forked from SteamWar/SteamWar
Add password reset URL generation and backend validation
This commit is contained in:
@@ -543,6 +543,7 @@ WEB_USAGE=§8/§7webpassword §8[§epassword§8]
|
||||
WEB_UPDATED=§7Your password was updated.
|
||||
WEB_CREATED=§7Your webaccount was created.
|
||||
WEB_PASSWORD_LENGTH=§cYour password is shorter than 8 characters.
|
||||
WEB_RESET_URL=§7You can reset your Password here: §ehttps://steamwar.de/reset-password?token={0}
|
||||
|
||||
#ChatListener
|
||||
CHAT_LIXFEL_ACTION_BAR=§4§lTechnical problems?
|
||||
|
||||
@@ -518,6 +518,7 @@ WEB_USAGE=§8/§7webpassword §8[§ePasswort§8]
|
||||
WEB_UPDATED=§7Dein Passwort wurde aktualisiert.
|
||||
WEB_CREATED=§7Dein Webaccount wurde erstellt.
|
||||
WEB_PASSWORD_LENGTH=§cDein Passwort ist kürzer als 8 Zeichen.
|
||||
WEB_RESET_URL=§7Hier kannst du dein Passwort zurücksetzen: §ehttps://steamwar.de/passwort-setzen?token={0}
|
||||
|
||||
#ChatListener
|
||||
CHAT_LIXFEL_ACTION_BAR=§4§lTechnische Probleme?
|
||||
|
||||
@@ -19,29 +19,41 @@
|
||||
|
||||
package de.steamwar.velocitycore.commands;
|
||||
|
||||
import com.google.gson.JsonObject;
|
||||
import com.google.gson.JsonParser;
|
||||
import de.steamwar.command.SWCommand;
|
||||
import de.steamwar.messages.Chatter;
|
||||
import de.steamwar.sql.SteamwarUser;
|
||||
|
||||
import java.net.URI;
|
||||
import java.net.URLEncoder;
|
||||
import java.net.http.HttpClient;
|
||||
import java.net.http.HttpRequest;
|
||||
import java.net.http.HttpResponse;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
|
||||
public class WebpasswordCommand extends SWCommand {
|
||||
|
||||
public WebpasswordCommand() {
|
||||
super("webpassword", "webpw", "web");
|
||||
}
|
||||
|
||||
private static final HttpClient client = HttpClient.newHttpClient();
|
||||
|
||||
@Register(description = "WEB_USAGE")
|
||||
public void genericCommand(Chatter sender, String password) {
|
||||
if(password.length() < 8) {
|
||||
sender.system("WEB_PASSWORD_LENGTH");
|
||||
return;
|
||||
}
|
||||
|
||||
public void genericCommand(Chatter sender) {
|
||||
SteamwarUser user = sender.user();
|
||||
boolean resetPW = user.hasPassword();
|
||||
|
||||
user.setPassword(password);
|
||||
HttpRequest request = HttpRequest.newBuilder()
|
||||
.POST(HttpRequest.BodyPublishers.noBody())
|
||||
.uri(URI.create("http://localhost:1337/v2/auth/enroll/" + user.getId())).build();
|
||||
|
||||
sender.system(resetPW ? "WEB_UPDATED" : "WEB_CREATED");
|
||||
client.sendAsync(request, responseInfo -> HttpResponse.BodySubscribers.ofString(StandardCharsets.UTF_8)).thenAccept(httpResponse -> {
|
||||
JsonObject jsonObject = JsonParser.parseString(httpResponse.body()).getAsJsonObject();
|
||||
|
||||
String token = jsonObject.get("token").getAsString();
|
||||
|
||||
sender.system("WEB_RESET_URL", URLEncoder.encode(token, StandardCharsets.UTF_8));
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@@ -31,7 +31,6 @@ import de.steamwar.util.type
|
||||
import io.ktor.http.*
|
||||
import io.ktor.server.application.*
|
||||
import io.ktor.server.auth.*
|
||||
import io.ktor.server.http.*
|
||||
import io.ktor.server.plugins.*
|
||||
import io.ktor.server.request.*
|
||||
import io.ktor.server.response.*
|
||||
@@ -64,7 +63,7 @@ fun Route.configureNewAuth() {
|
||||
route("/auth") {
|
||||
route("/enroll") {
|
||||
post("/{userId}") {
|
||||
if (call.request.headers.contains("X-Forwarded-For")) {
|
||||
if (call.request.headers.contains("X-Forwarded-For") || call.request.header("Host") != "localhost:1337") {
|
||||
SWException.log("Request to /auth/register from", "Invalid IP")
|
||||
call.respond(HttpStatusCode.Forbidden, ResponseError("Invalid IP", "F_U"))
|
||||
return@post
|
||||
|
||||
Reference in New Issue
Block a user