Add password reset URL generation and backend validation

2025-02-17 17:48:26 +01:00
parent 6aeecd444e
commit 8ec12603b6
4 changed files with 24 additions and 11 deletions
@@ -543,6 +543,7 @@ WEB_USAGE=§8/§7webpassword §8[§epassword§8]
 WEB_UPDATED=§7Your password was updated.
 WEB_CREATED=§7Your webaccount was created.
 WEB_PASSWORD_LENGTH=§cYour password is shorter than 8 characters.
 WEB_RESET_URL=§7You can reset your Password here: §ehttps://steamwar.de/reset-password?token={0}
 #ChatListener
 CHAT_LIXFEL_ACTION_BAR=§4§lTechnical problems?
@@ -518,6 +518,7 @@ WEB_USAGE=§8/§7webpassword §8[§ePasswort§8]
 WEB_UPDATED=§7Dein Passwort wurde aktualisiert.
 WEB_CREATED=§7Dein Webaccount wurde erstellt.
 WEB_PASSWORD_LENGTH=§cDein Passwort ist kürzer als 8 Zeichen.
 WEB_RESET_URL=§7Hier kannst du dein Passwort zurücksetzen: §ehttps://steamwar.de/passwort-setzen?token={0}
 #ChatListener
 CHAT_LIXFEL_ACTION_BAR=§4§lTechnische Probleme?
@@ -19,29 +19,41 @@
 package de.steamwar.velocitycore.commands;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import de.steamwar.command.SWCommand;
 import de.steamwar.messages.Chatter;
 import de.steamwar.sql.SteamwarUser;
 import java.net.URI;
 import java.net.URLEncoder;
 import java.net.http.HttpClient;
 import java.net.http.HttpRequest;
 import java.net.http.HttpResponse;
 import java.nio.charset.StandardCharsets;
 public class WebpasswordCommand extends SWCommand {
    public WebpasswordCommand() {
        super("webpassword", "webpw", "web");
    }
    private static final HttpClient client = HttpClient.newHttpClient();
    @Register(description = "WEB_USAGE")
-    public void genericCommand(Chatter sender, String password) {
+    public void genericCommand(Chatter sender) {
        if(password.length() < 8) {
            sender.system("WEB_PASSWORD_LENGTH");
            return;
        }
        SteamwarUser user = sender.user();
        boolean resetPW = user.hasPassword();
-        user.setPassword(password);
+        HttpRequest request = HttpRequest.newBuilder()
                        .POST(HttpRequest.BodyPublishers.noBody())
                        .uri(URI.create("http://localhost:1337/v2/auth/enroll/" + user.getId())).build();
-        sender.system(resetPW ? "WEB_UPDATED" : "WEB_CREATED");
+        client.sendAsync(request, responseInfo -> HttpResponse.BodySubscribers.ofString(StandardCharsets.UTF_8)).thenAccept(httpResponse -> {
            JsonObject jsonObject = JsonParser.parseString(httpResponse.body()).getAsJsonObject();
            String token = jsonObject.get("token").getAsString();
            sender.system("WEB_RESET_URL", URLEncoder.encode(token, StandardCharsets.UTF_8));
        });
    }
 }
@@ -31,7 +31,6 @@ import de.steamwar.util.type
 import io.ktor.http.*
 import io.ktor.server.application.*
 import io.ktor.server.auth.*
 import io.ktor.server.http.*
 import io.ktor.server.plugins.*
 import io.ktor.server.request.*
 import io.ktor.server.response.*
@@ -64,7 +63,7 @@ fun Route.configureNewAuth() {
    route("/auth") {
        route("/enroll") {
            post("/{userId}") {
-                if (call.request.headers.contains("X-Forwarded-For")) {
+                if (call.request.headers.contains("X-Forwarded-For") || call.request.header("Host") != "localhost:1337") {
                    SWException.log("Request to /auth/register from", "Invalid IP")
                    call.respond(HttpStatusCode.Forbidden, ResponseError("Invalid IP", "F_U"))
                    return@post