zdm/envoy
Archived
3
Fork 0
Code Issues 22 Pull Requests Releases 1 Wiki Activity

Improved Login security

Browse Source
This commit is contained in:
delvh
2020-04-10 15:53:30 +02:00
parent 551f83672e
commit a457261ee5
2 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/main/java/envoy/server/processors/LoginCredentialProcessor.java
View File

@@ -93,21 +93,21 @@ public class LoginCredentialProcessor implements ObjectProcessor<LoginCredential
// Checking if user is already online
if (connectionManager.isOnline(user.getID())) {
writeProxy.write(socketID, new HandshakeRejectionEvent(HandshakeRejectionEvent.ALREADY_ONLINE));
writeProxy.write(socketID, new HandshakeRejectionEvent(HandshakeRejectionEvent.INTERNAL_ERROR));
return null;
}
// Evaluating the correctness of the password hash
if (!Arrays.equals(credentials.getPasswordHash(), user.getPasswordHash())) {
writeProxy.write(socketID, new HandshakeRejectionEvent(HandshakeRejectionEvent.WRONG_PASSWORD));
writeProxy.write(socketID, new HandshakeRejectionEvent(HandshakeRejectionEvent.WRONG_PASSWORD_OR_USER));
return null;
}
return user;
} catch (NoResultException e) {
// Checking if user exists
writeProxy.write(socketID, new HandshakeRejectionEvent(HandshakeRejectionEvent.USER_DOES_NOT_EXIST));
writeProxy.write(socketID, new HandshakeRejectionEvent(HandshakeRejectionEvent.INTERNAL_ERROR));
} catch (InputMismatchException e) {
// Checking if the given password hash is correct
writeProxy.write(socketID, new HandshakeRejectionEvent(HandshakeRejectionEvent.WRONG_PASSWORD));
writeProxy.write(socketID, new HandshakeRejectionEvent(HandshakeRejectionEvent.WRONG_PASSWORD_OR_USER));
}
return null;
}
@@ -127,7 +127,7 @@ public class LoginCredentialProcessor implements ObjectProcessor<LoginCredential
// Checking that no user already has this identifier
PersistenceManager.getInstance().getUserByName(credentials.getIdentifier());
// this code only gets executed if this user already exists
writeProxy.write(socketID, new HandshakeRejectionEvent(HandshakeRejectionEvent.USER_EXISTS_ALREADY));
writeProxy.write(socketID, new HandshakeRejectionEvent(HandshakeRejectionEvent.INTERNAL_ERROR));
return null;
} catch (NoResultException e) {
// Creation of a new user