mirror of
https://github.com/GravitLauncher/Launcher
synced 2025-01-09 00:59:44 +03:00
[FIX] Исправление безопасности
This commit is contained in:
parent
4917f19b81
commit
1362d71788
5 changed files with 2 additions and 60 deletions
|
@ -93,7 +93,6 @@ public static void registerResponses() {
|
|||
providers.register("profileByUUID", ProfileByUUIDResponse.class);
|
||||
providers.register("getAvailabilityAuth", GetAvailabilityAuthResponse.class);
|
||||
providers.register("register", RegisterResponse.class);
|
||||
providers.register("setPassword", SetPasswordResponse.class);
|
||||
providers.register("exit", ExitResponse.class);
|
||||
providers.register("getSecureLevelInfo", GetSecureLevelInfoResponse.class);
|
||||
providers.register("verifySecureLevelKey", VerifySecureLevelKeyResponse.class);
|
||||
|
|
|
@ -1,48 +0,0 @@
|
|||
package pro.gravit.launchserver.socket.response.auth;
|
||||
|
||||
import io.netty.channel.ChannelHandlerContext;
|
||||
import pro.gravit.launcher.ClientPermissions;
|
||||
import pro.gravit.launcher.events.request.SetPasswordRequestEvent;
|
||||
import pro.gravit.launchserver.dao.User;
|
||||
import pro.gravit.launchserver.socket.Client;
|
||||
import pro.gravit.launchserver.socket.response.SimpleResponse;
|
||||
|
||||
public class SetPasswordResponse extends SimpleResponse {
|
||||
public String oldPassword;
|
||||
public String newPassword;
|
||||
public String username;
|
||||
|
||||
@Override
|
||||
public String getType() {
|
||||
return "setPassword";
|
||||
}
|
||||
|
||||
@Override
|
||||
public void execute(ChannelHandlerContext ctx, Client client) {
|
||||
if ((oldPassword == null && username == null) || newPassword == null) {
|
||||
sendError("Request invalid");
|
||||
return;
|
||||
}
|
||||
if (!client.isAuth) {
|
||||
sendError("You not authorized");
|
||||
return;
|
||||
}
|
||||
if (username != null && !client.permissions.isPermission(ClientPermissions.PermissionConsts.ADMIN)) {
|
||||
sendError("You not admin");
|
||||
return;
|
||||
}
|
||||
if (username != null) {
|
||||
User user = server.config.dao.userDAO.findByUsername(username);
|
||||
user.setPassword(newPassword);
|
||||
sendResult(new SetPasswordRequestEvent());
|
||||
} else {
|
||||
User user = server.config.dao.userDAO.findByUsername(client.username);
|
||||
if (user.verifyPassword(oldPassword)) {
|
||||
user.setPassword(newPassword);
|
||||
sendResult(new SetPasswordRequestEvent());
|
||||
} else {
|
||||
sendError("Old password incorrect");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -20,6 +20,7 @@ public void execute(ChannelHandlerContext ctx, Client client) throws Exception {
|
|||
if(!client.isAuth || client.permissions == null || !client.permissions.isPermission(ClientPermissions.PermissionConsts.MANAGEMENT))
|
||||
{
|
||||
sendError("Access denied");
|
||||
return;
|
||||
}
|
||||
server.pingServerManager.updateServer(name, data);
|
||||
sendResult(new PingServerReportRequestEvent());
|
||||
|
|
|
@ -1,10 +0,0 @@
|
|||
package pro.gravit.launcher.events.request;
|
||||
|
||||
import pro.gravit.launcher.events.RequestEvent;
|
||||
|
||||
public class SetPasswordRequestEvent extends RequestEvent {
|
||||
@Override
|
||||
public String getType() {
|
||||
return "setPassword";
|
||||
}
|
||||
}
|
|
@ -93,7 +93,6 @@ public void registerResults() {
|
|||
results.register("getAvailabilityAuth", GetAvailabilityAuthRequestEvent.class);
|
||||
results.register("exception", ExceptionEvent.class);
|
||||
results.register("register", RegisterRequestEvent.class);
|
||||
results.register("setpassword", SetPasswordRequestEvent.class);
|
||||
results.register("notification", NotificationEvent.class);
|
||||
results.register("signal", SignalEvent.class);
|
||||
results.register("exit", ExitRequestEvent.class);
|
||||
|
@ -104,6 +103,7 @@ public void registerResults() {
|
|||
results.register("serverStatus", ServerStatusRequestEvent.class);
|
||||
results.register("pingServerReport", PingServerReportRequestEvent.class);
|
||||
results.register("pingServer", PingServerRequestEvent.class);
|
||||
results.register("currentUser", CurrentUserRequestEvent.class);
|
||||
}
|
||||
|
||||
public void waitIfNotConnected() {
|
||||
|
|
Loading…
Reference in a new issue