Added logging and fixed some security concerns
This commit is contained in:
parent
0d77fbf831
commit
56bb00cd32
@ -4,6 +4,8 @@ import java.io.ByteArrayInputStream;
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.nio.file.Files;
|
||||
import java.util.Arrays;
|
||||
import java.util.logging.Level;
|
||||
|
||||
import javafx.event.EventHandler;
|
||||
import javafx.geometry.Pos;
|
||||
@ -22,6 +24,7 @@ import envoy.client.ui.SceneContext;
|
||||
import envoy.data.User;
|
||||
import envoy.event.*;
|
||||
import envoy.util.Bounds;
|
||||
import envoy.util.EnvoyLog;
|
||||
|
||||
/**
|
||||
* Project: <strong>envoy-client</strong><br>
|
||||
@ -33,8 +36,8 @@ import envoy.util.Bounds;
|
||||
*/
|
||||
public class UserSettingsPane extends SettingsPane {
|
||||
|
||||
private boolean profilePicChanged, usernameChanged, passwordChanged, validPassword;
|
||||
private byte[] currentImageBytes;
|
||||
private boolean profilePicChanged, usernameChanged, validPassword;
|
||||
private byte[] currentImageBytes, originalImageBytes;
|
||||
private String newUsername, newPassword = "";
|
||||
|
||||
/**
|
||||
@ -52,12 +55,14 @@ public class UserSettingsPane extends SettingsPane {
|
||||
// TODO: display current profile pic
|
||||
final var profilePic = new ImageView(IconUtil.loadIcon("envoy_logo", 50));
|
||||
profilePic.setCursor(Cursor.HAND);
|
||||
profilePic.setFitWidth(50);
|
||||
profilePic.setFitHeight(50);
|
||||
profilePic.setOnMouseClicked(e -> {
|
||||
final var pictureChooser = new FileChooser();
|
||||
|
||||
pictureChooser.setTitle("Select a new picture");
|
||||
pictureChooser.setInitialDirectory(new File(System.getProperty("user.home")));
|
||||
pictureChooser.setSelectedExtensionFilter(new FileChooser.ExtensionFilter("Pictures", "*.png", "*.jpg", "*.bmp", "*.gif"));
|
||||
pictureChooser.getExtensionFilters().add(new FileChooser.ExtensionFilter("Pictures", "*.png", "*.jpg", "*.bmp", "*.gif"));
|
||||
|
||||
final var file = pictureChooser.showOpenDialog(sceneContext.getStage());
|
||||
|
||||
@ -134,25 +139,38 @@ public class UserSettingsPane extends SettingsPane {
|
||||
* @since Envoy Client v0.2-beta
|
||||
*/
|
||||
private void save(long userID, String oldPassword) {
|
||||
final var eventbus = EventBus.getInstance();
|
||||
final var eventBus = EventBus.getInstance();
|
||||
final var logger = EnvoyLog.getLogger(UserSettingsPane.class);
|
||||
|
||||
// The profile pic was changed
|
||||
if (profilePicChanged) eventbus.dispatch(new SendEvent(new ProfilePicChange(currentImageBytes, userID)));
|
||||
if (profilePicChanged && !Arrays.equals(currentImageBytes, originalImageBytes)) {
|
||||
final var profilePicChangeEvent = new ProfilePicChange(currentImageBytes, userID);
|
||||
eventBus.dispatch(profilePicChangeEvent);
|
||||
eventBus.dispatch(new SendEvent(profilePicChangeEvent));
|
||||
logger.log(Level.INFO, "The user just changed his profile pic.");
|
||||
}
|
||||
|
||||
// The username was changed
|
||||
final var validContactName = Bounds.isValidContactName(newUsername);
|
||||
if (usernameChanged && validContactName) eventbus.dispatch(new SendEvent(new NameChange(userID, newUsername)));
|
||||
else if (!validContactName) {
|
||||
if (usernameChanged && validContactName) {
|
||||
final var nameChangeEvent = new NameChange(userID, newUsername);
|
||||
eventBus.dispatch(new SendEvent(nameChangeEvent));
|
||||
eventBus.dispatch(nameChangeEvent);
|
||||
logger.log(Level.INFO, "The user just changed his name to " + newUsername + ".");
|
||||
} else if (!validContactName) {
|
||||
final var alert = new Alert(AlertType.ERROR);
|
||||
alert.setTitle("Invalid username");
|
||||
alert.setContentText("The entered username does not conform with the naming limitations: " + Bounds.CONTACT_NAME_PATTERN);
|
||||
alert.showAndWait();
|
||||
logger.log(Level.INFO, "An invalid username was requested.");
|
||||
return;
|
||||
}
|
||||
|
||||
// The password was changed
|
||||
if (passwordChanged && validPassword) eventbus.dispatch(new SendEvent(new PasswordChangeRequest(newPassword, oldPassword, userID)));
|
||||
else if (!(validPassword || newPassword.isBlank())) {
|
||||
if (validPassword) {
|
||||
eventBus.dispatch(new SendEvent(new PasswordChangeRequest(newPassword, oldPassword, userID)));
|
||||
logger.log(Level.INFO, "The user just tried to change his password!");
|
||||
} else if (!(validPassword || newPassword.isBlank())) {
|
||||
final var alert = new Alert(AlertType.ERROR);
|
||||
alert.setTitle("Unequal Password");
|
||||
alert.setContentText("Repeated password is unequal to the chosen new password");
|
||||
|
@ -41,4 +41,7 @@ public class PasswordChangeRequest extends Event<String> {
|
||||
* @since Envoy Common v0.2-beta
|
||||
*/
|
||||
public String getOldPassword() { return oldPassword; }
|
||||
|
||||
@Override
|
||||
public String toString() { return "PasswordChangeRequest[id=" + id + "]"; }
|
||||
}
|
||||
|
@ -71,7 +71,9 @@ public class Startup {
|
||||
new UserSearchProcessor(),
|
||||
new ContactOperationProcessor(),
|
||||
new IsTypingProcessor(),
|
||||
new NameChangeProcessor())));
|
||||
new NameChangeProcessor(),
|
||||
new ProfilePicChangeProcessor(),
|
||||
new PasswordChangeRequestProcessor())));
|
||||
|
||||
// Initialize the current message ID
|
||||
final PersistenceManager persistenceManager = PersistenceManager.getInstance();
|
||||
|
@ -18,7 +18,7 @@ import javax.persistence.*;
|
||||
*/
|
||||
|
||||
@Entity
|
||||
@Table(name = "contacts")
|
||||
@Table(name = "contacts", uniqueConstraints = { @UniqueConstraint(columnNames = { "name" }) })
|
||||
@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
|
||||
public abstract class Contact {
|
||||
|
||||
|
@ -1,12 +1,14 @@
|
||||
package envoy.server.processors;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.logging.Level;
|
||||
|
||||
import envoy.event.PasswordChangeRequest;
|
||||
import envoy.event.PasswordChangeResult;
|
||||
import envoy.server.data.PersistenceManager;
|
||||
import envoy.server.net.ObjectWriteProxy;
|
||||
import envoy.server.util.PasswordUtil;
|
||||
import envoy.util.EnvoyLog;
|
||||
|
||||
/**
|
||||
* Project: <strong>envoy-server-standalone</strong><br>
|
||||
@ -22,8 +24,12 @@ public class PasswordChangeRequestProcessor implements ObjectProcessor<PasswordC
|
||||
public void process(PasswordChangeRequest event, long socketID, ObjectWriteProxy writeProxy) throws IOException {
|
||||
final var persistenceManager = PersistenceManager.getInstance();
|
||||
final var user = persistenceManager.getUserByID(event.getID());
|
||||
final var logger = EnvoyLog.getLogger(PasswordChangeRequestProcessor.class);
|
||||
final var correctAuthentication = PasswordUtil.validate(event.getOldPassword(), user.getPasswordHash());
|
||||
if (correctAuthentication) user.setPasswordHash(PasswordUtil.hash(event.get()));
|
||||
if (correctAuthentication) {
|
||||
user.setPasswordHash(PasswordUtil.hash(event.get()));
|
||||
logger.log(Level.INFO, user + " changed his password");
|
||||
} else logger.log(Level.INFO, user + " tried changing his password but provided insufficient authentication");
|
||||
writeProxy.write(socketID, new PasswordChangeResult(correctAuthentication));
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user