[FIX] Исправление безопасности

2024-12-22 16:41:46 +03:00 · 2020-08-27 21:28:06 +07:00 · 2020-08-27 21:28:06 +07:00 · 1362d71788
commit 1362d71788
parent 4917f19b81
5 changed files with 2 additions and 60 deletions
--- a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/WebSocketService.java
+++ b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/WebSocketService.java
@ -93,7 +93,6 @@ public static void registerResponses() {
        providers.register("profileByUUID", ProfileByUUIDResponse.class);
        providers.register("getAvailabilityAuth", GetAvailabilityAuthResponse.class);
        providers.register("register", RegisterResponse.class);
-        providers.register("setPassword", SetPasswordResponse.class);
        providers.register("exit", ExitResponse.class);
        providers.register("getSecureLevelInfo", GetSecureLevelInfoResponse.class);
        providers.register("verifySecureLevelKey", VerifySecureLevelKeyResponse.class);
--- a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/SetPasswordResponse.java
+++ b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/SetPasswordResponse.java
@ -1,48 +0,0 @@
-package pro.gravit.launchserver.socket.response.auth;
-
-import io.netty.channel.ChannelHandlerContext;
-import pro.gravit.launcher.ClientPermissions;
-import pro.gravit.launcher.events.request.SetPasswordRequestEvent;
-import pro.gravit.launchserver.dao.User;
-import pro.gravit.launchserver.socket.Client;
-import pro.gravit.launchserver.socket.response.SimpleResponse;
-
-public class SetPasswordResponse extends SimpleResponse {
-    public String oldPassword;
-    public String newPassword;
-    public String username;
-
-    @Override
-    public String getType() {
-        return "setPassword";
-    }
-
-    @Override
-    public void execute(ChannelHandlerContext ctx, Client client) {
-        if ((oldPassword == null && username == null) || newPassword == null) {
-            sendError("Request invalid");
-            return;
-        }
-        if (!client.isAuth) {
-            sendError("You not authorized");
-            return;
-        }
-        if (username != null && !client.permissions.isPermission(ClientPermissions.PermissionConsts.ADMIN)) {
-            sendError("You not admin");
-            return;
-        }
-        if (username != null) {
-            User user = server.config.dao.userDAO.findByUsername(username);
-            user.setPassword(newPassword);
-            sendResult(new SetPasswordRequestEvent());
-        } else {
-            User user = server.config.dao.userDAO.findByUsername(client.username);
-            if (user.verifyPassword(oldPassword)) {
-                user.setPassword(newPassword);
-                sendResult(new SetPasswordRequestEvent());
-            } else {
-                sendError("Old password incorrect");
-            }
-        }
-    }
-}
--- a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/management/PingServerReportResponse.java
+++ b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/management/PingServerReportResponse.java
@ -20,6 +20,7 @@ public void execute(ChannelHandlerContext ctx, Client client) throws Exception {
        if(!client.isAuth || client.permissions == null || !client.permissions.isPermission(ClientPermissions.PermissionConsts.MANAGEMENT))
        {
            sendError("Access denied");
+            return;
        }
        server.pingServerManager.updateServer(name, data);
        sendResult(new PingServerReportRequestEvent());
--- a/LauncherAPI/src/main/java/pro/gravit/launcher/events/request/SetPasswordRequestEvent.java
+++ b/LauncherAPI/src/main/java/pro/gravit/launcher/events/request/SetPasswordRequestEvent.java
@ -1,10 +0,0 @@
-package pro.gravit.launcher.events.request;
-
-import pro.gravit.launcher.events.RequestEvent;
-
-public class SetPasswordRequestEvent extends RequestEvent {
-    @Override
-    public String getType() {
-        return "setPassword";
-    }
-}
--- a/LauncherAPI/src/main/java/pro/gravit/launcher/request/websockets/ClientWebSocketService.java
+++ b/LauncherAPI/src/main/java/pro/gravit/launcher/request/websockets/ClientWebSocketService.java
@ -93,7 +93,6 @@ public void registerResults() {
        results.register("getAvailabilityAuth", GetAvailabilityAuthRequestEvent.class);
        results.register("exception", ExceptionEvent.class);
        results.register("register", RegisterRequestEvent.class);
-        results.register("setpassword", SetPasswordRequestEvent.class);
        results.register("notification", NotificationEvent.class);
        results.register("signal", SignalEvent.class);
        results.register("exit", ExitRequestEvent.class);
@ -104,6 +103,7 @@ public void registerResults() {
        results.register("serverStatus", ServerStatusRequestEvent.class);
        results.register("pingServerReport", PingServerReportRequestEvent.class);
        results.register("pingServer", PingServerRequestEvent.class);
+        results.register("currentUser", CurrentUserRequestEvent.class);
    }

    public void waitIfNotConnected() {