Merge pull request #175 from ColdDev/main

Fix critical bug in Bungee auth system
This commit is contained in:
LAX1DUDE 2022-07-28 16:34:47 -07:00 committed by GitHub
commit 1c2af18151
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -51,6 +51,7 @@ public class AuthSystem {
private final Map<String, AuthData> database = new HashMap<>(); private final Map<String, AuthData> database = new HashMap<>();
public boolean register(String username, String password, String ip) { public boolean register(String username, String password, String ip) {
username = username.toLowerCase();
synchronized (database) { synchronized (database) {
AuthData authData = database.get(username); AuthData authData = database.get(username);
if (authData != null) if (authData != null)
@ -66,12 +67,14 @@ public class AuthSystem {
} }
public boolean isRegistered(String username) { public boolean isRegistered(String username) {
username = username.toLowerCase();
synchronized (database) { synchronized (database) {
return database.containsKey(username); return database.containsKey(username);
} }
} }
public boolean changePass(String username, String password) { public boolean changePass(String username, String password) {
username = username.toLowerCase();
synchronized (database) { synchronized (database) {
AuthData authData = database.get(username); AuthData authData = database.get(username);
authData.salt = createSalt(16); authData.salt = createSalt(16);
@ -82,6 +85,7 @@ public class AuthSystem {
} }
public boolean login(String username, String password) { public boolean login(String username, String password) {
username = username.toLowerCase();
synchronized (database) { synchronized (database) {
AuthData authData = database.get(username); AuthData authData = database.get(username);
if (authData == null) if (authData == null)