mirror of
https://github.com/GravitLauncher/Launcher
synced 2024-12-23 00:51:01 +03:00
[FIX] Исправление безопасности
This commit is contained in:
parent
4917f19b81
commit
1362d71788
5 changed files with 2 additions and 60 deletions
|
@ -93,7 +93,6 @@ public static void registerResponses() {
|
||||||
providers.register("profileByUUID", ProfileByUUIDResponse.class);
|
providers.register("profileByUUID", ProfileByUUIDResponse.class);
|
||||||
providers.register("getAvailabilityAuth", GetAvailabilityAuthResponse.class);
|
providers.register("getAvailabilityAuth", GetAvailabilityAuthResponse.class);
|
||||||
providers.register("register", RegisterResponse.class);
|
providers.register("register", RegisterResponse.class);
|
||||||
providers.register("setPassword", SetPasswordResponse.class);
|
|
||||||
providers.register("exit", ExitResponse.class);
|
providers.register("exit", ExitResponse.class);
|
||||||
providers.register("getSecureLevelInfo", GetSecureLevelInfoResponse.class);
|
providers.register("getSecureLevelInfo", GetSecureLevelInfoResponse.class);
|
||||||
providers.register("verifySecureLevelKey", VerifySecureLevelKeyResponse.class);
|
providers.register("verifySecureLevelKey", VerifySecureLevelKeyResponse.class);
|
||||||
|
|
|
@ -1,48 +0,0 @@
|
||||||
package pro.gravit.launchserver.socket.response.auth;
|
|
||||||
|
|
||||||
import io.netty.channel.ChannelHandlerContext;
|
|
||||||
import pro.gravit.launcher.ClientPermissions;
|
|
||||||
import pro.gravit.launcher.events.request.SetPasswordRequestEvent;
|
|
||||||
import pro.gravit.launchserver.dao.User;
|
|
||||||
import pro.gravit.launchserver.socket.Client;
|
|
||||||
import pro.gravit.launchserver.socket.response.SimpleResponse;
|
|
||||||
|
|
||||||
public class SetPasswordResponse extends SimpleResponse {
|
|
||||||
public String oldPassword;
|
|
||||||
public String newPassword;
|
|
||||||
public String username;
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public String getType() {
|
|
||||||
return "setPassword";
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void execute(ChannelHandlerContext ctx, Client client) {
|
|
||||||
if ((oldPassword == null && username == null) || newPassword == null) {
|
|
||||||
sendError("Request invalid");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
if (!client.isAuth) {
|
|
||||||
sendError("You not authorized");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
if (username != null && !client.permissions.isPermission(ClientPermissions.PermissionConsts.ADMIN)) {
|
|
||||||
sendError("You not admin");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
if (username != null) {
|
|
||||||
User user = server.config.dao.userDAO.findByUsername(username);
|
|
||||||
user.setPassword(newPassword);
|
|
||||||
sendResult(new SetPasswordRequestEvent());
|
|
||||||
} else {
|
|
||||||
User user = server.config.dao.userDAO.findByUsername(client.username);
|
|
||||||
if (user.verifyPassword(oldPassword)) {
|
|
||||||
user.setPassword(newPassword);
|
|
||||||
sendResult(new SetPasswordRequestEvent());
|
|
||||||
} else {
|
|
||||||
sendError("Old password incorrect");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -20,6 +20,7 @@ public void execute(ChannelHandlerContext ctx, Client client) throws Exception {
|
||||||
if(!client.isAuth || client.permissions == null || !client.permissions.isPermission(ClientPermissions.PermissionConsts.MANAGEMENT))
|
if(!client.isAuth || client.permissions == null || !client.permissions.isPermission(ClientPermissions.PermissionConsts.MANAGEMENT))
|
||||||
{
|
{
|
||||||
sendError("Access denied");
|
sendError("Access denied");
|
||||||
|
return;
|
||||||
}
|
}
|
||||||
server.pingServerManager.updateServer(name, data);
|
server.pingServerManager.updateServer(name, data);
|
||||||
sendResult(new PingServerReportRequestEvent());
|
sendResult(new PingServerReportRequestEvent());
|
||||||
|
|
|
@ -1,10 +0,0 @@
|
||||||
package pro.gravit.launcher.events.request;
|
|
||||||
|
|
||||||
import pro.gravit.launcher.events.RequestEvent;
|
|
||||||
|
|
||||||
public class SetPasswordRequestEvent extends RequestEvent {
|
|
||||||
@Override
|
|
||||||
public String getType() {
|
|
||||||
return "setPassword";
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -93,7 +93,6 @@ public void registerResults() {
|
||||||
results.register("getAvailabilityAuth", GetAvailabilityAuthRequestEvent.class);
|
results.register("getAvailabilityAuth", GetAvailabilityAuthRequestEvent.class);
|
||||||
results.register("exception", ExceptionEvent.class);
|
results.register("exception", ExceptionEvent.class);
|
||||||
results.register("register", RegisterRequestEvent.class);
|
results.register("register", RegisterRequestEvent.class);
|
||||||
results.register("setpassword", SetPasswordRequestEvent.class);
|
|
||||||
results.register("notification", NotificationEvent.class);
|
results.register("notification", NotificationEvent.class);
|
||||||
results.register("signal", SignalEvent.class);
|
results.register("signal", SignalEvent.class);
|
||||||
results.register("exit", ExitRequestEvent.class);
|
results.register("exit", ExitRequestEvent.class);
|
||||||
|
@ -104,6 +103,7 @@ public void registerResults() {
|
||||||
results.register("serverStatus", ServerStatusRequestEvent.class);
|
results.register("serverStatus", ServerStatusRequestEvent.class);
|
||||||
results.register("pingServerReport", PingServerReportRequestEvent.class);
|
results.register("pingServerReport", PingServerReportRequestEvent.class);
|
||||||
results.register("pingServer", PingServerRequestEvent.class);
|
results.register("pingServer", PingServerRequestEvent.class);
|
||||||
|
results.register("currentUser", CurrentUserRequestEvent.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void waitIfNotConnected() {
|
public void waitIfNotConnected() {
|
||||||
|
|
Loading…
Reference in a new issue