From d059d4f00d9f72473ed685d1eb8544e329a518dd Mon Sep 17 00:00:00 2001 From: ljacqu Date: Sun, 6 Dec 2015 01:13:12 +0100 Subject: [PATCH 1/9] Fix possible NPE - permissions in CommandDescriptions can be null - Fix missed null situation during previous code changes --- .../java/fr/xephi/authme/permission/PermissionsManager.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main/java/fr/xephi/authme/permission/PermissionsManager.java b/src/main/java/fr/xephi/authme/permission/PermissionsManager.java index 52e94226..63d755e8 100644 --- a/src/main/java/fr/xephi/authme/permission/PermissionsManager.java +++ b/src/main/java/fr/xephi/authme/permission/PermissionsManager.java @@ -328,7 +328,8 @@ public class PermissionsManager implements PermissionsService { } public boolean hasPermission(Player player, CommandDescription command) { - if (CollectionUtils.isEmpty(command.getCommandPermissions().getPermissionNodes())) { + if (command.getCommandPermissions() == null + || CollectionUtils.isEmpty(command.getCommandPermissions().getPermissionNodes())) { return true; } From 06b7ad88d5586443cf19b962587bf3038d6d7aea Mon Sep 17 00:00:00 2001 From: Gabriele C Date: Sun, 6 Dec 2015 01:44:48 +0100 Subject: [PATCH 2/9] console mode during mvn build --- src/tools/bathelpers/build_project.bat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tools/bathelpers/build_project.bat b/src/tools/bathelpers/build_project.bat index 01b515ba..f30ea024 100644 --- a/src/tools/bathelpers/build_project.bat +++ b/src/tools/bathelpers/build_project.bat @@ -3,4 +3,4 @@ if "%jarfile%" == "" ( call setvars.bat ) -mvn clean install -f "%pomfile%" \ No newline at end of file +mvn clean install -f "%pomfile%" -B From 9236c1fb12c389ceced71a3659209c0bba3bf136 Mon Sep 17 00:00:00 2001 From: Xephi Date: Sun, 6 Dec 2015 05:30:28 +0100 Subject: [PATCH 3/9] Fix Build, my bad, sorry --- .../fr/xephi/authme/command/CommandInitializer.java | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/src/main/java/fr/xephi/authme/command/CommandInitializer.java b/src/main/java/fr/xephi/authme/command/CommandInitializer.java index 9fa40c1f..020a355d 100644 --- a/src/main/java/fr/xephi/authme/command/CommandInitializer.java +++ b/src/main/java/fr/xephi/authme/command/CommandInitializer.java @@ -285,9 +285,9 @@ public final class CommandInitializer { // Register the reload command CommandDescription reloadCommand = CommandDescription.builder() - .executableCommand(new PurgeLastPositionCommand()) + .executableCommand(new ReloadCommand()) .parent(AUTHME_BASE) - .labels("reload", "reload") + .labels("reload", "rld") .description("Reload plugin") .detailedDescription("Reload the AutheMeReloaded plugin.") .permissions(OP_ONLY, AdminPermission.RELOAD) @@ -321,7 +321,6 @@ public final class CommandInitializer { .labels(helpCommandLabels) .description("View Help") .detailedDescription("View detailed help pages about AuthMeReloaded login commands.") - .permissions(ALLOWED) .withArgument("query", "The command or query to view help for.", true) .build(); @@ -342,7 +341,6 @@ public final class CommandInitializer { .labels(helpCommandLabels) .description("View help") .detailedDescription("View detailed help pages about AuthMeReloaded logout commands.") - .permissions(ALLOWED) .withArgument("query", "The command or query to view help for.", true) .build(); @@ -365,7 +363,6 @@ public final class CommandInitializer { .labels(helpCommandLabels) .description("View help") .detailedDescription("View detailed help pages about AuthMeReloaded register commands.") - .permissions(ALLOWED) .withArgument("query", "The command or query to view help for.", true) .build(); @@ -387,7 +384,6 @@ public final class CommandInitializer { .labels(helpCommandLabels) .description("View help") .detailedDescription("View detailed help pages about AuthMeReloaded unregister commands.") - .permissions(ALLOWED) .withArgument("query", "The command or query to view help for.", true) .build(); @@ -410,7 +406,6 @@ public final class CommandInitializer { .labels(helpCommandLabels) .description("View help") .detailedDescription("View detailed help pages about AuthMeReloaded changepassword commands.") - .permissions(ALLOWED) .withArgument("query", "The command or query to view help for.", true) .build(); @@ -421,7 +416,6 @@ public final class CommandInitializer { .labels("email", "mail") .description("Email command") .detailedDescription("The AuthMeReloaded Email command base.") - .permissions(ALLOWED) .build(); // Register the help command @@ -431,7 +425,6 @@ public final class CommandInitializer { .labels(helpCommandLabels) .description("View help") .detailedDescription("View detailed help pages about AuthMeReloaded email commands.") - .permissions(ALLOWED) .withArgument("query", "The command or query to view help for.", true) .build(); @@ -489,7 +482,6 @@ public final class CommandInitializer { .labels(helpCommandLabels) .description("View help") .detailedDescription("View detailed help pages about AuthMeReloaded captcha commands.") - .permissions(ALLOWED) .withArgument("query", "The command or query to view help for.", true) .build(); @@ -511,7 +503,6 @@ public final class CommandInitializer { .labels(helpCommandLabels) .description("View help") .detailedDescription("View detailed help pages about AuthMeReloaded converter commands.") - .permissions(OP_ONLY) .withArgument("query", "The command or query to view help for.", true) .build(); From a212a0c0fd9aaeb078e492c3222e9e032cb61539 Mon Sep 17 00:00:00 2001 From: Xephi Date: Sun, 6 Dec 2015 11:08:33 +0100 Subject: [PATCH 4/9] Fix Captcha count --- .../fr/xephi/authme/process/login/AsynchronousLogin.java | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/main/java/fr/xephi/authme/process/login/AsynchronousLogin.java b/src/main/java/fr/xephi/authme/process/login/AsynchronousLogin.java index c5269325..025defb2 100644 --- a/src/main/java/fr/xephi/authme/process/login/AsynchronousLogin.java +++ b/src/main/java/fr/xephi/authme/process/login/AsynchronousLogin.java @@ -80,15 +80,12 @@ public class AsynchronousLogin { plugin.captcha.remove(name); plugin.captcha.putIfAbsent(name, i); } - if (plugin.captcha.containsKey(name) && plugin.captcha.get(name) >= Settings.maxLoginTry) { - plugin.cap.put(name, rdm.nextString()); + if (plugin.captcha.containsKey(name) && plugin.captcha.get(name) > Settings.maxLoginTry) { + plugin.cap.putIfAbsent(name, rdm.nextString()); for (String s : m.retrieve(MessageKey.USAGE_CAPTCHA)) { player.sendMessage(s.replace("THE_CAPTCHA", plugin.cap.get(name)).replace("", plugin.cap.get(name))); } return true; - } else if (plugin.captcha.containsKey(name) && plugin.captcha.get(name) >= Settings.maxLoginTry) { - plugin.captcha.remove(name); - plugin.cap.remove(name); } } return false; From 6f040fe8acf542f45b66d36fd4849ca8cd251d4c Mon Sep 17 00:00:00 2001 From: DNx5 Date: Mon, 7 Dec 2015 19:59:26 +0700 Subject: [PATCH 5/9] Added permission check for vip login. Fix #323 --- .../authme/listener/AuthMePlayerListener.java | 30 +++++++++++++++---- 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener.java b/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener.java index b2a994ed..5444371f 100644 --- a/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener.java +++ b/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener.java @@ -28,7 +28,24 @@ import org.bukkit.event.block.SignChangeEvent; import org.bukkit.event.entity.EntityDamageByEntityEvent; import org.bukkit.event.inventory.InventoryClickEvent; import org.bukkit.event.inventory.InventoryOpenEvent; -import org.bukkit.event.player.*; +import org.bukkit.event.player.AsyncPlayerChatEvent; +import org.bukkit.event.player.AsyncPlayerPreLoginEvent; +import org.bukkit.event.player.PlayerBedEnterEvent; +import org.bukkit.event.player.PlayerCommandPreprocessEvent; +import org.bukkit.event.player.PlayerDropItemEvent; +import org.bukkit.event.player.PlayerFishEvent; +import org.bukkit.event.player.PlayerGameModeChangeEvent; +import org.bukkit.event.player.PlayerInteractEntityEvent; +import org.bukkit.event.player.PlayerInteractEvent; +import org.bukkit.event.player.PlayerItemConsumeEvent; +import org.bukkit.event.player.PlayerJoinEvent; +import org.bukkit.event.player.PlayerKickEvent; +import org.bukkit.event.player.PlayerLoginEvent; +import org.bukkit.event.player.PlayerMoveEvent; +import org.bukkit.event.player.PlayerPickupItemEvent; +import org.bukkit.event.player.PlayerQuitEvent; +import org.bukkit.event.player.PlayerRespawnEvent; +import org.bukkit.event.player.PlayerShearEntityEvent; import java.util.concurrent.ConcurrentHashMap; @@ -241,7 +258,12 @@ public class AuthMePlayerListener implements Listener { return; } - if (event.getResult() == PlayerLoginEvent.Result.KICK_FULL) { + // Get the permissions manager + PermissionsManager permsMan = plugin.getPermissionsManager(); + final Player player = event.getPlayer(); + + if (event.getResult() == PlayerLoginEvent.Result.KICK_FULL + && permsMan.hasPermission(player, PlayerPermission.IS_VIP)) { int playersOnline = Utils.getOnlinePlayers().size(); if (playersOnline > plugin.getServer().getMaxPlayers()) { event.allow(); @@ -262,10 +284,6 @@ public class AuthMePlayerListener implements Listener { return; } - // Get the permissions manager - PermissionsManager permsMan = plugin.getPermissionsManager(); - - final Player player = event.getPlayer(); if (event.getResult() == PlayerLoginEvent.Result.KICK_FULL && !permsMan.hasPermission(player, PlayerPermission.IS_VIP)) { event.setKickMessage(m.retrieveSingle(MessageKey.KICK_FULL_SERVER)); event.setResult(PlayerLoginEvent.Result.KICK_FULL); From 6ee07160bb808a6dcba9ced252392db98269486c Mon Sep 17 00:00:00 2001 From: Gabriele C Date: Tue, 8 Dec 2015 20:07:10 +0100 Subject: [PATCH 6/9] cleanup and update deps --- pom.xml | 2 +- .../authme/command/CommandPermissions.java | 1 - .../fr/xephi/authme/command/CommandUtils.java | 5 ++--- .../xephi/authme/command/help/HelpPrinter.java | 18 +++++++++--------- .../ChangePasswordCommandTest.java | 3 --- 5 files changed, 12 insertions(+), 17 deletions(-) diff --git a/pom.xml b/pom.xml index c928c9a6..f308569e 100644 --- a/pom.xml +++ b/pom.xml @@ -285,7 +285,7 @@ com.zaxxer HikariCP - 2.4.2 + 2.4.3 compile diff --git a/src/main/java/fr/xephi/authme/command/CommandPermissions.java b/src/main/java/fr/xephi/authme/command/CommandPermissions.java index 71649f3b..2c52f85a 100644 --- a/src/main/java/fr/xephi/authme/command/CommandPermissions.java +++ b/src/main/java/fr/xephi/authme/command/CommandPermissions.java @@ -7,7 +7,6 @@ import fr.xephi.authme.permission.PermissionNode; import org.bukkit.command.CommandSender; import org.bukkit.entity.Player; -import java.util.ArrayList; import java.util.List; /** diff --git a/src/main/java/fr/xephi/authme/command/CommandUtils.java b/src/main/java/fr/xephi/authme/command/CommandUtils.java index 6903ff7a..6025a5d9 100644 --- a/src/main/java/fr/xephi/authme/command/CommandUtils.java +++ b/src/main/java/fr/xephi/authme/command/CommandUtils.java @@ -1,11 +1,10 @@ package fr.xephi.authme.command; +import java.util.List; + import fr.xephi.authme.util.CollectionUtils; import fr.xephi.authme.util.StringUtils; -import java.util.ArrayList; -import java.util.List; - public final class CommandUtils { public static int getMinNumberOfArguments(CommandDescription command) { diff --git a/src/main/java/fr/xephi/authme/command/help/HelpPrinter.java b/src/main/java/fr/xephi/authme/command/help/HelpPrinter.java index 5b520ea2..56ad48d8 100644 --- a/src/main/java/fr/xephi/authme/command/help/HelpPrinter.java +++ b/src/main/java/fr/xephi/authme/command/help/HelpPrinter.java @@ -1,5 +1,14 @@ package fr.xephi.authme.command.help; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Comparator; +import java.util.List; + +import org.bukkit.ChatColor; +import org.bukkit.command.CommandSender; +import org.bukkit.entity.Player; + import fr.xephi.authme.AuthMe; import fr.xephi.authme.command.CommandArgumentDescription; import fr.xephi.authme.command.CommandDescription; @@ -8,15 +17,6 @@ import fr.xephi.authme.command.CommandPermissions; import fr.xephi.authme.permission.PermissionNode; import fr.xephi.authme.util.CollectionUtils; import fr.xephi.authme.util.StringUtils; -import org.bukkit.ChatColor; -import org.bukkit.command.CommandSender; -import org.bukkit.entity.Player; - -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.Comparator; -import java.util.List; /** */ diff --git a/src/test/java/fr/xephi/authme/command/executable/changepassword/ChangePasswordCommandTest.java b/src/test/java/fr/xephi/authme/command/executable/changepassword/ChangePasswordCommandTest.java index 9092205a..5c9c295c 100644 --- a/src/test/java/fr/xephi/authme/command/executable/changepassword/ChangePasswordCommandTest.java +++ b/src/test/java/fr/xephi/authme/command/executable/changepassword/ChangePasswordCommandTest.java @@ -13,19 +13,16 @@ import org.bukkit.Server; import org.bukkit.command.BlockCommandSender; import org.bukkit.command.CommandSender; import org.bukkit.entity.Player; -import org.bukkit.scheduler.BukkitScheduler; import org.junit.Before; import org.junit.Test; import org.mockito.ArgumentCaptor; -import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; import static java.util.Arrays.asList; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.equalTo; -import static org.mockito.BDDMockito.given; import static org.mockito.Matchers.anyInt; import static org.mockito.Mockito.*; From e4fbe4ec537c8ca5d706d7962fcfc0a73cf8e489 Mon Sep 17 00:00:00 2001 From: Gabriele C Date: Tue, 8 Dec 2015 20:52:45 +0100 Subject: [PATCH 7/9] Fix npc issues (#320) This will fix 1 bug..... and will generate new ones! :P --- .../authme/listener/AuthMeBlockListener.java | 12 ++ .../authme/listener/AuthMeEntityListener.java | 49 ++++++++- .../authme/listener/AuthMePlayerListener.java | 103 +++++++++++++++--- .../listener/AuthMePlayerListener16.java | 5 + .../listener/AuthMePlayerListener18.java | 5 + .../authme/process/quit/AsynchronousQuit.java | 2 +- src/main/java/fr/xephi/authme/util/Utils.java | 2 +- 7 files changed, 158 insertions(+), 20 deletions(-) diff --git a/src/main/java/fr/xephi/authme/listener/AuthMeBlockListener.java b/src/main/java/fr/xephi/authme/listener/AuthMeBlockListener.java index 01cbadc2..56b7916c 100644 --- a/src/main/java/fr/xephi/authme/listener/AuthMeBlockListener.java +++ b/src/main/java/fr/xephi/authme/listener/AuthMeBlockListener.java @@ -32,6 +32,12 @@ public class AuthMeBlockListener implements Listener { if (Utils.checkAuth(event.getPlayer())) { return; } + + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC(event.getPlayer())) { + return; + } + event.setCancelled(true); } @@ -45,6 +51,12 @@ public class AuthMeBlockListener implements Listener { if (Utils.checkAuth(event.getPlayer())) { return; } + + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC(event.getPlayer())) { + return; + } + event.setCancelled(true); } diff --git a/src/main/java/fr/xephi/authme/listener/AuthMeEntityListener.java b/src/main/java/fr/xephi/authme/listener/AuthMeEntityListener.java index 5e27814e..30b4af72 100644 --- a/src/main/java/fr/xephi/authme/listener/AuthMeEntityListener.java +++ b/src/main/java/fr/xephi/authme/listener/AuthMeEntityListener.java @@ -49,7 +49,12 @@ public class AuthMeEntityListener implements Listener { } Player player = (Player) entity; - if (Utils.checkAuth(player)) { + if (Utils.checkAuth(player) ) { + return; + } + + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC(player)) { return; } player.setFireTicks(0); @@ -73,6 +78,11 @@ public class AuthMeEntityListener implements Listener { return; } + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC((Player) entity)) { + return; + } + event.setTarget(null); event.setCancelled(true); } @@ -83,7 +93,7 @@ public class AuthMeEntityListener implements Listener { * @param event EntityDamageByEntityEvent */ @EventHandler(ignoreCancelled = true, priority = EventPriority.LOWEST) - public void onDmg(EntityDamageByEntityEvent event) { + public void onDamage(EntityDamageByEntityEvent event) { Entity entity = event.getDamager(); if (entity == null || !(entity instanceof Player)) { return; @@ -94,6 +104,11 @@ public class AuthMeEntityListener implements Listener { return; } + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC(player)) { + return; + } + event.setCancelled(true); } @@ -113,6 +128,11 @@ public class AuthMeEntityListener implements Listener { return; } + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC((Player) entity)) { + return; + } + event.setCancelled(true); } @@ -132,6 +152,11 @@ public class AuthMeEntityListener implements Listener { return; } + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC((Player) entity)) { + return; + } + event.setAmount(0); event.setCancelled(true); } @@ -152,6 +177,11 @@ public class AuthMeEntityListener implements Listener { return; } + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC((Player) entity)) { + return; + } + event.setCancelled(true); } @@ -171,6 +201,11 @@ public class AuthMeEntityListener implements Listener { return; } + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC((Player) entity)) { + return; + } + event.setCancelled(true); } @@ -210,6 +245,11 @@ public class AuthMeEntityListener implements Listener { return; } + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC(player)) { + return; + } + event.setCancelled(true); } @@ -230,6 +270,11 @@ public class AuthMeEntityListener implements Listener { return; } + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC(player)) { + return; + } + event.setCancelled(true); } diff --git a/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener.java b/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener.java index 5444371f..7fc36994 100644 --- a/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener.java +++ b/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener.java @@ -70,7 +70,6 @@ public class AuthMePlayerListener implements Listener { } final Player player = event.getPlayer(); - if (Utils.checkAuth(player)) { for (Player p : Utils.getOnlinePlayers()) { if (!PlayerCache.getInstance().isAuthenticated(p.getName())) { @@ -81,6 +80,11 @@ public class AuthMePlayerListener implements Listener { } event.setCancelled(true); + sendLoginRegisterMSG(player); + } + + // TODO: new name + private void sendLoginRegisterMSG(final Player player) { plugin.getServer().getScheduler().runTaskAsynchronously(plugin, new Runnable() { @Override public void run() { @@ -110,6 +114,7 @@ public class AuthMePlayerListener implements Listener { return; } event.setCancelled(true); + sendLoginRegisterMSG(event.getPlayer()); } @EventHandler(ignoreCancelled = true, priority = EventPriority.NORMAL) @@ -186,17 +191,22 @@ public class AuthMePlayerListener implements Listener { @EventHandler(priority = EventPriority.LOWEST) public void onPlayerJoin(PlayerJoinEvent event) { - if (event.getPlayer() == null || Utils.isNPC(event.getPlayer())) { + final Player player = event.getPlayer(); + if (player == null) { return; } - final Player player = event.getPlayer(); + /* IMPOSSIBLE!!!! TODO: check this! + if(Utils.isNPC(player)) { + return; + } + */ + String name = player.getName().toLowerCase(); String joinMsg = event.getJoinMessage(); - boolean delay = Settings.delayJoinLeaveMessages && joinMsg != null; // Remove the join message while the player isn't logging in - if (delay) { + if (Settings.delayJoinLeaveMessages && joinMsg != null) { event.setJoinMessage(null); joinMessage.put(name, joinMsg); } @@ -254,13 +264,13 @@ public class AuthMePlayerListener implements Listener { @EventHandler(priority = EventPriority.HIGHEST) public void onPlayerLogin(PlayerLoginEvent event) { - if (event.getPlayer() == null || Utils.isUnrestricted(event.getPlayer())) { + final Player player = event.getPlayer(); + if (player == null || Utils.isUnrestricted(player)) { return; } // Get the permissions manager PermissionsManager permsMan = plugin.getPermissionsManager(); - final Player player = event.getPlayer(); if (event.getResult() == PlayerLoginEvent.Result.KICK_FULL && permsMan.hasPermission(player, PlayerPermission.IS_VIP)) { @@ -329,12 +339,12 @@ public class AuthMePlayerListener implements Listener { @EventHandler(priority = EventPriority.MONITOR) public void onPlayerQuit(PlayerQuitEvent event) { - if (event.getPlayer() == null) { + Player player = event.getPlayer(); + + if (player == null) { return; } - Player player = event.getPlayer(); - if (Settings.delayJoinLeaveMessages && !Utils.checkAuth(player)) { event.setQuitMessage(null); } @@ -344,7 +354,9 @@ public class AuthMePlayerListener implements Listener { @EventHandler(ignoreCancelled = true, priority = EventPriority.MONITOR) public void onPlayerKick(PlayerKickEvent event) { - if (event.getPlayer() == null) { + Player player = event.getPlayer(); + + if (player == null) { return; } @@ -354,13 +366,15 @@ public class AuthMePlayerListener implements Listener { return; } - Player player = event.getPlayer(); plugin.getManagement().performQuit(player, true); } @EventHandler(ignoreCancelled = true, priority = EventPriority.HIGHEST) public void onPlayerPickupItem(PlayerPickupItemEvent event) { - if (Utils.checkAuth(event.getPlayer())) { + Player player = event.getPlayer(); + + // TODO: npc status can be used to bypass security!!! + if (Utils.checkAuth(player) || Utils.isNPC(player)) { return; } event.setCancelled(true); @@ -368,7 +382,10 @@ public class AuthMePlayerListener implements Listener { @EventHandler(ignoreCancelled = true, priority = EventPriority.LOWEST) public void onPlayerInteract(PlayerInteractEvent event) { - if (Utils.checkAuth(event.getPlayer())) { + Player player = event.getPlayer(); + + // TODO: npc status can be used to bypass security!!! + if (Utils.checkAuth(player) || Utils.isNPC(player)) { return; } event.setCancelled(true); @@ -376,7 +393,10 @@ public class AuthMePlayerListener implements Listener { @EventHandler(ignoreCancelled = true, priority = EventPriority.NORMAL) public void onPlayerConsumeItem(PlayerItemConsumeEvent event) { - if (Utils.checkAuth(event.getPlayer())) { + Player player = event.getPlayer(); + + // TODO: npc status can be used to bypass security!!! + if (Utils.checkAuth(player) || Utils.isNPC(player)) { return; } event.setCancelled(true); @@ -385,7 +405,9 @@ public class AuthMePlayerListener implements Listener { @EventHandler(ignoreCancelled = true, priority = EventPriority.HIGHEST) public void onPlayerInventoryOpen(InventoryOpenEvent event) { final Player player = (Player) event.getPlayer(); - if (Utils.checkAuth(player)) { + + // TODO: npc status can be used to bypass security!!! + if (Utils.checkAuth(player) || Utils.isNPC(player)) { return; } event.setCancelled(true); @@ -410,6 +432,10 @@ public class AuthMePlayerListener implements Listener { return; if (Utils.checkAuth((Player) event.getWhoClicked())) return; + + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC((Player) event.getWhoClicked())) + return; event.setCancelled(true); } @@ -422,6 +448,11 @@ public class AuthMePlayerListener implements Listener { if (Utils.checkAuth((Player) damager)) { return; } + + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC((Player) damager)) { + return; + } event.setCancelled(true); } @@ -430,6 +461,11 @@ public class AuthMePlayerListener implements Listener { if (Utils.checkAuth(event.getPlayer())) { return; } + + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC(event.getPlayer())) { + return; + } event.setCancelled(true); } @@ -438,6 +474,11 @@ public class AuthMePlayerListener implements Listener { if (Utils.checkAuth(event.getPlayer())) { return; } + + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC(event.getPlayer())) { + return; + } event.setCancelled(true); } @@ -446,6 +487,11 @@ public class AuthMePlayerListener implements Listener { if (Utils.checkAuth(event.getPlayer())) { return; } + + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC(event.getPlayer())) { + return; + } event.setCancelled(true); } @@ -454,6 +500,11 @@ public class AuthMePlayerListener implements Listener { if (Utils.checkAuth(event.getPlayer())) { return; } + + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC(event.getPlayer())) { + return; + } event.setCancelled(true); } @@ -463,6 +514,11 @@ public class AuthMePlayerListener implements Listener { return; } + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC(event.getPlayer())) { + return; + } + Player player = event.getPlayer(); String name = player.getName().toLowerCase(); Location spawn = plugin.getSpawnLocation(player); @@ -481,6 +537,11 @@ public class AuthMePlayerListener implements Listener { return; } + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC(event.getPlayer())) { + return; + } + Player player = event.getPlayer(); if (plugin.getPermissionsManager().hasPermission(player, PlayerPermission.BYPASS_FORCE_SURVIVAL)) { return; @@ -499,6 +560,11 @@ public class AuthMePlayerListener implements Listener { if (Utils.checkAuth(event.getPlayer())) { return; } + + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC(event.getPlayer())) { + return; + } event.setCancelled(true); } @@ -507,6 +573,11 @@ public class AuthMePlayerListener implements Listener { if (Utils.checkAuth(event.getPlayer())) { return; } + + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC(event.getPlayer())) { + return; + } event.setCancelled(true); } diff --git a/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener16.java b/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener16.java index 2a83846b..0975b18a 100644 --- a/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener16.java +++ b/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener16.java @@ -32,6 +32,11 @@ public class AuthMePlayerListener16 implements Listener { if (Utils.checkAuth(event.getPlayer())) { return; } + + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC(event.getPlayer())) { + return; + } event.setCancelled(true); } diff --git a/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener18.java b/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener18.java index d19fa2df..dbcb1c71 100644 --- a/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener18.java +++ b/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener18.java @@ -32,6 +32,11 @@ public class AuthMePlayerListener18 implements Listener { if (Utils.checkAuth(event.getPlayer())) { return; } + + // TODO: npc status can be used to bypass security!!! + if (Utils.isNPC(event.getPlayer())) { + return; + } event.setCancelled(true); } diff --git a/src/main/java/fr/xephi/authme/process/quit/AsynchronousQuit.java b/src/main/java/fr/xephi/authme/process/quit/AsynchronousQuit.java index 540730f5..0cd0397b 100644 --- a/src/main/java/fr/xephi/authme/process/quit/AsynchronousQuit.java +++ b/src/main/java/fr/xephi/authme/process/quit/AsynchronousQuit.java @@ -47,7 +47,7 @@ public class AsynchronousQuit { public void process() { if (player == null) return; - if (Utils.isNPC(player) || Utils.isUnrestricted(player)) { + if (Utils.isUnrestricted(player)) { return; } diff --git a/src/main/java/fr/xephi/authme/util/Utils.java b/src/main/java/fr/xephi/authme/util/Utils.java index 3e3c52a0..e45b04a8 100644 --- a/src/main/java/fr/xephi/authme/util/Utils.java +++ b/src/main/java/fr/xephi/authme/util/Utils.java @@ -137,7 +137,7 @@ public final class Utils { // TODO: Move to a Manager public static boolean checkAuth(Player player) { - if (player == null || Utils.isUnrestricted(player) || Utils.isNPC(player)) { + if (player == null || Utils.isUnrestricted(player)) { return true; } From 330a275725a9a962d7b8c8f716e2c7ba4255da7a Mon Sep 17 00:00:00 2001 From: Gabriele C Date: Tue, 8 Dec 2015 21:02:22 +0100 Subject: [PATCH 8/9] Bump version: too many changes --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f308569e..9e15106c 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ fr.xephi authme - 5.1-SNAPSHOT + 5.2-SNAPSHOT jar AuthMeReloaded From 595879b95ef7a055ab02f992b98927000dc2836c Mon Sep 17 00:00:00 2001 From: ljacqu Date: Tue, 8 Dec 2015 21:51:33 +0100 Subject: [PATCH 9/9] #307 Finish changes to incomplete solution (f40d75e) - Remove deprecated builder - Fix introduced typos --- .../authme/command/CommandDescription.java | 19 ------ .../authme/command/CommandInitializer.java | 62 ++++++++----------- 2 files changed, 25 insertions(+), 56 deletions(-) diff --git a/src/main/java/fr/xephi/authme/command/CommandDescription.java b/src/main/java/fr/xephi/authme/command/CommandDescription.java index 59a5459a..dbbd1ffa 100644 --- a/src/main/java/fr/xephi/authme/command/CommandDescription.java +++ b/src/main/java/fr/xephi/authme/command/CommandDescription.java @@ -57,25 +57,6 @@ public class CommandDescription { */ private CommandPermissions permissions; - /** - * Constructor. - * - * @param executableCommand The executable command, or null. - * @param labels List of command labels. - * @param description Command description. - * @param detailedDescription Detailed comment description. - * @param parent Parent command. - */ - @Deprecated - public CommandDescription(ExecutableCommand executableCommand, List labels, String description, String detailedDescription, CommandDescription parent) { - setExecutableCommand(executableCommand); - this.labels = labels; - this.description = description; - this.detailedDescription = detailedDescription; - setParent(parent); - this.arguments = new ArrayList<>(); - } - /** * Private constructor. Use {@link CommandDescription#builder()} to create instances of this class. *

diff --git a/src/main/java/fr/xephi/authme/command/CommandInitializer.java b/src/main/java/fr/xephi/authme/command/CommandInitializer.java index 020a355d..9381499c 100644 --- a/src/main/java/fr/xephi/authme/command/CommandInitializer.java +++ b/src/main/java/fr/xephi/authme/command/CommandInitializer.java @@ -184,7 +184,6 @@ public final class CommandInitializer { .withArgument("player", "Player Name", false) .build(); - // Register the spawn command CommandDescription.builder() .executableCommand(new SpawnCommand()) @@ -216,7 +215,6 @@ public final class CommandInitializer { .permissions(OP_ONLY, AdminPermission.FIRST_SPAWN) .build(); - // Register the setfirstspawn command CommandDescription.builder() .executableCommand(new SetFirstSpawnCommand()) @@ -242,7 +240,8 @@ public final class CommandInitializer { CommandDescription.builder() .executableCommand(new PurgeLastPositionCommand()) .parent(AUTHME_BASE) - .labels("resetpos", "purgelastposition", "purgelastpos", "resetposition", "resetlastposition", "resetlastpos") + .labels("resetpos", "purgelastposition", "purgelastpos", "resetposition", + "resetlastposition", "resetlastpos") .description("Purge player's last position") .detailedDescription("Purge the last know position of the specified player.") .permissions(OP_ONLY, AdminPermission.PURGE_LAST_POSITION) @@ -250,7 +249,7 @@ public final class CommandInitializer { .build(); // Register the purgebannedplayers command - CommandDescription purgeBannedPlayersCommand = CommandDescription.builder() + CommandDescription.builder() .executableCommand(new PurgeBannedPlayersCommand()) .parent(AUTHME_BASE) .labels("purgebannedplayers", "purgebannedplayer", "deletebannedplayers", "deletebannedplayer") @@ -260,7 +259,7 @@ public final class CommandInitializer { .build(); // Register the switchantibot command - CommandDescription switchAntiBotCommand = CommandDescription.builder() + CommandDescription.builder() .executableCommand(new SwitchAntiBotCommand()) .parent(AUTHME_BASE) .labels("switchantibot", "toggleantibot", "antibot") @@ -270,26 +269,13 @@ public final class CommandInitializer { .withArgument("mode", "ON / OFF", true) .build(); - // // Register the resetname command - // CommandDescription resetNameCommand = new CommandDescription( - // new ResetNameCommand(), - // new ArrayList() {{ - // add("resetname"); - // add("resetnames"); - // }}, - // "Reset name", - // "Reset name", - // authMeCommand); - // resetNameCommand.setCommandPermissions("authme.admin.resetname", - // CommandPermissions.DefaultPermission.OP_ONLY); - // Register the reload command - CommandDescription reloadCommand = CommandDescription.builder() + CommandDescription.builder() .executableCommand(new ReloadCommand()) .parent(AUTHME_BASE) .labels("reload", "rld") .description("Reload plugin") - .detailedDescription("Reload the AutheMeReloaded plugin.") + .detailedDescription("Reload the AuthMeReloaded plugin.") .permissions(OP_ONLY, AdminPermission.RELOAD) .build(); @@ -315,7 +301,7 @@ public final class CommandInitializer { .build(); // Register the help command - CommandDescription loginHelpCommand = CommandDescription.builder() + CommandDescription.builder() .executableCommand(helpCommandExecutable) .parent(LOGIN_BASE) .labels(helpCommandLabels) @@ -335,7 +321,7 @@ public final class CommandInitializer { .build(); // Register the help command - CommandDescription logoutHelpCommand = CommandDescription.builder() + CommandDescription.builder() .executableCommand(helpCommandExecutable) .parent(LOGOUT_BASE) .labels(helpCommandLabels) @@ -357,7 +343,7 @@ public final class CommandInitializer { .build(); // Register the help command - CommandDescription registerHelpCommand = CommandDescription.builder() + CommandDescription.builder() .executableCommand(helpCommandExecutable) .parent(REGISTER_BASE) .labels(helpCommandLabels) @@ -378,7 +364,7 @@ public final class CommandInitializer { .build(); // Register the help command - CommandDescription unregisterHelpCommand = CommandDescription.builder() + CommandDescription.builder() .executableCommand(helpCommandExecutable) .parent(UNREGISTER_BASE) .labels(helpCommandLabels) @@ -400,7 +386,7 @@ public final class CommandInitializer { .build(); // Register the help command - CommandDescription changePasswordHelpCommand = CommandDescription.builder() + CommandDescription.builder() .executableCommand(helpCommandExecutable) .parent(CHANGE_PASSWORD_BASE) .labels(helpCommandLabels) @@ -419,7 +405,7 @@ public final class CommandInitializer { .build(); // Register the help command - CommandDescription emailHelpCommand = CommandDescription.builder() + CommandDescription.builder() .executableCommand(helpCommandExecutable) .parent(EMAIL_BASE) .labels(helpCommandLabels) @@ -429,24 +415,24 @@ public final class CommandInitializer { .build(); // Register the add command - CommandDescription addEmailCommand = CommandDescription.builder() + CommandDescription.builder() .executableCommand(new AddEmailCommand()) .parent(EMAIL_BASE) .labels("add", "addemail", "addmail") .description("Add Email") - .detailedDescription("Add a new Email address to your account.") + .detailedDescription("Add a new email address to your account.") .permissions(ALLOWED, PlayerPermission.ADD_EMAIL) .withArgument("email", "Email address", false) .withArgument("verifyEmail", "Email address verification", false) .build(); // Register the change command - CommandDescription changeEmailCommand = CommandDescription.builder() + CommandDescription.builder() .executableCommand(new ChangeEmailCommand()) .parent(EMAIL_BASE) .labels("change", "changeemail", "changemail") .description("Change Email") - .detailedDescription("Change an Email address of your account.") + .detailedDescription("Change an email address of your account.") .permissions(ALLOWED, PlayerPermission.CHANGE_EMAIL) .withArgument("oldEmail", "Old email address", false) .withArgument("newEmail", "New email address", false) @@ -454,12 +440,13 @@ public final class CommandInitializer { // Register the recover command - CommandDescription recoverEmailCommand = CommandDescription.builder() + CommandDescription.builder() .executableCommand(new RecoverEmailCommand()) .parent(EMAIL_BASE) .labels("recover", "recovery", "recoveremail", "recovermail") .description("Recover password using Email") - .detailedDescription("Recover your account using an Email address by sending a mail containing a new password.") + .detailedDescription("Recover your account using an Email address by sending a mail containing " + + "a new password.") .permissions(ALLOWED, PlayerPermission.RECOVER_EMAIL) .withArgument("email", "Email address", false) .build(); @@ -470,13 +457,13 @@ public final class CommandInitializer { .parent(null) .labels("captcha", "capt") .description("Captcha Command") - .detailedDescription("Captcha command for AuthMeRelaoded.") + .detailedDescription("Captcha command for AuthMeReloaded.") .permissions(ALLOWED, PlayerPermission.CAPTCHA) .withArgument("captcha", "The Captcha", false) .build(); // Register the help command - CommandDescription captchaHelpCommand = CommandDescription.builder() + CommandDescription.builder() .executableCommand(helpCommandExecutable) .parent(CAPTCHA_BASE) .labels(helpCommandLabels) @@ -491,13 +478,14 @@ public final class CommandInitializer { .parent(null) .labels("converter", "convert", "conv") .description("Converter Command") - .detailedDescription("Converter command for AuthMeRelaoded.") + .detailedDescription("Converter command for AuthMeReloaded.") .permissions(OP_ONLY, AdminPermission.CONVERTER) - .withArgument("job", "Conversion job: flattosql / flattosqlite /| xauth / crazylogin / rakamak / royalauth / vauth / sqltoflat", false) + .withArgument("job", "Conversion job: flattosql / flattosqlite /| xauth / crazylogin / rakamak / " + + "royalauth / vauth / sqltoflat", false) .build(); // Register the help command - CommandDescription converterHelpCommand = CommandDescription.builder() + CommandDescription.builder() .executableCommand(helpCommandExecutable) .parent(CONVERTER_BASE) .labels(helpCommandLabels)