- Add support for dependencies identified by annotations
- Add some more usage validation
- Change a few test classes to use the DelayedInjectionRunner
- Introduce new BeforeInjecting annotation to not modify the (expected) order of annotations that do not belong to us
- Avoids using hacky way of first initializing field to an Answer that will delegate on demand to the proper class...
- Remove PostConstruct support for Mockito's InjectMocks: we should not change the established behavior of external elements
- Test runner supporting new "DelayedInjection" annotation: such fields are only initialized with instantiation right before the first time they're used in tests, allowing to set up mock behavior beforehand
- Rename autoPurging to isPurging: we should always register if a purge task is in progress (regardless if autopurge or not) and deny any new requests
- Reduce the same logic being coded multiple times by calling through the methods
- DataSource: remove purgeBanned in favor of purgeRecords, both do exactly the same thing
- Move the check from PlayerLoginEvent to AsyncPlayerPreLoginEvent. Single session can only be implemented with PreLoginEvent; it is already to late to check this in the PlayerLoginEvent. Ergo, we cannot offer this for CraftBukkit.
- Remove interactions with LimboCache - no interactions with LimboCache expected until after OnJoinVerification checks. (Thanks sgdc3!)
- Create class to handle the creation of "LimboPlayer tasks" (adds encapsulation, reduces duplication)
- Move group setting into its own class because (mutual dependency between LimboCache and PermissionsManager otherwise)
- New injector method allows to retrieve services if they've already been instantiated -> useful for onDisable() which might be run after aborted initialization
- Deprecate various methods that need to be removed
- Set system property via surefire plugin and create profile that modifies the property
- Check for the new property in AbstractEncryptionMethodTest and shorten/skip the tests when necessary
- Change CommandDescription to contain a reference to ExecutableCommand class only
- Instantiate the actual ExecutableCommand objects in CommandHandler
(work in progress)
- Inject CommandService like other classes instead of passing it as method parameter
- Not solved: cyclic dependency CommandInitializer > ExecutableCommand > CommandService > CommandInitializer...
- Encapsulate captcha functionality into a class instead of two public fields on the AuthMe main class(!)
- Let CaptchaManager worry about whether it is enabled or not -> no need to check on the outside
- Implement full reloading support to enable/disable captchas + parameters
- Add unit tests
- Change password validation to return a ValidationResult object for passing message arguments
- Remove wrapping methods in ProcessService and CommandService and use ValidationService directly
- Get other classes via Inject annotation
- Remove no longer needed Utils methods (relates to #736)
- Create tests for ListenerService and AuthMeBlockListener
- Performance improvement: keep unrestricted names as Set instead of List for faster contains() method
- Write unit tests for checks done when a player joins
- Move join event handler methods back to PlayerListener; move join check logic to new separate class
- Use field on PlayerListener for storing nickname pattern -> repeatedly parsing pattern is expensive
- Remove unused legacy setting fields
- ForceFlatToSqlite cannot be run from converter command -> remove Converter interface to create more natural method signatures
- Do not instantiate classes with instantiation fallback if they have a PostConstruct method - thanks @sgdc3 for the hint
- Change Injector test to check exception messages also
- Implement similar restrictions as prescribed by the PostConstruct documentation:
- Class may have at most one method annotated with PostConstruct
- PostConstruct method must return void
- Javadoc: replace mentions of injector construction where any injection method was meant
- Separate FieldInjection from default fallback for no-Inject public no-args constructor classes
- Make CommandInitializer a normal, instantiable service
- Add various injections instead of fetching through command service
- Classes still won't be present in JAR but classes will be automatically compiled by Maven inside of the test scope, facilitating the execution of tool tasks
- Stop registration and issue an error if the email address setting is empty for email registration
- Refactor register command into smaller portions
- Create tests
- Move console initialization for tests into TestHelper
- Remove unused properties in legacy Settings
- Add issue number to TODO comments where applicable
- Remove redundant uses of WrapperMock
- Use assertThat() from JUnit, not hamcrest
- Use hamcrest Matchers everywhere (not BaseMatchers etc.)
- Favor Mockito's argThat() over using ArgumentCaptor (more succinct)
- Delete useless test classes
- Create validation service; fixes same code being duplicated in four places
- Goal is to remove Utils class, by moving methods to validation service or other services
- Remove unused properties in legacy settings
- Pass PropertyMap to settings class from the outside
- Fix tests not being reentrant due to real file writes
- Improve Node (internal tree for PropertyMap) interface
- Add code coverage for private constructors
- Rename *taskId methods to *task to reflect what they handle
- Remove usages of Wrapper where applicable
- Replace some uses of legacy Settings with NewSetting calls
- Adjust javadoc
- Remove unused PlayerAuth constructor
- Replace legacy Settings with NewSetting calls
- Add process service to all (a)sync processes
- Change IP manager to only cache the calls to the VeryGames API
- Create IP address manager for handling and caching IP addresses -> outside of the manager I do not want to care about caching details
- Make more processes use the ProcessService in favor of statically injected objects
- Generic test for MySQL and SQLite checking that all generated (Prepared)Statement and ResultSet instances are closed afterwards
- Fix offending code for test to pass
- Change ForceFlatToSqlite converter to use a generic datasource destination (i.e. can be used for Flat2MySQL later)
- Add tests, including for FlatFile
- Check that user is not present in destination datasource before adding
- Persist last location from flatfile as well
- Move certain permission nodes outside of the authme.player branch
- Update classes / permissions list
- Remove wildcard node from code completely (since not used)
- Old, deprecated property now exists again -> stop checking for its presence as a reason for migration
- Create test for SettingsMigrationService to detect such issues in the future
- Check also in admin command that email is not already used
- Misc bug fixing (logic errors, changes lost during large merge)
- Use "email" and "setemail" as main labels for /authme subcommands
- Create SettingsMigrationService#copyFileFromResource (inspired from CustomSettings)
- Use new method to copy missing files in plugin folder from JAR
- Create YamlFileConfiguration inside NewSetting: FileConfiguration object provided by JavaPlugin#getConfig() sets default values from the JAR's config.yml :(
- Change ConsoleLogger to take logger from plugin (work in progress)
- Change ReloadCommand to use the new setting functionality
- Check and construct the messages file in NewSetting
- Unrelated: change MessagesManager not to extend CustomConfiguration anymore
- Update BCrypt implementation version
- Separate third-party BCrypt implementation from our BCRYPT EncryptionMethod extension
- Fix WBB4: ensure password is hashed with bcrypt twice and that we check accordingly
- Fix check that discards potentially trying all encryption methods if password didn't match
- Wrap call to encryption method properly to avoid calling methods with hasSeparateSalt() = true and a null salt
- Inject permission manager into command service explicitly via constructor
- Change command mapper to only care about generating FoundCommandResult objects, and command handler to worry about dealing with it later on
- Adjust NewSetting constructor to match needs in AuthMe
- Add NewSetting to the command service
- See CaptchaCommand for a sample replacement from Settings to NewSetting
- Create consistency test to verify that all properties in config.yml are defined as a Property field in a SettingsClass implementation (currently fails)
- Add some missing properties
- Minor: convert tabs to spaces
- Although the class only has fields of Property type it would appear that CircleCI et al. may use libraries that add fields to classes later on, so we need to check for the field type
- Create Property class for defining config properties
- Create logic for typed retrival of properties from YAML file
- Add custom save method
- Retain comments from Comment annotations in the classes
- Write in a sorted order: first discovered properties are first written to config.yml
- Adjust properties to reflect the current config.yml
- Add sample tests for the retrieval and writing of properties with the new setup
- Ensure within PasswordSecurity that the player name is lowercase
- Remove check for MD5VB separate salt (we only generate hashes with the salt embedded, so either we need to change that or we don't need this check)
- Remove obsolete TODO
- Rename HashResult to EncryptedPassword to reflect its broader use
- Use EncryptedPassword in methods that require the hash and the salt, instead of passing them as strings separately
- Store EncryptedPassword as field in PlayerAuth; updatePassword() thus processes the entire data in the EncryptedPassword object
- Create integration test for the HashAlgorithm enum
- Create AsciiRestricted annotation and make test aware of it
- Add option to skip "same hash for same salt" test (for wordpress)
- Change some EncryptionMethods to extend from a common superclass
Rationale:
- Seems not to have been working since it was added to the codebase
- Seems not to correspond to the actual Xenforo password hashing (class does some sort of JSON extraction?)
- It would be easier to rewrite it from scratch if someone requests it later
- Add new methods temporarily to NewEncrMethod interface
- No data source access within EncryptionMethod implementations
- Generate the salt within the EncryptionMethod implementation
- Deprecate static methods on PasswordSecurity
- Adjust AbstractEncryptionMethodTest to test the classes with the new interface
- Add getter for data source instead of accessing field directly
- Create Utils class for a common implementation of md5/sha1
- Create "foolproof" way of getting the MessageDigest for md5 etc. (MessageDigestAlgorithm enum)
- Create description annotations to annotate algorithms with usage recommendation and salt type
(work in progress)
- Pass all dependencies via constructor
- Encapsulate command handling more (e.g. split CommandHandler with new CommandMapper)
- Add help command to all base commands at one central point
See AccountsCommand or HelpCommand for an example of the advantages - all necessary functions come from CommandService; objects aren't retrieved through a singleton getInstance() method anymore
- Revert commit (undo formatting changes, commented out code)
- Add ignore to not run the test due to local problems (probably because of some character encoding issue)
- Rename getHash() to computeHash(): get.. suggests it's just retrieving some field but it's really doing a computation, which is quite complex depending on the hash algorithm
- Export duplicated code into a service
- Remove canConnect attribute from AuthMe class - was unused and doesn't seem sensible
- Add consistency test for listener classes
- Fix bugs in behavior (wrong labels being shown for help)
- Change order of labels and arguments in FoundCommandResult constructors
- Move FoundResultStatus enum to its own class
- Create test class for HelpProvider
- Change interface to use (CommandSender, List<String> arguments)
- Use CommandArgumentDescription#name instead of "label" (to prevent confusion between command labels and arguments)
- Simplify command difference computation in CommandHandler (no longer consider argument difference)
- Change interface to use (CommandSender, List<String> arguments)
- Use CommandArgumentDescription#name instead of "label" (to prevent confusion between command labels and arguments)
- Simplify command difference computation in CommandHandler (no longer consider argument difference)
- Remove permission logic on command side; make PermissionsManager handle checks for all CommandSender objects (not only Player), cf. #314
- Remove unnecessary redundancies in passed arguments ("command references" that can be inferred from the FoundResult)
- Extend FoundCommandResult to represent all possible error cases
- Move permissions responsibilities from command to permissions (remove some logic from CommandPermissions, add DefaultPermission enum to permissions package)
- Start possible interface for the future per-permission system implementations of permissions managers
- Change wrong player permissions to admin permissions
- Rename command class names that were the same for the ordinary vs. admin task
- Create test to ensure that commands with OP_ONLY default require an admin permission node
- Reduce tight coupling by passing list of available commands as param to CommandHandler
- Split command processing method into several smaller ones
- Remove unfinished logic for unlimited command arguments (reason: was not implemented and not used, probably needs another way to handle it once the need for it arises)
- Create test for CommandHandler
- Change MessageKey to the proper message
- Change permissions for admin changepassword to admin
- Rename player changepassword command arguments to reflect their actual meaning
- Abstract Messages into two layers: the top layer 'Messages' is how Messages can be retrieved and sent as before. In the background, package-private, MessagesManager actually does the file read and worries about I/O while Messages takes care of higher-level things (such as joining two lines or checking the current language).
- Create Initializer class that only initializes AuthMe commands
- Move remaining method to CommandHandler
- Deprecate constructors on CommandDescription in favor of the builder
- Various cleanups and comments
- Create test to ensure that commands don't define the same binding
- Create stricter attribute validation in builder: throw an error if required field was not initialized
- Add tests to check the integrity of the commands that are defined in the CommandManager
- Convert some more commands registrations to the new Builder format
- Create builder class for CommandDescription
- Remove redundant methods in command registration classes (e.g. certain validation is superfluous because we only instantiate the classes internally)
- Replace multiple occurrences where a field is directly instantiated e.g. with a list and then its value is overwritten by a constructor = redundant instantiation of objects
- Change AuthMeMockUtils (reflection-based test setup) to ReflectionUtils: service providing reflection functionalities for particular tests where it is appropriate;
- Initialize the data folder (required as soon as the Settings class is loaded) immediately in WrapperMock. Some tests did not set it up that required it and it goes unnoticed if the test is not run individually. This will hopefully fix the tests from failing in the Jenkins build.
StringUtils - merge the two join methods to one common implementation with two interface; add tests
Messages - remove the methods taking a String as code after the kind refactoring by @DNx5
Replaced many classes to use Wrapper to get singletons and replaced the test setups to use the WrapperMock instead of setting fields through reflection
- Add BufferedReader instantiation into try-with-resources statement
- Close scanner that was opened
- Create utility class to format a caught exception
Had to create a getGameServer() method in AuthMe in order to be able to catch this call in tests and replace it with a mock implementation of the actual server. The supertype method getServer() is declared as final, which makes it impossible to mock with Mockito.
While there are frameworks that manipulate the bytecode to mock final calls, it is much easier and less risky to simply delegate the server retrieval through another method.
The HelpSyntaxHelper had suppressed warnings for string concatenation within StringBuilder - the point of the StringBuilder is that it is faster when you use it to concatenate many elements. If you still use string concatenation with + within these calls it beats the purpose.
Had to create a getter for the Management instance in the AuthMe class for mocking, but fields should generally not be accessed globally. Hopefully soon we will be able to make the field private.
The HelpSyntaxHelper had suppressed warnings for string concatenation within StringBuilder - the point of the StringBuilder is that it is faster when you use it to concatenate many elements. If you still use string concatenation with + within these calls it beats the purpose.
(cherry picked from commit bb00be2)
Had to create a getter for the Management instance in the AuthMe class for mocking, but fields should generally not be accessed globally. Hopefully soon we will be able to make the field private.
(cherry picked from commit f1a0022)
