.STRINGS.REGISTER_PASSWORD_TOO_LONG)); + return false; + } else if (length < Settings.IMP.MAIN.MIN_PASSWORD_LENGTH) { + this.proxyPlayer.sendMessage(this.deserialize(Settings.IMP.MAIN.STRINGS.REGISTER_PASSWORD_TOO_SHORT)); + return false; + } + + return true; + } + + private boolean checkPasswordStrength(String password) { + if (Settings.IMP.MAIN.CHECK_PASSWORD_STRENGTH && this.plugin.getUnsafePasswords().contains(password)) { + this.proxyPlayer.sendMessage(this.deserialize(Settings.IMP.MAIN.STRINGS.REGISTER_PASSWORD_UNSAFE)); + return false; + } + + return true; + } + private boolean checkPasswordsRepeat(String[] args) { if (Settings.IMP.MAIN.REGISTER_NEED_REPEAT_PASSWORD && !args[1].equals(args[2])) { - this.proxyPlayer.sendMessage(LegacyComponentSerializer.legacyAmpersand().deserialize(Settings.IMP.MAIN.STRINGS.DIFFERENT_PASSWORDS)); + this.proxyPlayer.sendMessage(this.deserialize(Settings.IMP.MAIN.STRINGS.REGISTER_DIFFERENT_PASSWORDS)); return false; } @@ -291,6 +387,10 @@ public class AuthSessionHandler implements LimboSessionHandler { } } + private Component deserialize(String text) { + return LegacyComponentSerializer.legacyAmpersand().deserialize(text); + } + public static String genHash(String password) { return BCrypt.withDefaults().hashToString(Settings.IMP.MAIN.BCRYPT_COST, password.toCharArray()); } diff --git a/src/main/java/net/elytrium/limboauth/listener/AuthListener.java b/src/main/java/net/elytrium/limboauth/listener/AuthListener.java index 2892d79..4189c12 100644 --- a/src/main/java/net/elytrium/limboauth/listener/AuthListener.java +++ b/src/main/java/net/elytrium/limboauth/listener/AuthListener.java @@ -31,6 +31,7 @@ import net.elytrium.limboauth.Settings; import net.elytrium.limboauth.handler.AuthSessionHandler; import net.elytrium.limboauth.model.RegisteredPlayer; +// TODO: Customizable events priority public class AuthListener { private final Dao playerDao; diff --git a/src/main/resources/unsafe_passwords.txt b/src/main/resources/unsafe_passwords.txt new file mode 100644 index 0000000..f30c4bd --- /dev/null +++ b/src/main/resources/unsafe_passwords.txt @@ -0,0 +1,12319 @@ +**** +0000 +0001 +0007 +0069 +0101 +0123 +0311 +0420 +0660 +0815 +0911 +0987 +1000 +1001 +1002 +1003 +1004 +1005 +1007 +1008 +1009 +1010 +1011 +1012 +1013 +1014 +1015 +1016 +1017 +1018 +1019 +1020 +1021 +1022 +1023 +1024 +1025 +1026 +1027 +1028 +1029 +1030 +1031 +1066 +1101 +1102 +1103 +1104 +1107 +1111 +1112 +1113 +1114 +1115 +1117 +1120 +1121 +1122 +1123 +1124 +1125 +1126 +1127 +1128 +1129 +1130 +1134 +1138 +1200 +1201 +1202 +1204 +1205 +1207 +1208 +1209 +1210 +1211 +1212 +1213 +1214 +1215 +1216 +1217 +1218 +1219 +1220 +1221 +1222 +1223 +1224 +1225 +1226 +1227 +1228 +1229 +1230 +1231 +1233 +1234 +1235 +1236 +1245 +1269 +1313 +1331 +1357 +1369 +1411 +1414 +1432 +1469 +1478 +1492 +1515 +1616 +1624 +1664 +1701 +1717 +1776 +1812 +1818 +1900 +1911 +1914 +1919 +1941 +1942 +1943 +1944 +1945 +1946 +1947 +1948 +1949 +1950 +1951 +1952 +1953 +1954 +1955 +1956 +1957 +1958 +1959 +1960 +1961 +1962 +1963 +1964 +1965 +1966 +1967 +1968 +1969 +1970 +1971 +1972 +1973 +1974 +1975 +1976 +1977 +1978 +1979 +1980 +1981 +1982 +1983 +1984 +1985 +1986 +1987 +1988 +1989 +1990 +1991 +1992 +1993 +1994 +1995 +1996 +1997 +1998 +1999 +1qaz +2000 +2001 +2002 +2003 +2004 +2005 +2010 +2020 +2055 +2112 +2121 +2211 +2222 +2233 +2244 +2255 +2277 +2323 +2345 +2369 +2424 +2468 +2469 +2500 +2501 +2525 +2580 +2626 +2663 +2727 +2828 +2929 +3000 +3006 +3030 +3131 +3232 +3333 +3434 +3535 +3636 +3728 +3737 +3825 +3way +4040 +4121 +4128 +4200 +4226 +4242 +4271 +4321 +4343 +4417 +4444 +4545 +4567 +4711 +4747 +4949 +4you +5000 +5050 +5150 +5151 +5232 +5252 +5291 +5329 +5353 +5401 +5424 +5432 +5454 +5555 +5656 +5678 +5683 +5757 +5858 +6464 +6666 +6669 +6789 +6969 +6996 +7007 +7474 +7676 +7734 +7777 +7878 +7890 +7894 +8520 +8888 +8989 +9876 +9898 +9999 +aaaa +abba +abby +abcd +acdc +acer +acid +adam +ajax +alan +alec +alex +alfa +amor +anal +andy +anna +anne +arch +army +arse +asdf +asia +audi +auto +away +axio +baba +babe +baby +bach +back +ball +bama +band +bang +bank +barb +bart +base +bass +bbbb +bdsm +bean +bear +beat +beau +bebe +beck +beef +beer +bell +beng +benz +bert +best +beta +beth +bian +biao +bibi +big1 +bigd +biit +bike +bill +bing +bird +bite +blam +blow +blue +boat +bobb +bobo +body +bomb +bond +bone +bong +boob +book +boom +boot +boss +bowl +boys +boyz +bozo +brad +buck +budd +buds +buff +bugs +bull +burn +bush +butt +buzz +caca +cake +cali +call +camp +cang +card +carl +cars +case +cash +cats +cccc +ceng +chad +chai +chan +chao +chas +chat +chef +chen +chip +chou +chui +chun +chuo +city +clay +cleo +clit +club +cock +coco +code +cody +coke +cola +cold +cole +colt +come +comp +cong +cook +cool +core +corn +cory +cows +crap +crew +crow +cuan +cubs +cumm +cunt +cute +dada +dale +damn +dana +dang +dani +dank +dark +data +dave +dawg +dawn +days +dddd +dead +deal +dean +dede +deep +deer +dell +demo +deng +derf +devo +dian +diao +dick +dima +ding +dino +dirk +dirt +diva +dive +dodo +dogg +dogs +doit +doll +dome +done +dong +doom +door +dope +dork +doug +down +drew +drop +drum +duan +duck +dude +duke +dumb +dust +earl +east +easy +echo +eddy +eded +edge +eeee +ekim +ella +elmo +emma +eric +erik +erin +evan +evil +eyes +f**k +face +fang +farm +fart +fast +fdsa +fear +feet +feng +ffff +fick +film +fine +fire +fish +fist +five +flex +flip +flow +food +fool +foot +ford +four +foxy +fran +fred +free +frog +fuck +full +funk +game +gang +gary +gate +geil +gene +geng +gggg +gigi +gina +girl +glen +glow +gman +goal +goat +gogo +goku +gold +golf +gone +gong +good +gore +goth +gray +greg +guai +guan +guns +guru +hack +haha +hair +hakr +hall +hand +hang +hank +hans +hard +hart +hate +hawk +head +heat +hell +help +heng +here +hero +hhhh +high +hill +hjkl +hoes +hola +hole +home +hong +hook +hope +horn +hose +hott +huai +huan +huge +hugo +hulk +hung +hunt +igor +iiii +indy +info +iron +ivan +jack +jade +jake +jane +java +jazz +jean +jedi +jeep +jeff +jenn +jerk +jess +jets +jian +jiao +jill +jimi +jing +jjjj +joan +joel +joey +john +jojo +joke +jose +josh +juan +judy +juju +july +jump +june +junk +kane +kang +kara +karl +kate +keng +kent +khan +kick +kids +kiki +kill +king +kirk +kiss +kiwi +kkkk +kobe +koko +kong +kool +korn +kram +kris +kuai +kuan +kume +kurt +kyle +lady +lake +lala +land +lane +lang +lara +last +lazy +left +legs +leng +leon +lian +liao +lick +life +lily +line +ling +link +lion +lips +lisa +list +lite +live +lkjh +llll +load +lobo +lock +loco +loki +lola +lolo +long +look +loop +lord +lori +lost +loud +love +luan +luck +lucy +luis +luke +lulu +luna +lust +lynn +mack +mail +mama +mang +mann +manu +marc +mark +mars +mart +mary +mate +matt +maxi +maxx +maya +meat +mega +meme +meng +meow +mets +mian +miao +mick +mike +milk +milo +mimi +mind +mine +ming +mini +mmmm +mnbv +mojo +momo +mona +mone +monk +moon +more +moto +muff +name +nana +nang +nash +nate +navy +neal +neil +neng +neon +nero +news +nian +niao +nice +nick +nico +nike +niki +niko +nina +nine +ning +nnnn +noah +noel +none +nong +nono +nope +nose +nova +nuan +nude +null +nuts +odin +ohio +omar +only +oooo +open +opus +oral +oreo +orgy +otis +otto +over +owen +ozzy +pack +paco +page +pain +pang +papa +park +pass +paul +peng +pepe +pete +phat +phil +pian +piao +pick +pics +pimp +pine +ping +pink +pipe +piss +pitt +play +plum +plus +poiu +polo +pong +pony +pooh +pool +poon +poop +popo +pork +porn +port +post +pppp +puck +puff +pump +punk +puss +puta +pyon +qian +qiao +qing +qqqq +quan +qwer +r2d2 +race +rage +rain +rams +rang +rats +raul +real +redd +reds +reed +rene +reng +reno +rewq +rice +rich +rick +rico +ride +ring +rita +road +rock +roll +rong +room +root +rosa +rose +ross +roxy +rrrr +ruan +ruby +rudy +rulz +rush +russ +ruth +ryan +saab +sage +sail +same +samm +sand +sang +sara +seal +sean +seng +seth +sex1 +sexe +sexo +sexx +sexy +shag +shai +shan +shao +shei +shen +ship +shit +shoe +shop +shot +shou +show +shua +shui +shun +shuo +sick +side +silk +sims +site +skin +skip +slam +slap +slim +slow +slut +smut +snow +soft +solo +some +song +sony +soul +soup +spam +spot +spud +ssss +stan +star +stop +stud +suan +suck +surf +swim +taco +tail +talk +tang +tank +tara +tazz +team +tech +teen +temp +teng +test +theo +this +thor +tian +tiao +tiff +time +tina +ting +tiny +titi +tito +tits +toad +toby +todd +toes +tong +toni +tony +tool +toon +toto +town +tree +trek +trey +trip +troy +true +tttt +tuan +tuna +twat +twin +user +usmc +ussy +uuuu +vamp +vbnm +view +visa +vols +vvvv +wade +wage +wang +ward +wars +wave +weed +weng +wert +west +what +wife +wild +will +wind +wine +wing +wolf +wood +woof +word +work +worm +wwww +xian +xiao +xing +xman +xmas +xmen +xray +xuan +xxxx +yang +yaya +yeah +yess +ying +ynot +yoda +yogi +yong +your +yoyo +yuan +yyyy +zach +zack +zang +zeke +zeng +zero +zeus +zhai +zhan +zhao +zhei +zhen +zhou +zhua +zhui +zhun +zhuo +zone +zong +zoom +zuan +zulu +zxcv +zzzz +***** +00000 +11111 +12345 +13579 +1fuck +1love +1test +22222 +24680 +33333 +3some +44444 +49ers +4ever +54321 +55555 +66666 +77777 +88888 +90210 +98765 +99999 +????? +aaaaa +aaron +abcde +abstr +acura +adams +admin +adult +again +agent +aggie +aimee +aisan +akira +alain +alcat +alert +alexa +alice +alien +alive +allan +allen +alley +allie +aloha +alone +alpha +altec +alvin +amber +amiga +amigo +andre +angel +angie +angus +anime +anita +annie +anton +apple +april +ariel +aries +arrow +asdfg +asian +aside +aspen +asses +astra +astro +atlas +audio +awful +aztnm +azzer +babes +bacon +baker +balls +bambi +banks +barks +baron +barry +basic +basil +baura +bball +bbbbb +beach +beans +bear1 +bears +beast +becca +becky +beech +bella +belle +belly +benji +benny +berry +betsy +betty +bigal +biker +bilbo +bill1 +bills +billy +bimbo +bingo +binky +bitch +black +blade +blair +blake +blank +blast +blaze +blind +blink +bliss +blitz +block +bloke +blond +blood +blue1 +blues +blunt +board +boats +bobby +bogey +bogus +boner +bones +bongo +bonzo +boobs +books +boots +booty +boris +bosco +bowie +boxer +br549 +brady +brain +bravo +bread +break +brent +brest +brett +brian +brick +britt +broad +brook +brown +bruce +bruno +bryan +bryce +bubba +bucks +bucky +buddy +buffa +buffy +buick +bulls +bully +bundy +bunny +burly +burns +busty +butch +butts +byron +cable +caddy +cajun +caleb +camel +candy +canon +cards +carla +carlo +carol +casey +casio +cathy +cazzo +ccccc +celeb +chair +champ +chang +chaos +chase +check +cheng +chess +chevy +chewy +chick +chico +chief +chiks +child +chill +china +chino +chips +chloe +choke +chong +chris +chuai +chuan +chuck +cigar +cindy +cisco +civic +clark +class +clean +click +cliff +clint +clips +clock +close +cloud +clown +clyde +coach +cobra +cocks +cocoa +colin +color +colts +comet +conan +coors +coral +corey +corky +corps +cosmo +court +crack +craft +craig +crane +crash +crave +crazy +cream +creed +cross +crown +cunts +cupoi +cutie +cwoui +cyber +cyrus +daddy +daffy +daisy +daman +damon +dance +dandy +danni +danny +dante +darth +dave1 +david +davis +dawgs +ddddd +death +debra +delta +demon +derek +deuce +devil +devin +devon +diana +diane +dick1 +dicks +dicky +diego +dildo +dimas +dingo +dirty +disco +ditto +diver +divx1 +dixie +dizzy +dodge +doggy +dolly +donna +donut +doors +doris +draco +drake +dream +drive +drums +drunk +duane +ducks +ducky +dudes +duffy +dummy +dusty +dutch +dylan +eagle +earth +eatme +ebony +eddie +edgar +edwin +eeeee +eight +elite +ellen +ellie +ellis +elmer +elvis +elway +emily +ender +enjoy +enter +entry +eric1 +erica +erika +ernie +erwin +ethan +evans +extra +faith +fanny +fatty +faust +felix +fever +fffff +field +fight +films +final +fire1 +first +fishy +flame +flash +flesh +flint +floyd +fluff +flyer +fmale +focus +force +forme +forum +frame +frank +freak +freee +fresh +fritz +frodo +frogs +frost +fruit +fubar +fuck1 +fucks +fucku +fudge +funky +funny +fuzzy +gabby +games +gamma +ganja +gates +gator +gavin +gecko +gerry +getit +ggggg +ghost +giant +girls +girsl +gizmo +glass +glenn +glock +glory +goats +gohan +golf1 +gomez +gonzo +goofy +goose +gordo +goten +grace +grand +grant +grass +great +greek +green +grils +grunt +gspot +guang +guard +gucci +guess +guest +guido +gumbo +gumby +gypsy +hairy +haley +hallo +hanna +happy +hardy +harry +hawks +heart +heavy +heels +heidi +helen +hello +henry +henti +hhhhh +hills +hippo +hogan +holes +holla +holly +homer +honda +honey +honor +hoops +hores +horny +horse +hoser +hotel +hound +house +hover +howdy +howie +huang +husky +hydro +idiot +iiiii +image +india +indon +intel +inter +invis +irene +irish +isaac +italy +itsme +jack1 +jacob +jaime +james +jamie +janet +japan +jared +jason +jazzy +jello +jelly +jenna +jenny +jerky +jerry +jesse +jesus +jetta +jewel +jiang +jigga +jimbo +jimmy +jiong +jjjjj +john1 +joker +jolly +jonas +jones +jonny +jorge +josie +joung +joyce +judge +juice +juicy +jules +julia +julie +julio +jumbo +kajak +kappa +karen +karin +karma +kathy +katie +kayla +keith +kelly +kenny +kerry +kevin +killa +kimmy +kings +kinky +kirby +kitty +kkkkk +klaus +knife +knock +kojak +kuang +labia +lager +lamer +lance +large +larry +laser +latex +latin +laura +lback +leeds +lefty +legos +leigh +lemon +lenny +leroy +lewis +lexus +liang +light +lilly +linda +links +linux +lions +litle +lives +lizzy +lkjhg +lllll +lloyd +locks +logan +loose +lopez +loser +lotus +louie +louis +love1 +lover +loves +lucas +lucky +luft4 +lydia +mafia +magic +maine +major +maker +mamas +mandy +manga +mango +mannn +manny +maple +march +marco +maria +marie +mario +mark1 +marma +marsh +marty +mason +matty +maxim +mazda +mdogg +media +medic +megan +meier +metal +metoo +metro +miami +micky +micro +mike1 +mikey +miles +mindy +misha +missy +misty +mitch +mmmmm +mnbvc +mocha +model +modem +molly +mommy +money +mongo +monte +month +monty +moore +moose +mopar +moron +moses +motor +mouse +mouth +movie +mpegs +muffy +munch +music +nadia +naked +nancy +nasty +never +niang +nicky +nigga +night +nikki +nikon +ninja +nitro +nixon +nnnnn +nokia +nolan +noles +nomad +north +noway +nudes +nurse +oasis +ocean +older +olive +ollie +omega +onion +ooooo +orion +osama +oscar +otter +ou812 +pablo +paddy +paige +paint +panda +panic +pants +paper +pappy +paris +party +pass1 +pasta +patch +patti +patty +paula +peace +peach +pearl +pedro +peggy +penis +penny +pepsi +perry +peter +petra +phish +phone +photo +phpbb +piano +picks +piggy +pilot +pinch +pinky +pinto +piper +pippo +pitch +pixie +pizza +place +plane +plato +playa +pluto +poets +point +poiuy +poker +pokey +polly +pooky +poopy +poppy +porky +porno +power +ppppp +prick +pride +prima +prime +proxy +puffy +punch +puppy +pussy +pusyy +qiang +qiong +qqqqq +quake +queen +quest +quick +quinn +qwert +racer +radar +radio +ralph +rambo +ranch +randy +rasta +rated +raven +razor +ready +rebel +recon +renee +rhino +ricky +rider +ridge +right +riley +ringo +river +roach +robin +robot +robyn +rocco +rocks +rocky +rodeo +roger +rogue +rolex +roman +romeo +roses +rosie +rough +round +rover +royal +rrrrr +rufus +rugby +ruger +rusty +sable +sabre +sadie +saint +salem +sales +sally +salsa +sambo +sammy +sandy +santa +sarah +sarge +sasha +sassy +satan +satin +sauce +score +scott +scout +screw +scuba +senna +seven +sex69 +sexxx +sexxy +sexy1 +shaft +shane +shang +shark +sharp +shaun +shawn +sheba +sheep +shell +sheng +shine +shiva +shock +shoes +shoot +short +shuai +shuan +sigma +silly +simba +simon +sissy +sites +sixty +skate +skins +skirt +skunk +slash +slave +sleep +slick +sluts +smack +small +smart +smile +smith +smoke +smurf +snake +snoop +sober +socks +solar +sonia +sonic +sonja +sonne +sonny +sound +south +space +spain +spank +spark +spawn +speed +sperm +spice +spike +spock +spook +spoon +sport +spunk +spurs +squid +sssss +stacy +staff +stang +star1 +starr +stars +start +state +steel +steph +stern +steve +stick +sting +stock +stone +store +storm +story +strap +strat +strip +stuff +style +sucks +suede +sugar +sunny +super +supra +susan +sushi +susie +sweet +swift +swing +swiss +sword +table +taffy +tahoe +tales +talks +talon +tammy +tango +tanya +tasha +tasty +tbird +tbone +teddy +teens +terra +terri +terry +test1 +test2 +texas +their +there +these +thick +thing +think +thong +three +thumb +tical +tiger +tight +times +timmy +tires +titan +titts +titty +toast +today +tokyo +tomas +tommy +tools +toons +tooth +topaz +total +touch +tower +trace +track +tracy +train +tramp +trans +trash +trees +trent +trewq +trial +tribe +trick +trish +troll +trout +truck +trust +truth +ttttt +tulip +tupac +turbo +tuscl +twins +twist +tyler +tyson +ultra +uncle +under +union +uuuuu +vader +vegas +venom +venus +vette +vgirl +vicki +vicky +video +vides +villa +vince +viper +virus +vivid +vixen +vodka +volvo +vulva +vvvvv +wahoo +waldo +wally +wanda +warez +watch +water +wayer +wayne +weird +wendy +whale +wheel +white +whore +wifes +wifey +willi +willy +wilma +wings +witch +wives +womam +woman +women +woods +woody +world +wwwww +wyatt +xiang +xiong +xxxxx +xyzzy +yahoo +yanks +yoshi +young +yummy +yyyyy +zappa +zebra +zelda +zhang +zheng +zhong +zhuai +zhuan +ziggy +zippo +zippy +zorro +zxcvb +zzzzz +qwerty +111111 +dragon +123123 +abc123 +monkey +696969 +shadow +master +666666 +123321 +654321 +121212 +000000 +qazwsx +123qwe +killer +jordan +asdfgh +hunter +buster +soccer +harley +batman +andrew +tigger +fuckme +robert +thomas +hockey +ranger +daniel +112233 +george +pepper +zxcvbn +555555 +131313 +777777 +maggie +159753 +aaaaaa +ginger +joshua +cheese +amanda +summer +ashley +nicole +biteme +access +dallas +austin +taylor +matrix +martin +secret +fucker +merlin +gfhjkm +hammer +silver +222222 +justin +bailey +orange +golfer +cookie +bigdog +guitar +mickey +sparky +snoopy +camaro +peanut +morgan +falcon +cowboy +andrea +smokey +joseph +dakota +eagles +boomer +booboo +spider +nascar +tigers +yellow +xxxxxx +marina +diablo +compaq +purple +banana +junior +hannah +123654 +lakers +iceman +987654 +london +tennis +999999 +coffee +scooby +miller +boston +yamaha +mother +johnny +edward +333333 +oliver +redsox +player +nikita +knight +fender +barney +please +brandy +badboy +iwantu +slayer +flower +rabbit +wizard +jasper +rachel +steven +winner +adidas +winter +prince +marine +ghbdtn +casper +232323 +888888 +sexsex +golden +blowme +lauren +angela +spanky +angels +toyota +canada +sophie +apples +123abc +qazxsw +qwaszx +muffin +murphy +cooper +159357 +jackie +789456 +turtle +101010 +butter +carlos +dennis +booger +nathan +rocket +viking +sierra +gemini +doctor +wilson +sandra +helpme +victor +pookie +tucker +theman +bandit +maddog +jaguar +lovers +united +zzzzzz +jeremy +suckit +stupid +monica +giants +hotdog +debbie +444444 +q1w2e3 +albert +azerty +alexis +samson +willie +bonnie +gators +voodoo +driver +dexter +calvin +freddy +212121 +12345a +sydney +red123 +gunner +gordon +legend +jessie +stella +eminem +arthur +nissan +parker +qweqwe +beavis +asdasd +102030 +252525 +apollo +skippy +315475 +kitten +copper +braves +shelby +beaver +tomcat +august +qqqqqq +animal +online +xavier +police +travis +heaven +abcdef +007007 +walter +blazer +sniper +donkey +willow +loveme +saturn +bigboy +topgun +runner +marvin +chance +sergey +celtic +birdie +little +cassie +donald +family +school +louise +fluffy +lol123 +nelson +flyers +lovely +gibson +doggie +cherry +andrey +member +carter +bronco +goober +samuel +mexico +dreams +yankee +magnum +surfer +poopoo +genius +asd123 +speedy +sharon +carmen +111222 +racing +horses +pimpin +enigma +147147 +147258 +simple +12345q +marcus +hahaha +action +hello1 +scotty +friend +forest +010203 +hotrod +google +badger +friday +alaska +tester +jester +147852 +hawaii +badass +420420 +walker +eagle1 +pamela +shorty +diesel +242424 +hitman +reddog +qwe123 +teresa +mozart +buddha +lucky1 +lizard +denise +a12345 +123789 +ruslan +olivia +naruto +spooky +qweasd +suzuki +spirit +marley +system +sucker +098765 +hummer +adrian +vfhbyf +leslie +horney +rascal +howard +bigred +assman +redrum +141414 +nigger +raider +galore +russia +bishop +money1 +disney +oksana +domino +brutus +norman +monday +hentai +duncan +cougar +dancer +brooke +digger +connor +karina +202020 +tinker +alicia +stinky +boogie +zombie +accord +vision +reggie +kermit +froggy +ducati +avalon +saints +852456 +claire +159951 +yfnfif +eugene +brenda +smooth +pirate +empire +bullet +psycho +134679 +alyssa +vegeta +christ +goblue +fylhtq +mmmmmm +kirill +indian +hiphop +baxter +people +danger +roland +mookie +bambam +arnold +serega +1q2w3e +denver +hobbes +happy1 +alison +burton +wanker +picard +151515 +tweety +turkey +456789 +vfrcbv +galina +manutd +qqq111 +madmax +a1b2c3 +spring +lalala +suckme +raptor +wombat +avatar +zxc123 +brazil +polina +carrie +qaz123 +taurus +shaggy +maksim +gundam +vagina +pretty +pickle +sports +caesar +bigman +124578 +france +devils +alpha1 +kodiak +gracie +bubba1 +ytrewq +wolves +ssssss +ronald +135790 +010101 +tiger1 +sunset +berlin +bbbbbb +171717 +panzer +katana +142536 +outlaw +garcia +454545 +trevor +kramer +popeye +hardon +323232 +buddy1 +lickme +whynot +strike +741852 +robbie +456123 +future +connie +fisher +apache +fuckit +blonde +bigmac +morris +angel1 +666999 +321321 +simone +norton +casino +cancer +beauty +weasel +savage +harvey +246810 +wutang +theone +nastya +hacker +753951 +viktor +maxima +lennon +qazqaz +cheryl +lights +tattoo +tanner +openup +street +roscoe +natali +julian +chris1 +xfiles +sailor +target +elaine +dustin +madman +newton +lolita +ladies +corona +bubble +iloveu +herman +design +cannon +hottie +browns +314159 +trucks +malibu +bruins +bobcat +barbie +freaky +foobar +cthutq +baller +scully +pussy1 +potter +pppppp +philip +gogogo +zaqwsx +peewee +sweety +stefan +stacey +random +hooker +dfvgbh +athena +winnie +fetish +powers +tickle +regina +dollar +squirt +knicks +smiley +cessna +single +piglet +fucked +father +coyote +castle +jasmin +james1 +ficken +sunday +manson +181818 +wicked +reaper +maddie +escort +mylove +mememe +lancer +ibanez +travel +sister +minnie +rocky1 +galaxy +shelly +hotsex +goldie +fatboy +benson +321654 +141627 +ronnie +indigo +lestat +erotic +blabla +skater +pencil +larisa +hornet +hamlet +gambit +alfred +456456 +marino +lollol +565656 +techno +insane +farmer +272727 +1a2b3c +valera +mister +karate +maiden +curtis +colors +kissme +jungle +jerome +garden +bigone +343434 +wonder +subaru +smitty +pascal +joanne +impala +change +timber +redman +bernie +tomtom +millie +virgin +stormy +pierre +chiefs +catdog +aurora +nipple +dudley +burger +brandi +joejoe +363636 +mariah +chichi +monika +justme +hobbit +gloria +chicks +audrey +951753 +sakura +artist +island +anakin +watson +poison +italia +callie +bobbob +autumn +q12345 +kelsey +inside +german +123asd +zipper +nadine +basket +stones +sammie +nugget +kaiser +bomber +alpine +marion +wesley +fatcat +energy +david1 +trojan +trixie +kkkkkk +ybrbnf +warren +sophia +sidney +pussys +nicola +singer +qawsed +martha +harold +forget +191919 +poiuyt +global +dodger +titans +tintin +tarzan +sexual +sammy1 +marcel +manuel +jjjjjj +424242 +yvonne +sex4me +wwwwww +michel +exigen +sherry +rommel +holden +harris +cotton +angelo +sergio +jesus1 +trunks +snakes +archie +911911 +112358 +snatch +planet +panama +desire +waters +bianca +andrei +smiles +assass +555666 +yomama +rocker +ferret +beagle +asasas +sticky +hector +dddddd +joanna +geheim +finger +cactus +spyder +shalom +passat +moomoo +jumper +blue22 +apple1 +unreal +spunky +ripper +niners +faster +deedee +bertha +rubber +mulder +gggggg +yoyoyo +shaved +newman +camera +1q1q1q +patton +beetle +always +legion +909090 +darren +silvia +office +milton +maniac +loulou +fossil +121314 +sylvia +sprite +salmon +shasta +palmer +oxford +nylons +molly1 +holmes +asdzxc +groovy +foster +drizzt +philly +jersey +carrot +africa +sharks +serena +maxmax +gerald +cosmos +cjkywt +brooks +787878 +rodney +keeper +french +dillon +coolio +condor +velvet +sheila +sesame +012345 +damien +boeing +biggie +090909 +zaq123 +trains +sweets +maxine +isabel +shogun +search +ravens +privet +oldman +graham +505050 +safety +review +muscle +colt45 +bottom +159159 +thanks +potato +murray +marlin +789789 +456852 +seven7 +obiwan +mollie +licker +kansas +frosty +262626 +markus +darwin +chubby +tanker +showme +magic1 +goblin +fusion +blades +123098 +powder +delete +python +stimpy +poopie +photos +mirage +liquid +helena +clover +anubis +pepsi1 +dagger +porter +jason1 +gothic +flight +tracey +cccccc +bigguy +walnut +miguel +latino +green1 +engine +doodle +byteme +osiris +nymets +nookie +lucky7 +lester +ledzep +bugger +battle +weezer +turner +ffffff +dookie +damian +258456 +trance +monroe +dublin +charly +butler +brasil +bender +wisdom +tazman +stuart +phoebe +ghjcnj +auburn +archer +aliens +161616 +woody1 +wheels +redred +racerx +postal +parrot +nimrod +madrid +898989 +303030 +tttttt +tamara +samsam +richie +qwertz +luther +bollox +123qaz +102938 +window +sprint +sinner +pooper +finish +carson +black1 +123987 +wookie +volume +rockon +molson +shazam +oracle +moscow +kitkat +janice +gerard +flames +celica +445566 +234567 +topper +stevie +milano +loving +dogdog +123zxc +rebels +mobile +545454 +vfhecz +sobaka +shiloh +llllll +lawyer +elwood +987456 +tardis +tacoma +smoker +shaman +hoover +gotcha +bridge +456654 +parola +nopass +forgot +ashton +viper1 +sabine +melvin +lizzie +honda1 +dadada +cooler +753159 +xanadu +violet +sergei +putter +oooooo +hotboy +chucky +carpet +bobbie +smokin +hearts +claude +amazon +wright +willis +spidey +sleepy +sirius +santos +rrrrrr +payton +broken +trebor +sheena +letsgo +jimbob +janine +jackal +fatass +slappy +rescue +nellie +mypass +marvel +laurie +aussie +roller +rogers +palace +lonely +kristi +atomic +active +223344 +sommer +ohyeah +lemons +granny +funfun +evelyn +donnie +deanna +aggies +313131 +throat +temple +smudge +pacman +myself +israel +hitler +clancy +353535 +282828 +tobias +sooner +shitty +sasha1 +kisses +katrin +kasper +kaktus +harder +eduard +astros +hudson +valley +rusty1 +punkin +napass +marian +magnus +hungry +hhhhhh +906090 +scream +q1q1q1 +primus +mature +ivanov +husker +esther +ernest +champs +fatman +celine +area51 +789654 +sarah1 +moloko +method +kicker +judith +flyboy +writer +usa123 +topdog +pancho +melody +hidden +desert +bowler +anders +666777 +369369 +yesyes +power1 +oscar1 +ludwig +jammer +fallen +amber1 +aaa111 +123457 +terror +strong +odessa +frank1 +elijah +center +blacks +132435 +vivian +hayden +franco +double +bohica +963852 +rbhbkk +labtec +kevin1 +hermes +camels +vulcan +vectra +topcat +skiing +muppet +moocow +kelley +grover +gjkbyf +filter +elvis1 +delta1 +conrad +catcat +amelia +tricky +ramona +popopo +mystic +loveit +looker +laptop +laguna +iguana +herbie +blacky +000007 +possum +oakley +moneys +dalton +breeze +billie +studio +homers +gbpltw +franky +ccbill +brando +zxczxc +tyrone +skinny +rookie +qwqwqw +juliet +homer1 +budman +989898 +362436 +verona +svetik +soleil +noodle +engage +eileen +azsxdc +474747 +triton +sabina +pistol +gopher +cutter +zvezda +vortex +vipers +star69 +server +rafael +omega1 +killme +jrcfyf +gizmo1 +freaks +eleven +doobie +church +breast +vladik +sweden +stoner +jethro +gustav +escape +elliot +dogman +babies +polska +oilers +nofear +danila +128500 +zxcasd +splash +rayray +nevada +mighty +meghan +mayday +madden +jennie +horny1 +cheers +cancel +bigger +zaphod +ultima +thekid +summit +select +rhonda +retard +poncho +market +lickit +leader +jayjay +javier +dawson +daniil +capone +bubbas +789123 +zxzxzx +super1 +sasasa +reagan +jimmy1 +houses +hilton +gofish +bowser +525252 +boxing +bogdan +bizkit +azamat +zidane +tinman +redhot +oregon +memory +illini +govols +giorgi +fatima +crunch +creamy +bryant +321123 +sayang +rotten +models +lololo +hehehe +exodus +conner +catman +casey1 +bonita +100000 +sticks +peters +hohoho +fabian +chewie +chacha +aikido +150781 +utopia +reebok +raven1 +poodle +movies +grumpy +eeyore +volley +scotch +rovers +nnnnnn +mellon +legacy +julius +cancun +br0d3r +beaner +wilbur +tomato +shania +frisco +daddy1 +condom +comics +bikini +143143 +zaqxsw +vfvekz +tyler1 +sixers +rfhbyf +profit +okokok +kristy +hailey +fugazi +fright +figaro +elvira +denali +cruise +cooter +candle +bitch1 +attack +armani +222333 +zenith +sultan +steve1 +selena +samiam +pillow +nobody +kitty1 +jojojo +greens +fuckin +cloud9 +321456 +292929 +stocks +rustam +rfrnec +orgasm +milana +marisa +marcos +malaka +kelly1 +flying +bloody +636363 +420247 +332211 +voyeur +texas1 +steele +maxell +ingrid +hayley +eeeeee +daisy1 +charli +bonsai +billy1 +aspire +987987 +50cent +000001 +wolfie +viagra +vernon +subway +stolen +sparta +slutty +nyjets +miriam +krista +kipper +garage +faggot +crazy1 +chanel +bootie +456321 +404040 +162534 +slider +sandro +quincy +mayhem +knopka +hopper +damnit +chevy1 +chaser +789987 +135246 +122333 +050505 +wibble +tekken +powell +poppop +murder +milena +midget +koshka +jonjon +jenny1 +irish1 +gmoney +ghetto +emily1 +duster +davids +dammit +crysis +bogart +airbus +515151 +200000 +vfczyz +tundra +torres +spears +pussie +lkjhgf +leelee +jensen +helloo +harper +fletch +dfkthf +barsik +757575 +727272 +xtreme +pupsik +pornos +pippen +nikola +nguyen +music1 +katie1 +grapes +divine +coucou +allsop +onlyme +malina +gabrie +dinamo +better +020202 +werner +vector +sparks +smelly +sabres +rupert +ramses +presto +pompey +nudist +ne1469 +minime +love69 +hooter +hansen +facial +cigars +calico +baddog +778899 +z1x2c3 +wassup +vh5150 +thecat +sandy1 +pooter +magick +kungfu +kimber +gringo +fowler +damage +albion +969696 +555777 +trisha +static +sex123 +passme +newbie +mybaby +musica +misfit +mattie +mathew +looser +isaiah +heyhey +frozen +forfun +cohiba +chivas +bottle +bob123 +beanie +trader +stereo +solnce +smegma +samara +safari +rctybz +hotred +goalie +fishes +credit +banker +192837 +112211 +snake1 +sharky +sexxxx +seeker +scania +sapper +mnbvcx +mirror +fiesta +europa +direct +chrono +bobby1 +andres +777888 +333666 +12345z +030303 +whitey +topher +tommy1 +stroke +poetry +pisces +peter1 +packer +magpie +kahuna +jokers +droopy +dorian +donuts +cinder +656565 +walrus +studly +sexy69 +sadie1 +qwert1 +nipper +fucku2 +floppy +flash1 +fghtkm +doodoo +dharma +deacon +daphne +daewoo +bimmer +070707 +sinbad +second +seamus +rabota +number +nature +micron +losers +kostya +gegcbr +custom +button +barber +audia4 +585858 +414141 +336699 +usnavy +skidoo +senior +peyton +marius +holly1 +bounce +answer +575757 +wasser +sasuke +royals +rivers +moose1 +mondeo +greece +freeze +europe +doogie +danzig +dalejr +briana +backup +100100 +zigzag +whisky +weaver +truman +theend +quartz +maggot +laurel +lamont +insert +hacked +groove +