Added logging and fixed some security concerns

2020-08-01 14:57:08 +02:00
parent 0d77fbf831
commit 56bb00cd32
5 changed files with 41 additions and 12 deletions
--- a/client/src/main/java/envoy/client/ui/settings/UserSettingsPane.java
+++ b/client/src/main/java/envoy/client/ui/settings/UserSettingsPane.java
@@ -4,6 +4,8 @@ import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Files;
+import java.util.Arrays;
+import java.util.logging.Level;

 import javafx.event.EventHandler;
 import javafx.geometry.Pos;
@@ -22,6 +24,7 @@ import envoy.client.ui.SceneContext;
 import envoy.data.User;
 import envoy.event.*;
 import envoy.util.Bounds;
+import envoy.util.EnvoyLog;

 /**
 * Project: <strong>envoy-client</strong><br>
@@ -33,8 +36,8 @@ import envoy.util.Bounds;
 */
 public class UserSettingsPane extends SettingsPane {

-	private boolean	profilePicChanged, usernameChanged, passwordChanged, validPassword;
-	private byte[]	currentImageBytes;
+	private boolean	profilePicChanged, usernameChanged, validPassword;
+	private byte[]	currentImageBytes, originalImageBytes;
 	private String	newUsername, newPassword = "";

 	/**
@@ -52,12 +55,14 @@ public class UserSettingsPane extends SettingsPane {
 		// TODO: display current profile pic
 		final var profilePic = new ImageView(IconUtil.loadIcon("envoy_logo", 50));
 		profilePic.setCursor(Cursor.HAND);
+		profilePic.setFitWidth(50);
+		profilePic.setFitHeight(50);
 		profilePic.setOnMouseClicked(e -> {
 			final var pictureChooser = new FileChooser();

 			pictureChooser.setTitle("Select a new picture");
 			pictureChooser.setInitialDirectory(new File(System.getProperty("user.home")));
-			pictureChooser.setSelectedExtensionFilter(new FileChooser.ExtensionFilter("Pictures", "*.png", "*.jpg", "*.bmp", "*.gif"));
+			pictureChooser.getExtensionFilters().add(new FileChooser.ExtensionFilter("Pictures", "*.png", "*.jpg", "*.bmp", "*.gif"));

 			final var file = pictureChooser.showOpenDialog(sceneContext.getStage());

@@ -134,25 +139,38 @@ public class UserSettingsPane extends SettingsPane {
 	 * @since Envoy Client v0.2-beta
 	 */
 	private void save(long userID, String oldPassword) {
-		final var eventbus = EventBus.getInstance();
+		final var	eventBus	= EventBus.getInstance();
+		final var	logger		= EnvoyLog.getLogger(UserSettingsPane.class);

 		// The profile pic was changed
-		if (profilePicChanged) eventbus.dispatch(new SendEvent(new ProfilePicChange(currentImageBytes, userID)));
+		if (profilePicChanged && !Arrays.equals(currentImageBytes, originalImageBytes)) {
+			final var profilePicChangeEvent = new ProfilePicChange(currentImageBytes, userID);
+			eventBus.dispatch(profilePicChangeEvent);
+			eventBus.dispatch(new SendEvent(profilePicChangeEvent));
+			logger.log(Level.INFO, "The user just changed his profile pic.");
+		}

 		// The username was changed
 		final var validContactName = Bounds.isValidContactName(newUsername);
-		if (usernameChanged && validContactName) eventbus.dispatch(new SendEvent(new NameChange(userID, newUsername)));
-		else if (!validContactName) {
+		if (usernameChanged && validContactName) {
+			final var nameChangeEvent = new NameChange(userID, newUsername);
+			eventBus.dispatch(new SendEvent(nameChangeEvent));
+			eventBus.dispatch(nameChangeEvent);
+			logger.log(Level.INFO, "The user just changed his name to " + newUsername + ".");
+		} else if (!validContactName) {
 			final var alert = new Alert(AlertType.ERROR);
 			alert.setTitle("Invalid username");
 			alert.setContentText("The entered username does not conform with the naming limitations: " + Bounds.CONTACT_NAME_PATTERN);
 			alert.showAndWait();
+			logger.log(Level.INFO, "An invalid username was requested.");
 			return;
 		}

 		// The password was changed
-		if (passwordChanged && validPassword) eventbus.dispatch(new SendEvent(new PasswordChangeRequest(newPassword, oldPassword, userID)));
-		else if (!(validPassword || newPassword.isBlank())) {
+		if (validPassword) {
+			eventBus.dispatch(new SendEvent(new PasswordChangeRequest(newPassword, oldPassword, userID)));
+			logger.log(Level.INFO, "The user just tried to change his password!");
+		} else if (!(validPassword || newPassword.isBlank())) {
 			final var alert = new Alert(AlertType.ERROR);
 			alert.setTitle("Unequal Password");
 			alert.setContentText("Repeated password is unequal to the chosen new password");
--- a/common/src/main/java/envoy/event/PasswordChangeRequest.java
+++ b/common/src/main/java/envoy/event/PasswordChangeRequest.java
@@ -41,4 +41,7 @@ public class PasswordChangeRequest extends Event<String> {
 	 * @since Envoy Common v0.2-beta
 	 */
 	public String getOldPassword() { return oldPassword; }
+
+	@Override
+	public String toString() { return "PasswordChangeRequest[id=" + id + "]"; }
 }
--- a/server/src/main/java/envoy/server/Startup.java
+++ b/server/src/main/java/envoy/server/Startup.java
@@ -71,7 +71,9 @@ public class Startup {
 						new UserSearchProcessor(),
 						new ContactOperationProcessor(),
 						new IsTypingProcessor(),
-						new NameChangeProcessor())));
+						new NameChangeProcessor(),
+						new ProfilePicChangeProcessor(),
+						new PasswordChangeRequestProcessor())));

 		// Initialize the current message ID
 		final PersistenceManager persistenceManager = PersistenceManager.getInstance();
--- a/server/src/main/java/envoy/server/data/Contact.java
+++ b/server/src/main/java/envoy/server/data/Contact.java
@@ -18,7 +18,7 @@ import javax.persistence.*;
 */

@Entity
-@Table(name = "contacts")
+@Table(name = "contacts", uniqueConstraints = { @UniqueConstraint(columnNames = { "name" }) })
@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
 public abstract class Contact {

--- a/server/src/main/java/envoy/server/processors/PasswordChangeRequestProcessor.java
+++ b/server/src/main/java/envoy/server/processors/PasswordChangeRequestProcessor.java
@@ -1,12 +1,14 @@
 package envoy.server.processors;

 import java.io.IOException;
+import java.util.logging.Level;

 import envoy.event.PasswordChangeRequest;
 import envoy.event.PasswordChangeResult;
 import envoy.server.data.PersistenceManager;
 import envoy.server.net.ObjectWriteProxy;
 import envoy.server.util.PasswordUtil;
+import envoy.util.EnvoyLog;

 /**
 * Project: <strong>envoy-server-standalone</strong><br>
@@ -22,8 +24,12 @@ public class PasswordChangeRequestProcessor implements ObjectProcessor<PasswordC
 	public void process(PasswordChangeRequest event, long socketID, ObjectWriteProxy writeProxy) throws IOException {
 		final var	persistenceManager		= PersistenceManager.getInstance();
 		final var	user					= persistenceManager.getUserByID(event.getID());
+		final var	logger					= EnvoyLog.getLogger(PasswordChangeRequestProcessor.class);
 		final var	correctAuthentication	= PasswordUtil.validate(event.getOldPassword(), user.getPasswordHash());
-		if (correctAuthentication) user.setPasswordHash(PasswordUtil.hash(event.get()));
+		if (correctAuthentication) {
+			user.setPasswordHash(PasswordUtil.hash(event.get()));
+			logger.log(Level.INFO, user + " changed his password");
+		} else logger.log(Level.INFO, user + " tried changing his password but provided insufficient authentication");
 		writeProxy.write(socketID, new PasswordChangeResult(correctAuthentication));
 	}
 }