- Ugly workaround due to #1014: need to have EnumSetProperty extend from StringListProperty type so that it is exported in a proper manner (as a string list). To get an enum Set we need to call a dedicated method on EnumSetProperty for the time being.
- New injector method allows to retrieve services if they've already been instantiated -> useful for onDisable() which might be run after aborted initialization
- Deprecate various methods that need to be removed
- Set system property via surefire plugin and create profile that modifies the property
- Check for the new property in AbstractEncryptionMethodTest and shorten/skip the tests when necessary
- Move console initialization for tests into TestHelper
- Remove unused properties in legacy Settings
- Add issue number to TODO comments where applicable
- Remove redundant uses of WrapperMock
- Use assertThat() from JUnit, not hamcrest
- Use hamcrest Matchers everywhere (not BaseMatchers etc.)
- Favor Mockito's argThat() over using ArgumentCaptor (more succinct)
- Delete useless test classes
- Create SettingsMigrationService#copyFileFromResource (inspired from CustomSettings)
- Use new method to copy missing files in plugin folder from JAR
- Create YamlFileConfiguration inside NewSetting: FileConfiguration object provided by JavaPlugin#getConfig() sets default values from the JAR's config.yml :(
- Change ConsoleLogger to take logger from plugin (work in progress)
- Update BCrypt implementation version
- Separate third-party BCrypt implementation from our BCRYPT EncryptionMethod extension
- Fix WBB4: ensure password is hashed with bcrypt twice and that we check accordingly
- Fix check that discards potentially trying all encryption methods if password didn't match
- Wrap call to encryption method properly to avoid calling methods with hasSeparateSalt() = true and a null salt
- Ensure within PasswordSecurity that the player name is lowercase
- Remove check for MD5VB separate salt (we only generate hashes with the salt embedded, so either we need to change that or we don't need this check)
- Remove obsolete TODO
- Rename HashResult to EncryptedPassword to reflect its broader use
- Use EncryptedPassword in methods that require the hash and the salt, instead of passing them as strings separately
- Store EncryptedPassword as field in PlayerAuth; updatePassword() thus processes the entire data in the EncryptedPassword object
- Create integration test for the HashAlgorithm enum
- Create AsciiRestricted annotation and make test aware of it
- Add option to skip "same hash for same salt" test (for wordpress)
- Change some EncryptionMethods to extend from a common superclass
Rationale:
- Seems not to have been working since it was added to the codebase
- Seems not to correspond to the actual Xenforo password hashing (class does some sort of JSON extraction?)
- It would be easier to rewrite it from scratch if someone requests it later
