Requested changes

2024-11-25 11:46:38 +01:00 · 2018-12-09 19:03:51 +01:00 · 2018-12-09 19:03:51 +01:00 · fac3a70634
commit fac3a70634
parent b919c33819
7 changed files with 18 additions and 106 deletions
--- a/src/main/java/fr/xephi/authme/command/CommandDescription.java
+++ b/src/main/java/fr/xephi/authme/command/CommandDescription.java
@ -302,13 +302,12 @@ public class CommandDescription {
        }

        /**
-         * Defines if the command contains sensitive data
+         * Defines that the command contains sensitive data
         *
-         * @param sensitive The sensitive data flag
         * @return The builder
         */
-        public CommandBuilder sensitive(boolean sensitive) {
-            this.sensitive = sensitive;
+        public CommandBuilder sensitive() {
+            this.sensitive = true;
            return this;
        }
    }
--- a/src/main/java/fr/xephi/authme/command/CommandInitializer.java
+++ b/src/main/java/fr/xephi/authme/command/CommandInitializer.java
@ -94,7 +94,7 @@ public class CommandInitializer {
            .detailedDescription("Command to log in using AuthMeReloaded.")
            .withArgument("password", "Login password", MANDATORY)
            .permission(PlayerPermission.LOGIN)
-            .sensitive(true)
+            .sensitive()
            .executableCommand(LoginCommand.class)
            .register();

@ -117,7 +117,7 @@ public class CommandInitializer {
            .withArgument("password", "Password", OPTIONAL)
            .withArgument("verifyPassword", "Verify password", OPTIONAL)
            .permission(PlayerPermission.REGISTER)
-            .sensitive(true)
+            .sensitive()
            .executableCommand(RegisterCommand.class)
            .register();

@ -141,7 +141,7 @@ public class CommandInitializer {
            .withArgument("oldPassword", "Old password", MANDATORY)
            .withArgument("newPassword", "New password", MANDATORY)
            .permission(PlayerPermission.CHANGE_PASSWORD)
-            .sensitive(true)
+            .sensitive()
            .executableCommand(ChangePasswordCommand.class)
            .register();

@ -200,7 +200,7 @@ public class CommandInitializer {
            .withArgument("player", "Player name", MANDATORY)
            .withArgument("password", "Password", MANDATORY)
            .permission(AdminPermission.REGISTER)
-            .sensitive(true)
+            .sensitive()
            .executableCommand(RegisterAdminCommand.class)
            .register();

@ -235,7 +235,7 @@ public class CommandInitializer {
            .withArgument("player", "Player name", MANDATORY)
            .withArgument("pwd", "New password", MANDATORY)
            .permission(AdminPermission.CHANGE_PASSWORD)
-            .sensitive(true)
+            .sensitive()
            .executableCommand(ChangePasswordAdminCommand.class)
            .register();

@ -545,7 +545,7 @@ public class CommandInitializer {
            .detailedDescription("Set a new password after successfully recovering your account.")
            .withArgument("password", "New password", MANDATORY)
            .permission(PlayerPermission.RECOVER_EMAIL)
-            .sensitive(true)
+            .sensitive()
            .executableCommand(EmailSetPasswordCommand.class)
            .register();

@ -574,7 +574,7 @@ public class CommandInitializer {
            .description("Command for logging in")
            .detailedDescription("Processes the two-factor authentication code during login.")
            .withArgument("code", "The TOTP code to use to log in", MANDATORY)
-            .sensitive(true)
+            .sensitive()
            .executableCommand(TotpCodeCommand.class)
            .register();

@ -596,7 +596,7 @@ public class CommandInitializer {
            .detailedDescription("Saves the generated TOTP secret after confirmation.")
            .withArgument("code", "Code from the given secret from /totp add", MANDATORY)
            .permission(PlayerPermission.ENABLE_TWO_FACTOR_AUTH)
-            .sensitive(true)
+            .sensitive()
            .executableCommand(ConfirmTotpCommand.class)
            .register();

@ -608,7 +608,7 @@ public class CommandInitializer {
            .detailedDescription("Disables two-factor authentication for your account.")
            .withArgument("code", "Current 2FA code", MANDATORY)
            .permission(PlayerPermission.DISABLE_TWO_FACTOR_AUTH)
-            .sensitive(true)
+            .sensitive()
            .executableCommand(RemoveTotpCommand.class)
            .register();

--- a/src/main/java/fr/xephi/authme/initialization/OnStartupTasks.java
+++ b/src/main/java/fr/xephi/authme/initialization/OnStartupTasks.java
@ -7,7 +7,7 @@ import fr.xephi.authme.message.MessageKey;
 import fr.xephi.authme.message.Messages;
 import fr.xephi.authme.output.ConsoleFilter;
 import fr.xephi.authme.output.Log4JFilter;
-import fr.xephi.authme.output.LogFilterService;
+import fr.xephi.authme.service.LogFilterService;
 import fr.xephi.authme.service.BukkitService;
 import fr.xephi.authme.settings.Settings;
 import fr.xephi.authme.settings.properties.DatabaseSettings;
--- a/src/main/java/fr/xephi/authme/output/ConsoleFilter.java
+++ b/src/main/java/fr/xephi/authme/output/ConsoleFilter.java
@ -1,5 +1,7 @@
 package fr.xephi.authme.output;

+import fr.xephi.authme.service.LogFilterService;
+
 import java.util.logging.Filter;
 import java.util.logging.LogRecord;

--- a/src/main/java/fr/xephi/authme/output/Log4JFilter.java
+++ b/src/main/java/fr/xephi/authme/output/Log4JFilter.java
@ -1,5 +1,6 @@
 package fr.xephi.authme.output;

+import fr.xephi.authme.service.LogFilterService;
 import org.apache.logging.log4j.Level;
 import org.apache.logging.log4j.Marker;
 import org.apache.logging.log4j.core.LogEvent;
--- a/src/main/java/fr/xephi/authme/service/LogFilterService.java
+++ b/src/main/java/fr/xephi/authme/service/LogFilterService.java
@ -1,4 +1,4 @@
-package fr.xephi.authme.output;
+package fr.xephi.authme.service;

 import fr.xephi.authme.command.CommandMapper;
 import fr.xephi.authme.command.FoundCommandResult;
@ -36,8 +36,7 @@ public class LogFilterService {
            case MISSING_BASE_COMMAND:
                return false;
            default:
-                break;
+                return command.getCommandDescription().isSensitive();
        }
-        return command.getCommandDescription().isSensitive();
    }
 }
--- a/src/test/java/fr/xephi/authme/output/LogFilterHelperTest.java
+++ b/src/test/java/fr/xephi/authme/output/LogFilterHelperTest.java
@ -1,89 +0,0 @@
-package fr.xephi.authme.output;
-
-import com.google.common.collect.Lists;
-import fr.xephi.authme.command.CommandDescription;
-import fr.xephi.authme.command.CommandInitializer;
-import org.junit.Test;
-
-import java.util.Arrays;
-import java.util.List;
-import java.util.stream.Collectors;
-
-import static org.hamcrest.Matchers.containsInAnyOrder;
-import static org.junit.Assert.assertThat;
-
-/**
- * Test for {@link LogFilterService}.
- */
-public class LogFilterHelperTest {
-
-    private static final List<CommandDescription> ALL_COMMANDS = new CommandInitializer().getCommands();
-
-    /**
-     * Checks that {@link LogFilterService#COMMANDS_TO_SKIP} contains the entries we expect
-     * (commands with password argument).
-     */
-    @Test
-    public void shouldBlacklistAllSensitiveCommands() {
-        // given
-        List<CommandDescription> sensitiveCommands = Arrays.asList(
-            getCommand("register"), getCommand("login"), getCommand("changepassword"), getCommand("unregister"),
-            getCommand("authme", "register"), getCommand("authme", "changepassword"),
-            getCommand("email", "setpassword")
-        );
-        // Build array with entries like "/register ", "/authme cp ", "/authme changepass "
-        String[] expectedEntries = sensitiveCommands.stream()
-            .map(cmd -> buildCommandSyntaxes(cmd))
-            .flatMap(List::stream)
-            .map(syntax -> syntax + " ")
-            .toArray(String[]::new);
-
-        // when / then
-        assertThat(LogFilterService.COMMANDS_TO_SKIP, containsInAnyOrder(expectedEntries));
-
-    }
-
-    private static CommandDescription getCommand(String label) {
-        return findCommandWithLabel(label, ALL_COMMANDS);
-    }
-
-    private static CommandDescription getCommand(String parentLabel, String childLabel) {
-        CommandDescription parent = getCommand(parentLabel);
-        return findCommandWithLabel(childLabel, parent.getChildren());
-    }
-
-    private static CommandDescription findCommandWithLabel(String label, List<CommandDescription> commands) {
-        return commands.stream()
-            .filter(cmd -> cmd.getLabels().contains(label))
-            .findFirst().orElseThrow(() -> new IllegalArgumentException(label));
-    }
-
-    /**
-     * Returns all "command syntaxes" from which the given command can be reached.
-     * For example, the result might be a List containing "/authme changepassword", "/authme changepass",
-     * "/authme cp", "/authme:authme changepassword" etc.
-     *
-     * @param command the command to build syntaxes for
-     * @return command syntaxes
-     */
-    private static List<String> buildCommandSyntaxes(CommandDescription command) {
-        List<String> prefixes = getCommandPrefixes(command);
-
-        return command.getLabels()
-            .stream()
-            .map(label -> Lists.transform(prefixes, p -> p + label))
-            .flatMap(List::stream)
-            .collect(Collectors.toList());
-    }
-
-    private static List<String> getCommandPrefixes(CommandDescription command) {
-        if (command.getParent() == null) {
-            return Arrays.asList("/", "/authme:");
-        }
-        return command.getParent().getLabels()
-            .stream()
-            .map(label -> new String[]{"/" + label + " ", "/authme:" + label + " "})
-            .flatMap(Arrays::stream)
-            .collect(Collectors.toList());
-    }
-}