zdm/envoy
Archived
3
Fork 0
Code Issues 22 Pull Requests Releases 1 Wiki Activity

Added logging and fixed some security concerns

Browse Source
This commit is contained in:
delvh
2020-08-01 14:57:08 +02:00
parent 41cd11f180
commit fab573efe1
5 changed files with 41 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/src/main/java/envoy/server/Startup.java
View File

@@ -71,7 +71,9 @@ public class Startup {
new UserSearchProcessor(),
new ContactOperationProcessor(),
new IsTypingProcessor(),
new NameChangeProcessor())));
new NameChangeProcessor(),
new ProfilePicChangeProcessor(),
new PasswordChangeRequestProcessor())));
// Initialize the current message ID
final PersistenceManager persistenceManager = PersistenceManager.getInstance();

2
server/src/main/java/envoy/server/data/Contact.java
View File

@@ -18,7 +18,7 @@ import javax.persistence.*;
*/
@Entity
@Table(name = "contacts")
@Table(name = "contacts", uniqueConstraints = { @UniqueConstraint(columnNames = { "name" }) })
@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
public abstract class Contact {

8
server/src/main/java/envoy/server/processors/PasswordChangeRequestProcessor.java
View File

@@ -1,12 +1,14 @@
package envoy.server.processors;
import java.io.IOException;
import java.util.logging.Level;
import envoy.event.PasswordChangeRequest;
import envoy.event.PasswordChangeResult;
import envoy.server.data.PersistenceManager;
import envoy.server.net.ObjectWriteProxy;
import envoy.server.util.PasswordUtil;
import envoy.util.EnvoyLog;
/**
* Project: <strong>envoy-server-standalone</strong><br>
@@ -22,8 +24,12 @@ public class PasswordChangeRequestProcessor implements ObjectProcessor<PasswordC
public void process(PasswordChangeRequest event, long socketID, ObjectWriteProxy writeProxy) throws IOException {
final var persistenceManager = PersistenceManager.getInstance();
final var user = persistenceManager.getUserByID(event.getID());
final var logger = EnvoyLog.getLogger(PasswordChangeRequestProcessor.class);
final var correctAuthentication = PasswordUtil.validate(event.getOldPassword(), user.getPasswordHash());
if (correctAuthentication) user.setPasswordHash(PasswordUtil.hash(event.get()));
if (correctAuthentication) {
user.setPasswordHash(PasswordUtil.hash(event.get()));
logger.log(Level.INFO, user + " changed his password");
} else logger.log(Level.INFO, user + " tried changing his password but provided insufficient authentication");
writeProxy.write(socketID, new PasswordChangeResult(correctAuthentication));
}
}