Fix bug allowing unauthorized access to a client

Additionally token authentication is now used whenever the client is
online

common/src/main/java/envoy/data/AuthenticatedRequest.java

@@ -0,0 +1,70 @@
+package envoy.data;
+
+import java.io.Serializable;
+import java.util.Objects;
+
+/**
+ * Wraps any request sent to the server in the authentication details of a user.
+ *
+ * @author Leon Hofmeister
+ * @param <T> the type of object to be sent
+ * @since Envoy Common v0.3-beta
+ */
+public final class AuthenticatedRequest<T extends Serializable> implements Serializable {
+
+	private final T			request;
+	private final String	authentication;
+	private final long		userID;
+
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * @param request        the actual object that should be sent
+	 * @param userID         the ID of the currently logged in user
+	 * @param authentication the authentication of the currently logged in user
+	 * @since Envoy Common v0.3-beta
+	 */
+	public AuthenticatedRequest(T request, long userID, String authentication) {
+		this.request		= Objects.requireNonNull(request);
+		this.userID			= userID;
+		this.authentication	= authentication == null ? "" : authentication;
+	}
+
+	/**
+	 * @return the authentication token of the currently logged in user
+	 * @since Envoy Common v0.3-beta
+	 */
+	public String getAuthentication() { return authentication; }
+
+	/**
+	 * @return the request
+	 * @since Envoy Common v0.3-beta
+	 */
+	public T getRequest() { return request; }
+
+	/**
+	 * @return the userID
+	 * @since Envoy Common v0.3-beta
+	 */
+	public long getUserID() { return userID; }
+
+	@Override
+	public int hashCode() {
+		return Objects.hash(request, userID);
+	}
+
+	@Override
+	public boolean equals(Object obj) {
+		if (this == obj)
+			return true;
+		if (!(obj instanceof AuthenticatedRequest))
+			return false;
+		AuthenticatedRequest<?> other = (AuthenticatedRequest<?>) obj;
+		return userID == other.userID;
+	}
+
+	@Override
+	public String toString() {
+		return "AuthenticatedRequest [request=" + request + ", userID=" + userID + "]";
+	}
+}

common/src/main/java/envoy/data/LoginCredentials.java

@@ -14,19 +14,18 @@ import java.time.Instant;
 public final class LoginCredentials implements Serializable {
 
 	private final String	identifier, password, clientVersion;
-	private final boolean	registration, token, requestToken;
+	private final boolean	registration, token;
 	private final Instant	lastSync;
 
 	private static final long serialVersionUID = 4;
 
 	private LoginCredentials(String identifier, String password, boolean registration,
-		boolean token, boolean requestToken, String clientVersion,
+		boolean token, String clientVersion,
 		Instant lastSync) {
 		this.identifier		= identifier;
 		this.password		= password;
 		this.registration	= registration;
 		this.token			= token;
-		this.requestToken	= requestToken;
 		this.clientVersion	= clientVersion;
 		this.lastSync		= lastSync;
 	}
@@ -36,15 +35,14 @@ public final class LoginCredentials implements Serializable {
 	 *
 	 * @param identifier    the identifier of the user
 	 * @param password      the password of the user
-	 * @param requestToken  requests the server to generate an authentication token
 	 * @param clientVersion the version of the client sending these credentials
 	 * @param lastSync      the timestamp of the last synchronization
 	 * @return the created login credentials
 	 * @since Envoy Common v0.2-beta
 	 */
-	public static LoginCredentials login(String identifier, String password, boolean requestToken,
+	public static LoginCredentials login(String identifier, String password,
 		String clientVersion, Instant lastSync) {
-		return new LoginCredentials(identifier, password, false, false, requestToken, clientVersion,
+		return new LoginCredentials(identifier, password, false, false, clientVersion,
 			lastSync);
 	}
 
@@ -60,7 +58,7 @@ public final class LoginCredentials implements Serializable {
 	 */
 	public static LoginCredentials loginWithToken(String identifier, String token,
 		String clientVersion, Instant lastSync) {
-		return new LoginCredentials(identifier, token, false, true, false, clientVersion, lastSync);
+		return new LoginCredentials(identifier, token, false, true, clientVersion, lastSync);
 	}
 
 	/**
@@ -68,26 +66,24 @@ public final class LoginCredentials implements Serializable {
 	 *
 	 * @param identifier    the identifier of the user
 	 * @param password      the password of the user
-	 * @param requestToken  requests the server to generate an authentication token
 	 * @param clientVersion the version of the client sending these credentials
 	 * @param lastSync      the timestamp of the last synchronization
 	 * @return the created login credentials
 	 * @since Envoy Common v0.2-beta
 	 */
 	public static LoginCredentials registration(String identifier, String password,
-		boolean requestToken, String clientVersion, Instant lastSync) {
-		return new LoginCredentials(identifier, password, true, false, requestToken, clientVersion,
+		String clientVersion, Instant lastSync) {
+		return new LoginCredentials(identifier, password, true, false, clientVersion,
 			lastSync);
 	}
 
 	@Override
 	public String toString() {
 		return String.format(
-			"LoginCredentials[identifier=%s,registration=%b,token=%b,requestToken=%b,clientVersion=%s,lastSync=%s]",
+			"LoginCredentials[identifier=%s,registration=%b,token=%b,clientVersion=%s,lastSync=%s]",
 			identifier,
 			registration,
 			token,
-			requestToken,
 			clientVersion,
 			lastSync);
 	}
@@ -119,14 +115,6 @@ public final class LoginCredentials implements Serializable {
 		return token;
 	}
 
-	/**
-	 * @return {@code true} if the server should generate a new authentication token
-	 * @since Envoy Common v0.2-beta
-	 */
-	public boolean requestToken() {
-		return requestToken;
-	}
-
 	/**
 	 * @return the version of the client sending these credentials
 	 * @since Envoy Common v0.1-beta