ddca37ab73
Require Java 11 compiler (JRE 1.8 compatible)
2022-10-09 23:39:39 +02:00
fefeead323
Fix duplicated repository in pom.xml
2022-10-09 22:03:09 +02:00
3f5353a328
Bump checker-qual from 3.24.0 to 3.25.0 ( #2612 )
...
Bumps [checker-qual](https://github.com/typetools/checker-framework ) from 3.24.0 to 3.25.0.
- [Release notes](https://github.com/typetools/checker-framework/releases )
- [Changelog](https://github.com/typetools/checker-framework/blob/master/docs/CHANGELOG.md )
- [Commits](https://github.com/typetools/checker-framework/compare/checker-framework-3.24.0...checker-framework-3.25.0 )
---
updated-dependencies:
- dependency-name: org.checkerframework:checker-qual
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-07 22:10:46 +02:00
dca829650c
Bump sqlite-jdbc from 3.39.2.0 to 3.39.2.1 ( #2610 )
...
Bumps [sqlite-jdbc](https://github.com/xerial/sqlite-jdbc ) from 3.39.2.0 to 3.39.2.1.
- [Release notes](https://github.com/xerial/sqlite-jdbc/releases )
- [Changelog](https://github.com/xerial/sqlite-jdbc/blob/master/CHANGELOG )
- [Commits](https://github.com/xerial/sqlite-jdbc/compare/3.39.2.0...3.39.2.1 )
---
updated-dependencies:
- dependency-name: org.xerial:sqlite-jdbc
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-07 22:10:37 +02:00
37b8728197
Bump postgresql from 42.4.2 to 42.5.0 ( #2609 )
...
Bumps [postgresql](https://github.com/pgjdbc/pgjdbc ) from 42.4.2 to 42.5.0.
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases )
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md )
- [Commits](https://github.com/pgjdbc/pgjdbc/compare/REL42.4.2...REL42.5.0 )
---
updated-dependencies:
- dependency-name: org.postgresql:postgresql
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-07 22:10:30 +02:00
50a1f9de98
Bump EssentialsX from 2.19.6 to 2.19.7 ( #2608 )
...
Bumps [EssentialsX](https://github.com/EssentialsX/Essentials ) from 2.19.6 to 2.19.7.
- [Release notes](https://github.com/EssentialsX/Essentials/releases )
- [Commits](https://github.com/EssentialsX/Essentials/compare/2.19.6...2.19.7 )
---
updated-dependencies:
- dependency-name: net.essentialsx:EssentialsX
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-07 22:10:20 +02:00
51760c4a8c
Change the essentialsx repository
2022-09-07 22:09:29 +02:00
0d29c18ab4
Fix automatic antibot ( #2611 )
2022-09-02 13:54:22 +02:00
63780e3f7c
Add Checkstyle rule to disallow toLowerCase() and toUpperCase() without Locale ( #2606 )
2022-08-21 01:12:57 +02:00
0f24197323
Merge remote-tracking branch 'origin/master'
2022-08-20 04:41:29 +02:00
75b3a571e1
Always specify Locale on toLowerCase and toUpperCase usages, fixes AuthMe not working correctly on machines with turkish locale. ('I'.toLowerCase() => 'ı')
2022-08-20 04:41:04 +02:00
909617fce1
Bump postgresql from 42.4.1 to 42.4.2 ( #2605 )
...
Bumps [postgresql](https://github.com/pgjdbc/pgjdbc ) from 42.4.1 to 42.4.2.
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases )
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md )
- [Commits](https://github.com/pgjdbc/pgjdbc/compare/REL42.4.1...REL42.4.2 )
---
updated-dependencies:
- dependency-name: org.postgresql:postgresql
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-19 16:45:52 +02:00
c38e2aba28
Fix bungee message order (login -> connect)
2022-08-18 03:41:31 +02:00
6f1c63e693
Add delay to bungee force-login messages
2022-08-18 03:39:40 +02:00
b65ffd7c74
Send logout message to bungee on self-unregister
2022-08-18 02:04:08 +02:00
7c8bbe6294
Remove cache-update bungee messages, always use the player in the context to send bungee messages, minor codestyle changes
2022-08-18 01:48:34 +02:00
fd0a0a1155
Bump mockito-core from 4.6.1 to 4.7.0 ( #2604 )
...
Bumps [mockito-core](https://github.com/mockito/mockito ) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/mockito/mockito/releases )
- [Commits](https://github.com/mockito/mockito/compare/v4.6.1...v4.7.0 )
---
updated-dependencies:
- dependency-name: org.mockito:mockito-core
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-18 00:45:10 +02:00
af2fbd0558
Bump maven-javadoc-plugin from 3.4.0 to 3.4.1 ( #2603 )
...
Bumps [maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin ) from 3.4.0 to 3.4.1.
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases )
- [Commits](https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.4.0...maven-javadoc-plugin-3.4.1 )
---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-javadoc-plugin
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-18 00:44:55 +02:00
ec9de15bb9
Bump EssentialsX from 2.19.4 to 2.19.6 ( #2602 )
...
Bumps [EssentialsX](https://github.com/EssentialsX/Essentials ) from 2.19.4 to 2.19.6.
- [Release notes](https://github.com/EssentialsX/Essentials/releases )
- [Commits](https://github.com/EssentialsX/Essentials/compare/2.19.4...2.19.6 )
---
updated-dependencies:
- dependency-name: net.essentialsx:EssentialsX
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-18 00:44:44 +02:00
70f06b6da8
Bump sqlite-jdbc from 3.36.0.3 to 3.39.2.0 ( #2596 )
...
Bumps [sqlite-jdbc](https://github.com/xerial/sqlite-jdbc ) from 3.36.0.3 to 3.39.2.0.
- [Release notes](https://github.com/xerial/sqlite-jdbc/releases )
- [Changelog](https://github.com/xerial/sqlite-jdbc/blob/master/CHANGELOG )
- [Commits](https://github.com/xerial/sqlite-jdbc/compare/3.36.0.3...3.39.2.0 )
---
updated-dependencies:
- dependency-name: org.xerial:sqlite-jdbc
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-10 12:26:59 +02:00
1869c3097f
Bump maven-site-plugin from 3.12.0 to 3.12.1 ( #2595 )
...
Bumps [maven-site-plugin](https://github.com/apache/maven-site-plugin ) from 3.12.0 to 3.12.1.
- [Release notes](https://github.com/apache/maven-site-plugin/releases )
- [Commits](https://github.com/apache/maven-site-plugin/compare/maven-site-plugin-3.12.0...maven-site-plugin-3.12.1 )
---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-site-plugin
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-10 12:26:54 +02:00
4b2a122581
Bump mariadb-java-client from 3.0.6 to 3.0.7 ( #2594 )
...
Bumps [mariadb-java-client](https://github.com/mariadb-corporation/mariadb-connector-j ) from 3.0.6 to 3.0.7.
- [Release notes](https://github.com/mariadb-corporation/mariadb-connector-j/releases )
- [Changelog](https://github.com/mariadb-corporation/mariadb-connector-j/blob/master/CHANGELOG.md )
- [Commits](https://github.com/mariadb-corporation/mariadb-connector-j/compare/3.0.6...3.0.7 )
---
updated-dependencies:
- dependency-name: org.mariadb.jdbc:mariadb-java-client
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-10 12:26:47 +02:00
817a4af65b
Bump checker-qual from 3.23.0 to 3.24.0 ( #2593 )
...
Bumps [checker-qual](https://github.com/typetools/checker-framework ) from 3.23.0 to 3.24.0.
- [Release notes](https://github.com/typetools/checker-framework/releases )
- [Changelog](https://github.com/typetools/checker-framework/blob/master/docs/CHANGELOG.md )
- [Commits](https://github.com/typetools/checker-framework/compare/checker-framework-3.23.0...checker-framework-3.24.0 )
---
updated-dependencies:
- dependency-name: org.checkerframework:checker-qual
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-10 12:26:40 +02:00
aaba6dc24d
Bump postgresql from 42.4.0 to 42.4.1 ( #2592 )
...
Bumps [postgresql](https://github.com/pgjdbc/pgjdbc ) from 42.4.0 to 42.4.1.
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases )
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md )
- [Commits](https://github.com/pgjdbc/pgjdbc/compare/REL42.4.0...REL42.4.1 )
---
updated-dependencies:
- dependency-name: org.postgresql:postgresql
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-10 12:26:32 +02:00
9c928e04e5
Bump the mysql connector version
2022-07-28 18:48:35 +02:00
4fe6cfe485
Bump the mysql connector version, fix minor dependency shading issues
2022-07-28 18:42:06 +02:00
053519faa4
Merge branch 'HarvelsX-mariadb'
2022-07-28 18:12:44 +02:00
24d03aa1e2
Add missing "MARIADB" datasource backend to the configuration file, remove "mySQLDriverClassName" property as it is no longer needed.
2022-07-28 18:11:57 +02:00
6d49d798f1
Merge branch 'mariadb' of https://github.com/HarvelsX/AuthMeReloaded into HarvelsX-mariadb
2022-07-28 17:46:57 +02:00
be2881182f
Bump maven-resources-plugin from 3.2.0 to 3.3.0 ( #2586 )
...
Bumps [maven-resources-plugin](https://github.com/apache/maven-resources-plugin ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/apache/maven-resources-plugin/releases )
- [Commits](https://github.com/apache/maven-resources-plugin/compare/maven-resources-plugin-3.2.0...maven-resources-plugin-3.3.0 )
---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-resources-plugin
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-27 23:37:43 +02:00
4652aae8f7
Bump maven-install-plugin from 2.5.2 to 3.0.1 ( #2583 )
...
Bumps [maven-install-plugin](https://github.com/apache/maven-install-plugin ) from 2.5.2 to 3.0.1.
- [Release notes](https://github.com/apache/maven-install-plugin/releases )
- [Commits](https://github.com/apache/maven-install-plugin/compare/maven-install-plugin-2.5.2...maven-install-plugin-3.0.1 )
---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-install-plugin
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-27 23:37:37 +02:00
61710e9a47
Bump maven-deploy-plugin from 2.8.2 to 3.0.0 ( #2580 )
...
Bumps [maven-deploy-plugin](https://github.com/apache/maven-deploy-plugin ) from 2.8.2 to 3.0.0.
- [Release notes](https://github.com/apache/maven-deploy-plugin/releases )
- [Commits](https://github.com/apache/maven-deploy-plugin/compare/maven-deploy-plugin-2.8.2...maven-deploy-plugin-3.0.0 )
---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-deploy-plugin
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-27 23:37:26 +02:00
a9898fd806
Add support MariaDB driver: https://github.com/AuthMe/AuthMeReloaded/issues/2556 ;
2022-07-25 12:14:26 +03:00
ed4200b23f
Fix column check: https://github.com/AuthMe/AuthMeReloaded/issues/2543 ;
2022-07-25 12:14:17 +03:00
0ac1854a52
Implement allowPublicKeyRetrieval option in mysql datasource
2022-07-18 13:03:05 +02:00
d07cb90858
Fix build under jdk 9+
2022-07-18 13:01:51 +02:00
a67a4bb72b
Don't let unrestricted usernames bypass the locked ip-username check
2022-07-17 18:40:11 +02:00
64c45c43df
Update dependencies
2022-07-17 18:36:06 +02:00
f1f5434b4b
Finished translating messages_vn.yml ( #2569 )
...
Fixed some typo's and finished translating
2022-07-16 18:36:10 +02:00
7530528432
Add test for AuthMeApi.getLastLoginMillis ( #2562 )
2022-07-16 18:35:42 +02:00
9d9e039cac
Bump checker-qual from 3.22.1 to 3.23.0 ( #2578 )
...
Bumps [checker-qual](https://github.com/typetools/checker-framework ) from 3.22.1 to 3.23.0.
- [Release notes](https://github.com/typetools/checker-framework/releases )
- [Changelog](https://github.com/typetools/checker-framework/blob/master/docs/CHANGELOG.md )
- [Commits](https://github.com/typetools/checker-framework/compare/checker-framework-3.22.1...checker-framework-3.23.0 )
---
updated-dependencies:
- dependency-name: org.checkerframework:checker-qual
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-16 18:35:09 +02:00
dbf9afbf82
Run workflows for pull requests too to verify the test results ( #2574 )
2022-07-16 18:35:03 +02:00
291790178d
Bump mariadb-java-client from 3.0.4 to 3.0.6 ( #2570 )
...
Bumps [mariadb-java-client](https://github.com/mariadb-corporation/mariadb-connector-j ) from 3.0.4 to 3.0.6.
- [Release notes](https://github.com/mariadb-corporation/mariadb-connector-j/releases )
- [Changelog](https://github.com/mariadb-corporation/mariadb-connector-j/blob/master/CHANGELOG.md )
- [Commits](https://github.com/mariadb-corporation/mariadb-connector-j/compare/3.0.4...3.0.6 )
---
updated-dependencies:
- dependency-name: org.mariadb.jdbc:mariadb-java-client
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-16 18:34:50 +02:00
a111d6799e
Bump h2 from 2.1.212 to 2.1.214 ( #2563 )
...
Bumps [h2](https://github.com/h2database/h2database ) from 2.1.212 to 2.1.214.
- [Release notes](https://github.com/h2database/h2database/releases )
- [Commits](https://github.com/h2database/h2database/compare/version-2.1.212...version-2.1.214 )
---
updated-dependencies:
- dependency-name: com.h2database:h2
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-16 18:34:43 +02:00
a14b8bd60e
Bump maven-enforcer-plugin from 3.0.0 to 3.1.0 ( #2561 )
...
Bumps [maven-enforcer-plugin](https://github.com/apache/maven-enforcer ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/apache/maven-enforcer/releases )
- [Commits](https://github.com/apache/maven-enforcer/compare/enforcer-3.0.0...enforcer-3.1.0 )
---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-enforcer-plugin
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-16 18:34:35 +02:00
18613cb3cc
Bump postgresql from 42.3.6 to 42.4.0 ( #2554 )
...
Bumps [postgresql](https://github.com/pgjdbc/pgjdbc ) from 42.3.6 to 42.4.0.
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases )
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md )
- [Commits](https://github.com/pgjdbc/pgjdbc/compare/REL42.3.6...REL42.4.0 )
---
updated-dependencies:
- dependency-name: org.postgresql:postgresql
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-16 18:34:25 +02:00
0b6c92949c
Add test for the warning if the BungeeCord is enabled
2022-07-06 15:27:49 +02:00
32d92e13c5
[Security] Disable BungeeCord hook if the proxy is disable in Spigot ( #2572 from @Ghost-chu)
...
If Spigot is running without a proxy, an incoming BungeeCord can also originate from a malicious player. This happens, because there is no proxy preventing this message. There appears to be no method to check if this message comes from a trusted source from the Bukkit side.
This implementation checks if BungeeCord support is enabled in Spigot. This means that we notify them that we actually expect a proxy enabled configuration for this feature. This solves the issue, where the hook was enabled, because the server was earlier configured with proxies in mind, but they are no longer used.
**Nevertheless** this doesn't fully solve the issue, because in misconfigured setups, where the Spigot server is publicly accessible, it's still possible. However this is always a recommended configuration step.
Alternative solutions were rejected like:
1) Check on incoming BungeeCord message, if we received BungeeCord forwarding data during login
This data can be fully faked by the player too.
2) Check the connection properties if the appearing proxy is local.
While this is possible, there instance that the proxy is not on the same network although it's legitimate. Although it could be possible to introduce this with a configuration option, but it would increase the complexity for users.
Related #2559
Related #2571
2022-07-06 15:08:08 +02:00
25cf85a7dc
Execute simple check before enable BungeeCord hook.
...
This commit added a simple check that check spigot.yml -> settings.bungeecord status by using AuthMe built-in method bukkitService.isBungeeCordConfiguredForSpigot() and disable hook if it enabled and not behind an BungeeCord proxy.
Register plugin message channel without BungeeCord proxy will allow attacker send fake login payload to treat AuthMe login with Plugin Message for him and bypass the user login.
This commit also updated SettingsWarner for new behavior.
2022-07-06 15:39:06 +08:00
3892bb6923
Bump mockito-core from 4.4.0 to 4.6.1 ( #2551 )
...
Bumps [mockito-core](https://github.com/mockito/mockito ) from 4.4.0 to 4.6.1.
- [Release notes](https://github.com/mockito/mockito/releases )
- [Commits](https://github.com/mockito/mockito/compare/v4.4.0...v4.6.1 )
---
updated-dependencies:
- dependency-name: org.mockito:mockito-core
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-04 02:13:01 +02:00
Gabriele C
dependabot[bot]
ChanceSD
ljacqu
HarvelsX
Lê Huy Mạnh Tân
Caro
games647
Ghost_chu