Apply suggestions by @kske

server/src/main/java/envoy/server/net/ObjectMessageProcessor.java

@@ -7,10 +7,8 @@ import java.util.logging.*;
 
 import com.jenkov.nioserver.*;
 
-import envoy.data.AuthenticatedRequest;
 import envoy.util.EnvoyLog;
 
-import envoy.server.data.PersistenceManager;
 import envoy.server.processors.ObjectProcessor;
 
 /**
@@ -46,24 +44,9 @@ public final class ObjectMessageProcessor implements IMessageProcessor {
 				return;
 			}
 
-			// authenticate requests if necessary
-			boolean authenticated = false;
-			if (obj instanceof AuthenticatedRequest)
-				try {
-					authenticated = PersistenceManager
-						.getInstance().getUserByID(((AuthenticatedRequest<?>) obj).getUserID())
-						.getID() == ConnectionManager.getInstance()
-							.getUserIDBySocketID(message.socketId);
+			logger.log(Level.INFO, "Received " + obj);
 
-					// Class cast exception and NullPointerException are valid here and signify a
-					// failed authentication
-				} catch (ClassCastException | NullPointerException e) {} finally {
-					obj = ((AuthenticatedRequest<?>) obj).getRequest();
-				}
-			logger.log(Level.INFO,
-				"Received " + (authenticated ? "" : "un") + "authenticated " + obj);
-
-			refer(message.socketId, writeProxy, obj, authenticated);
+			refer(message.socketId, writeProxy, obj);
 		} catch (IOException | ClassNotFoundException e) {
 			logger.log(Level.WARNING,
 				"An exception occurred when reading in an object: " + e);
@@ -75,27 +58,20 @@ public final class ObjectMessageProcessor implements IMessageProcessor {
 	 * present.
 	 */
 	@SuppressWarnings("unchecked")
-	private void refer(long socketID, WriteProxy writeProxy, Object obj, boolean authenticated) {
+	private void refer(long socketID, WriteProxy writeProxy, Object obj) {
 
 		// Get processor and input class and process object
 		for (@SuppressWarnings("rawtypes")
 		ObjectProcessor p : processors) {
 			Class<?> c = (Class<?>) ((ParameterizedType) p.getClass().getGenericInterfaces()[0])
 				.getActualTypeArguments()[0];
-			if (c.equals(obj.getClass())) {
-				if (!authenticated && p.isAuthenticationRequired()) {
-					logger.log(Level.INFO,
-						"Discarding request as no authentication has been provided");
-					return;
-				}
-
+			if (c.equals(obj.getClass()))
 				try {
 					p.process(c.cast(obj), socketID, new ObjectWriteProxy(writeProxy));
 					break;
 				} catch (IOException e) {
 					logger.log(Level.SEVERE, "Exception during processor execution: ", e);
 				}
-			}
 		}
 	}
 }

server/src/main/java/envoy/server/processors/GroupMessageProcessor.java

@@ -5,7 +5,7 @@ import static envoy.server.Startup.config;
 
 import java.time.Instant;
 import java.util.Collections;
-import java.util.logging.Logger;
+import java.util.logging.*;
 
 import javax.persistence.EntityExistsException;
 
@@ -15,6 +15,7 @@ import envoy.util.EnvoyLog;
 
 import envoy.server.data.PersistenceManager;
 import envoy.server.net.*;
+import envoy.server.util.UserAuthenticationUtil;
 
 /**
  * @author Maximilian Käfer
@@ -29,6 +30,15 @@ public final class GroupMessageProcessor implements ObjectProcessor<GroupMessage
 
 	@Override
 	public void process(GroupMessage groupMessage, long socketID, ObjectWriteProxy writeProxy) {
+
+		// Check whether the message has the expected parameters
+		if (!UserAuthenticationUtil.isExpectedUser(groupMessage.getSenderID(), socketID)
+			|| persistenceManager.getContactByID(groupMessage.getRecipientID()) == null) {
+			logger.log(Level.INFO,
+				"Received a group message with invalid parameters");
+			return;
+		}
+
 		groupMessage.nextStatus();
 
 		// Update statuses to SENT / RECEIVED depending on online status

server/src/main/java/envoy/server/processors/GroupMessageStatusChangeProcessor.java

@@ -12,6 +12,7 @@ import envoy.util.EnvoyLog;
 
 import envoy.server.data.*;
 import envoy.server.net.*;
+import envoy.server.util.UserAuthenticationUtil;
 
 /**
  * @author Maximilian Käfer
@@ -28,6 +29,14 @@ public final class GroupMessageStatusChangeProcessor
 	@Override
 	public void process(GroupMessageStatusChange statusChange, long socketID,
 		ObjectWriteProxy writeProxy) {
+
+		// Check whether the message has the expected parameters
+		if (!UserAuthenticationUtil.isExpectedUser(statusChange.getMemberID(), socketID)) {
+			logger.log(Level.INFO,
+				"Received a group message with invalid parameters");
+			return;
+		}
+		
 		GroupMessage gmsg = (GroupMessage) persistenceManager.getMessageByID(statusChange.getID());
 
 		// Any other status than READ is not supposed to be sent to the server

server/src/main/java/envoy/server/processors/IsTypingProcessor.java

@@ -23,10 +23,11 @@ public final class IsTypingProcessor implements ObjectProcessor<IsTyping> {
 		throws IOException {
 		final var contact = persistenceManager.getContactByID(event.get());
 		if (contact instanceof User) {
-			final var destinationID = event.getDestinationID();
-			if (connectionManager.isOnline(destinationID))
-				writeProxy.write(connectionManager.getSocketID(destinationID), event);
+			if (connectionManager.isOnline(event.get()))
+				writeProxy.write(connectionManager.getSocketID(event.get()),
+					new IsTyping(connectionManager.getUserIDBySocketID(socketID)));
 		} else
-			writeProxy.writeToOnlineContacts(contact.getContacts(), event);
+			writeProxy.writeToOnlineContacts(contact.getContacts(),
+				new IsTyping(connectionManager.getUserIDBySocketID(socketID)));
 	}
 }

server/src/main/java/envoy/server/processors/IssueProposalProcessor.java

@@ -22,9 +22,6 @@ public final class IssueProposalProcessor implements ObjectProcessor<IssuePropos
 
 	private static final Logger logger = EnvoyLog.getLogger(IssueProposalProcessor.class);
 
-	@Override
-	public boolean isAuthenticationRequired() { return false; }
-
 	@Override
 	public void process(IssueProposal issueProposal, long socketID, ObjectWriteProxy writeProxy)
 		throws IOException {

server/src/main/java/envoy/server/processors/LoginCredentialProcessor.java

@@ -34,9 +34,6 @@ public final class LoginCredentialProcessor implements ObjectProcessor<LoginCred
 
 	private static final Logger logger = EnvoyLog.getLogger(LoginCredentialProcessor.class);
 
-	@Override
-	public boolean isAuthenticationRequired() { return false; }
-
 	@Override
 	public void process(LoginCredentials credentials, long socketID, ObjectWriteProxy writeProxy) {
 

server/src/main/java/envoy/server/processors/MessageProcessor.java

@@ -12,6 +12,7 @@ import envoy.util.EnvoyLog;
 
 import envoy.server.data.PersistenceManager;
 import envoy.server.net.*;
+import envoy.server.util.UserAuthenticationUtil;
 
 /**
  * This {@link ObjectProcessor} handles incoming {@link Message}s.
@@ -29,6 +30,15 @@ public final class MessageProcessor implements ObjectProcessor<Message> {
 
 	@Override
 	public void process(Message message, long socketID, ObjectWriteProxy writeProxy) {
+
+		// Check whether the message has the expected parameters
+		if (!UserAuthenticationUtil.isExpectedUser(message.getSenderID(), socketID)
+			|| persistenceManager.getContactByID(message.getRecipientID()) == null) {
+			logger.log(Level.INFO,
+				"Received a message with invalid parameters");
+			return;
+		}
+
 		message.nextStatus();
 
 		// Convert to server message

server/src/main/java/envoy/server/processors/ObjectProcessor.java

@@ -21,10 +21,4 @@ public interface ObjectProcessor<T> {
 	 * @since Envoy Server Standalone v0.1-alpha
 	 */
 	void process(T input, long socketID, ObjectWriteProxy writeProxy) throws IOException;
-
-	/**
-	 * @return whether authentication is required for the given processor. Defaults to {@code true}.
-	 * @since Envoy Server v0.3-beta
-	 */
-	default boolean isAuthenticationRequired() { return true; }
 }

server/src/main/java/envoy/server/processors/PasswordChangeRequestProcessor.java

@@ -7,7 +7,7 @@ import envoy.event.*;
 import envoy.util.EnvoyLog;
 
 import envoy.server.data.PersistenceManager;
-import envoy.server.net.ObjectWriteProxy;
+import envoy.server.net.*;
 import envoy.server.util.PasswordUtil;
 
 /**
@@ -21,7 +21,8 @@ public final class PasswordChangeRequestProcessor
 	public void process(PasswordChangeRequest event, long socketID, ObjectWriteProxy writeProxy)
 		throws IOException {
 		final var	persistenceManager		= PersistenceManager.getInstance();
-		final var	user					= persistenceManager.getUserByID(event.getID());
+		final var	user					= persistenceManager
+			.getUserByID(ConnectionManager.getInstance().getUserIDBySocketID(socketID));
 		final var	logger					=
 			EnvoyLog.getLogger(PasswordChangeRequestProcessor.class);
 		final var	correctAuthentication	=

server/src/main/java/envoy/server/util/UserAuthenticationUtil.java

@@ -0,0 +1,24 @@
+package envoy.server.util;
+
+import envoy.server.net.ConnectionManager;
+
+/**
+ * @author Leon Hofmeister
+ * @since Envoy Server v0.3-beta
+ */
+public final class UserAuthenticationUtil {
+
+	private UserAuthenticationUtil() {}
+
+	/**
+	 * Checks whether a user is really who he claims to be.
+	 *
+	 * @param expectedID the expected user ID
+	 * @param socketID   the socket ID of the user making a request
+	 * @return whether this user is who he claims to be
+	 * @since Envoy Server v0.3-beta
+	 */
+	public static boolean isExpectedUser(long expectedID, long socketID) {
+		return ConnectionManager.getInstance().getUserIDBySocketID(socketID) == expectedID;
+	}
+}