- Check also in admin command that email is not already used
- Misc bug fixing (logic errors, changes lost during large merge)
- Use "email" and "setemail" as main labels for /authme subcommands
- Create SettingsMigrationService#copyFileFromResource (inspired from CustomSettings)
- Use new method to copy missing files in plugin folder from JAR
- Create YamlFileConfiguration inside NewSetting: FileConfiguration object provided by JavaPlugin#getConfig() sets default values from the JAR's config.yml :(
- Change ConsoleLogger to take logger from plugin (work in progress)
- Change ReloadCommand to use the new setting functionality
- Check and construct the messages file in NewSetting
- Unrelated: change MessagesManager not to extend CustomConfiguration anymore
- Update BCrypt implementation version
- Separate third-party BCrypt implementation from our BCRYPT EncryptionMethod extension
- Fix WBB4: ensure password is hashed with bcrypt twice and that we check accordingly
- Fix check that discards potentially trying all encryption methods if password didn't match
- Wrap call to encryption method properly to avoid calling methods with hasSeparateSalt() = true and a null salt
- Inject permission manager into command service explicitly via constructor
- Change command mapper to only care about generating FoundCommandResult objects, and command handler to worry about dealing with it later on
- Adjust NewSetting constructor to match needs in AuthMe
- Add NewSetting to the command service
- See CaptchaCommand for a sample replacement from Settings to NewSetting
- Create consistency test to verify that all properties in config.yml are defined as a Property field in a SettingsClass implementation (currently fails)
- Add some missing properties
- Minor: convert tabs to spaces
- Although the class only has fields of Property type it would appear that CircleCI et al. may use libraries that add fields to classes later on, so we need to check for the field type
- Create Property class for defining config properties
- Create logic for typed retrival of properties from YAML file
- Add custom save method
- Retain comments from Comment annotations in the classes
- Write in a sorted order: first discovered properties are first written to config.yml
- Adjust properties to reflect the current config.yml
- Add sample tests for the retrieval and writing of properties with the new setup
- Ensure within PasswordSecurity that the player name is lowercase
- Remove check for MD5VB separate salt (we only generate hashes with the salt embedded, so either we need to change that or we don't need this check)
- Remove obsolete TODO
- Rename HashResult to EncryptedPassword to reflect its broader use
- Use EncryptedPassword in methods that require the hash and the salt, instead of passing them as strings separately
- Store EncryptedPassword as field in PlayerAuth; updatePassword() thus processes the entire data in the EncryptedPassword object
- Create integration test for the HashAlgorithm enum
- Create AsciiRestricted annotation and make test aware of it
- Add option to skip "same hash for same salt" test (for wordpress)
- Change some EncryptionMethods to extend from a common superclass
Rationale:
- Seems not to have been working since it was added to the codebase
- Seems not to correspond to the actual Xenforo password hashing (class does some sort of JSON extraction?)
- It would be easier to rewrite it from scratch if someone requests it later
- Add new methods temporarily to NewEncrMethod interface
- No data source access within EncryptionMethod implementations
- Generate the salt within the EncryptionMethod implementation
- Deprecate static methods on PasswordSecurity
- Adjust AbstractEncryptionMethodTest to test the classes with the new interface
- Add getter for data source instead of accessing field directly
- Create Utils class for a common implementation of md5/sha1
- Create "foolproof" way of getting the MessageDigest for md5 etc. (MessageDigestAlgorithm enum)
- Create description annotations to annotate algorithms with usage recommendation and salt type
(work in progress)
- Pass all dependencies via constructor
- Encapsulate command handling more (e.g. split CommandHandler with new CommandMapper)
- Add help command to all base commands at one central point
See AccountsCommand or HelpCommand for an example of the advantages - all necessary functions come from CommandService; objects aren't retrieved through a singleton getInstance() method anymore
- Revert commit (undo formatting changes, commented out code)
- Add ignore to not run the test due to local problems (probably because of some character encoding issue)
- Rename getHash() to computeHash(): get.. suggests it's just retrieving some field but it's really doing a computation, which is quite complex depending on the hash algorithm
- Export duplicated code into a service
- Remove canConnect attribute from AuthMe class - was unused and doesn't seem sensible
- Add consistency test for listener classes
- Fix bugs in behavior (wrong labels being shown for help)
- Change order of labels and arguments in FoundCommandResult constructors
- Move FoundResultStatus enum to its own class
- Create test class for HelpProvider
- Change interface to use (CommandSender, List<String> arguments)
- Use CommandArgumentDescription#name instead of "label" (to prevent confusion between command labels and arguments)
- Simplify command difference computation in CommandHandler (no longer consider argument difference)
- Change interface to use (CommandSender, List<String> arguments)
- Use CommandArgumentDescription#name instead of "label" (to prevent confusion between command labels and arguments)
- Simplify command difference computation in CommandHandler (no longer consider argument difference)
- Remove permission logic on command side; make PermissionsManager handle checks for all CommandSender objects (not only Player), cf. #314
- Remove unnecessary redundancies in passed arguments ("command references" that can be inferred from the FoundResult)
- Extend FoundCommandResult to represent all possible error cases
- Move permissions responsibilities from command to permissions (remove some logic from CommandPermissions, add DefaultPermission enum to permissions package)
- Start possible interface for the future per-permission system implementations of permissions managers
- Change wrong player permissions to admin permissions
- Rename command class names that were the same for the ordinary vs. admin task
- Create test to ensure that commands with OP_ONLY default require an admin permission node
- Reduce tight coupling by passing list of available commands as param to CommandHandler
- Split command processing method into several smaller ones
- Remove unfinished logic for unlimited command arguments (reason: was not implemented and not used, probably needs another way to handle it once the need for it arises)
- Create test for CommandHandler
- Change MessageKey to the proper message
- Change permissions for admin changepassword to admin
- Rename player changepassword command arguments to reflect their actual meaning
- Abstract Messages into two layers: the top layer 'Messages' is how Messages can be retrieved and sent as before. In the background, package-private, MessagesManager actually does the file read and worries about I/O while Messages takes care of higher-level things (such as joining two lines or checking the current language).
- Create Initializer class that only initializes AuthMe commands
- Move remaining method to CommandHandler
- Deprecate constructors on CommandDescription in favor of the builder
- Various cleanups and comments
- Create test to ensure that commands don't define the same binding
- Create stricter attribute validation in builder: throw an error if required field was not initialized
- Add tests to check the integrity of the commands that are defined in the CommandManager
- Convert some more commands registrations to the new Builder format
- Create builder class for CommandDescription
- Remove redundant methods in command registration classes (e.g. certain validation is superfluous because we only instantiate the classes internally)
- Replace multiple occurrences where a field is directly instantiated e.g. with a list and then its value is overwritten by a constructor = redundant instantiation of objects
- Change AuthMeMockUtils (reflection-based test setup) to ReflectionUtils: service providing reflection functionalities for particular tests where it is appropriate;
- Initialize the data folder (required as soon as the Settings class is loaded) immediately in WrapperMock. Some tests did not set it up that required it and it goes unnoticed if the test is not run individually. This will hopefully fix the tests from failing in the Jenkins build.
StringUtils - merge the two join methods to one common implementation with two interface; add tests
Messages - remove the methods taking a String as code after the kind refactoring by @DNx5
Replaced many classes to use Wrapper to get singletons and replaced the test setups to use the WrapperMock instead of setting fields through reflection
- Add BufferedReader instantiation into try-with-resources statement
- Close scanner that was opened
- Create utility class to format a caught exception
Had to create a getGameServer() method in AuthMe in order to be able to catch this call in tests and replace it with a mock implementation of the actual server. The supertype method getServer() is declared as final, which makes it impossible to mock with Mockito.
While there are frameworks that manipulate the bytecode to mock final calls, it is much easier and less risky to simply delegate the server retrieval through another method.
The HelpSyntaxHelper had suppressed warnings for string concatenation within StringBuilder - the point of the StringBuilder is that it is faster when you use it to concatenate many elements. If you still use string concatenation with + within these calls it beats the purpose.
Had to create a getter for the Management instance in the AuthMe class for mocking, but fields should generally not be accessed globally. Hopefully soon we will be able to make the field private.
The HelpSyntaxHelper had suppressed warnings for string concatenation within StringBuilder - the point of the StringBuilder is that it is faster when you use it to concatenate many elements. If you still use string concatenation with + within these calls it beats the purpose.
(cherry picked from commit bb00be2)
Had to create a getter for the Management instance in the AuthMe class for mocking, but fields should generally not be accessed globally. Hopefully soon we will be able to make the field private.
(cherry picked from commit f1a0022)
