[FIX] Исправление безопасности

This commit is contained in:
Gravit 2020-08-27 21:28:06 +07:00
parent 4917f19b81
commit 1362d71788
No known key found for this signature in database
GPG key ID: 98A079490768CCE5
5 changed files with 2 additions and 60 deletions

View file

@ -93,7 +93,6 @@ public static void registerResponses() {
providers.register("profileByUUID", ProfileByUUIDResponse.class); providers.register("profileByUUID", ProfileByUUIDResponse.class);
providers.register("getAvailabilityAuth", GetAvailabilityAuthResponse.class); providers.register("getAvailabilityAuth", GetAvailabilityAuthResponse.class);
providers.register("register", RegisterResponse.class); providers.register("register", RegisterResponse.class);
providers.register("setPassword", SetPasswordResponse.class);
providers.register("exit", ExitResponse.class); providers.register("exit", ExitResponse.class);
providers.register("getSecureLevelInfo", GetSecureLevelInfoResponse.class); providers.register("getSecureLevelInfo", GetSecureLevelInfoResponse.class);
providers.register("verifySecureLevelKey", VerifySecureLevelKeyResponse.class); providers.register("verifySecureLevelKey", VerifySecureLevelKeyResponse.class);

View file

@ -1,48 +0,0 @@
package pro.gravit.launchserver.socket.response.auth;
import io.netty.channel.ChannelHandlerContext;
import pro.gravit.launcher.ClientPermissions;
import pro.gravit.launcher.events.request.SetPasswordRequestEvent;
import pro.gravit.launchserver.dao.User;
import pro.gravit.launchserver.socket.Client;
import pro.gravit.launchserver.socket.response.SimpleResponse;
public class SetPasswordResponse extends SimpleResponse {
public String oldPassword;
public String newPassword;
public String username;
@Override
public String getType() {
return "setPassword";
}
@Override
public void execute(ChannelHandlerContext ctx, Client client) {
if ((oldPassword == null && username == null) || newPassword == null) {
sendError("Request invalid");
return;
}
if (!client.isAuth) {
sendError("You not authorized");
return;
}
if (username != null && !client.permissions.isPermission(ClientPermissions.PermissionConsts.ADMIN)) {
sendError("You not admin");
return;
}
if (username != null) {
User user = server.config.dao.userDAO.findByUsername(username);
user.setPassword(newPassword);
sendResult(new SetPasswordRequestEvent());
} else {
User user = server.config.dao.userDAO.findByUsername(client.username);
if (user.verifyPassword(oldPassword)) {
user.setPassword(newPassword);
sendResult(new SetPasswordRequestEvent());
} else {
sendError("Old password incorrect");
}
}
}
}

View file

@ -20,6 +20,7 @@ public void execute(ChannelHandlerContext ctx, Client client) throws Exception {
if(!client.isAuth || client.permissions == null || !client.permissions.isPermission(ClientPermissions.PermissionConsts.MANAGEMENT)) if(!client.isAuth || client.permissions == null || !client.permissions.isPermission(ClientPermissions.PermissionConsts.MANAGEMENT))
{ {
sendError("Access denied"); sendError("Access denied");
return;
} }
server.pingServerManager.updateServer(name, data); server.pingServerManager.updateServer(name, data);
sendResult(new PingServerReportRequestEvent()); sendResult(new PingServerReportRequestEvent());

View file

@ -1,10 +0,0 @@
package pro.gravit.launcher.events.request;
import pro.gravit.launcher.events.RequestEvent;
public class SetPasswordRequestEvent extends RequestEvent {
@Override
public String getType() {
return "setPassword";
}
}

View file

@ -93,7 +93,6 @@ public void registerResults() {
results.register("getAvailabilityAuth", GetAvailabilityAuthRequestEvent.class); results.register("getAvailabilityAuth", GetAvailabilityAuthRequestEvent.class);
results.register("exception", ExceptionEvent.class); results.register("exception", ExceptionEvent.class);
results.register("register", RegisterRequestEvent.class); results.register("register", RegisterRequestEvent.class);
results.register("setpassword", SetPasswordRequestEvent.class);
results.register("notification", NotificationEvent.class); results.register("notification", NotificationEvent.class);
results.register("signal", SignalEvent.class); results.register("signal", SignalEvent.class);
results.register("exit", ExitRequestEvent.class); results.register("exit", ExitRequestEvent.class);
@ -104,6 +103,7 @@ public void registerResults() {
results.register("serverStatus", ServerStatusRequestEvent.class); results.register("serverStatus", ServerStatusRequestEvent.class);
results.register("pingServerReport", PingServerReportRequestEvent.class); results.register("pingServerReport", PingServerReportRequestEvent.class);
results.register("pingServer", PingServerRequestEvent.class); results.register("pingServer", PingServerRequestEvent.class);
results.register("currentUser", CurrentUserRequestEvent.class);
} }
public void waitIfNotConnected() { public void waitIfNotConnected() {