Fixed a small exploit, and added a checkuserdata command

ad1tya2 · ad1tya2 · commit 3e2d5c9d6095 · 2021-09-17T14:27:15.000+05:30
diff --git a/pom.xml b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>ad1tya2</groupId>
     <artifactId>AdiAuth</artifactId>
-    <version>1.3</version>
+    <version>1.4</version>
     <packaging>jar</packaging>
 
     <name>AdiAuth</name>
diff --git a/src/main/java/ad1tya2/adiauth/Bungee/AdiAuth.java b/src/main/java/ad1tya2/adiauth/Bungee/AdiAuth.java
@@ -56,6 +56,7 @@ public boolean isLoggable(LogRecord record) {
         getProxy().getPluginManager().registerCommand(this, new forcechangepass());
         getProxy().getPluginManager().registerCommand(this, new twofactor());
         getProxy().getPluginManager().registerCommand(this, new converter());
+        getProxy().getPluginManager().registerCommand(this, new checkuserdata());
         servers.serversStatusChecker();
 
     }
diff --git a/src/main/java/ad1tya2/adiauth/Bungee/UserProfile.java b/src/main/java/ad1tya2/adiauth/Bungee/UserProfile.java
@@ -4,7 +4,12 @@
 import ad1tya2.adiauth.Bungee.events.discord;
 import ad1tya2.adiauth.Bungee.utils.BossBar;
 import ad1tya2.adiauth.Bungee.utils.pluginMessaging;
+import ad1tya2.adiauth.Bungee.utils.tools;
 import ad1tya2.adiauth.PluginMessages;
+import net.md_5.bungee.api.chat.ClickEvent;
+import net.md_5.bungee.api.chat.ComponentBuilder;
+import net.md_5.bungee.api.chat.HoverEvent;
+import net.md_5.bungee.api.chat.TextComponent;
 import net.md_5.bungee.api.config.ServerInfo;
 import net.md_5.bungee.api.connection.ProxiedPlayer;
 import net.md_5.bungee.api.connection.Server;
@@ -24,6 +29,7 @@ public class UserProfile {
     public String discordId;
     public boolean discordLoginPending = false;
     public Integer twoFactorCode;
+    public Long lastLogin;
     //Full joined is set when a person completely logs into the server for the first time
 
     public long sessionEnd = 1L;
@@ -125,4 +131,22 @@ public String getTwoFactorCode(){
         twoFactorCode = twoFactorCode == null? (int)(Math.random()*9000)+1000: twoFactorCode;
         return String.valueOf(twoFactorCode);
     }
+
+    public TextComponent getDataFormatted(){
+        String data = "&e________________________________________"+
+                "\n\n&2  Username: &b"+username+
+                "\n&2  DiscordID: &b"+(discordId == null? "": discordId)+
+                "\n&2  UUID: &b"+uuid +
+                "\n&2  PremiumUUID: &b"+(premiumUuid == null? "": premiumUuid.toString());
+        TextComponent component = new TextComponent();
+        component.setText(tools.getColoured(data));
+        TextComponent ipComponent = new TextComponent();
+        ipComponent.setText(tools.getColoured("\n&2  Ip Address: &b"+ lastIp));
+        ipComponent.setClickEvent(new ClickEvent(ClickEvent.Action.SUGGEST_COMMAND, lastIp));
+        ipComponent.setHoverEvent(new HoverEvent(HoverEvent.Action.SHOW_TEXT, new ComponentBuilder("Click to copy!").create()));
+        component.addExtra(ipComponent);
+        component.addExtra(tools.getColoured("\n&e________________________________________"));
+        return component;
+    }
+
 }
diff --git a/src/main/java/ad1tya2/adiauth/Bungee/commands/checkuserdata.java b/src/main/java/ad1tya2/adiauth/Bungee/commands/checkuserdata.java
@@ -0,0 +1,33 @@
+package ad1tya2.adiauth.Bungee.commands;
+
+import ad1tya2.adiauth.Bungee.UserProfile;
+import ad1tya2.adiauth.Bungee.data.storage;
+import ad1tya2.adiauth.Bungee.utils.tools;
+import net.md_5.bungee.api.ChatColor;
+import net.md_5.bungee.api.CommandSender;
+import net.md_5.bungee.api.plugin.Command;
+
+public class checkuserdata extends Command {
+    public checkuserdata(){
+        super("checkuserdata", "adiauth.admin", "viewuserprofile", "checkplayer");
+    }
+    @Override
+    public void execute(CommandSender sender, String[] args) {
+        if(args.length != 1){
+            sender.sendMessage(
+                    tools.getColoured("&2Invalid args\n " +
+                            "&bUse /checkuserdata <playername>")
+            );
+            return;
+        }
+        String pName = args[0];
+        UserProfile profile = storage.getPlayerMemory(pName);
+        if(profile == null){
+            sender.sendMessage(ChatColor.RED+"Invalid username!");
+        }
+        else {
+            sender.sendMessage(profile.getDataFormatted());
+        }
+
+    }
+}
diff --git a/src/main/java/ad1tya2/adiauth/Bungee/data/storage.java b/src/main/java/ad1tya2/adiauth/Bungee/data/storage.java
@@ -32,6 +32,7 @@ public enum AccountType {
     private static final ConcurrentHashMap<UUID, UserProfile> pMapByPremiumUuid = new ConcurrentHashMap<UUID, UserProfile>();
     private static final ConcurrentHashMap<String, List<UserProfile>> profilesByIp = new ConcurrentHashMap<String, List<UserProfile>>();
     private static final ConcurrentHashMap<String, UserProfile> pMapByDiscord = new ConcurrentHashMap<String, UserProfile>();
+
     public static Integer getAccounts(String ip, AccountType type){
         List<UserProfile> profiles = profilesByIp.get(ip);
         if(profiles == null){
@@ -123,10 +124,23 @@ public static Optional<UserProfile> getPlayerForLogin(String name, String ip){
                 UserProfile user = new UserProfile();
                 user.username = name;
                 user.lastIp = ip;
+                user.lastLogin = System.currentTimeMillis();
                 UserProfile oldUserByName = pMap.get(name);
                 if(oldUserByName == null && getAccounts(ip, AccountType.TOTAL)>=Config.maxTotalAccounts){
                   return null;
                 }
+                if(oldUserByName != null) {
+
+                    if(ip != oldUserByName.lastIp){
+                        oldUserByName.endSession();
+                    }
+                    //Only call api if it has been 5 minutes since lastlogin
+                    if (oldUserByName.lastLogin != null && oldUserByName.lastLogin + 300000L > System.currentTimeMillis()) {
+                        return Optional.of(oldUserByName);
+                    }
+
+                    oldUserByName.lastLogin = System.currentTimeMillis();
+                }
                 Optional<UUID> uuid;
                 if(Config.forceBackupServer){
                     uuid = Uuids.getBackupServerUUID(name);
diff --git a/src/main/java/ad1tya2/adiauth/Bungee/events/Handler.java b/src/main/java/ad1tya2/adiauth/Bungee/events/Handler.java
@@ -8,6 +8,7 @@
 import ad1tya2.adiauth.Bungee.utils.pluginMessaging;
 import ad1tya2.adiauth.Bungee.utils.tools;
 import ad1tya2.adiauth.PluginMessages;
+import net.md_5.bungee.api.ProxyServer;
 import net.md_5.bungee.api.config.ServerInfo;
 import net.md_5.bungee.api.connection.PendingConnection;
 import net.md_5.bungee.api.connection.ProxiedPlayer;
@@ -16,13 +17,12 @@
 import net.md_5.bungee.connection.InitialHandler;
 import net.md_5.bungee.connection.LoginResult;
 import net.md_5.bungee.event.EventHandler;
-
 import java.lang.reflect.Field;
 import java.util.Optional;
 import java.util.logging.Level;
 
 public class Handler implements Listener {
-    @EventHandler(priority = 127)
+    @EventHandler(priority = Byte.MAX_VALUE)
     public void onPreLogin(PreLoginEvent event){
         if(event.isCancelled()){
             return;
@@ -33,6 +33,14 @@ public void onPreLogin(PreLoginEvent event){
                              @Override
                              public void run() {
                                  PendingConnection conn = event.getConnection();
+                                 ProxiedPlayer player = ProxyServer.getInstance().getPlayer(conn.getName());
+                                 if(player != null && player.isConnected()){
+                                     conn.disconnect(tools.getColoured(
+                                             "&eAnother player with that name is already online!"
+                                     ));
+                                     event.setCancelled(true);
+                                     return;
+                                 }
                                  Optional<UserProfile> optional = storage.getPlayerForLogin(conn.getName(), tools.getIp(conn.getSocketAddress()));
                                  if(optional == null){
                                      conn.disconnect(Config.Messages.tooManyAccounts);
diff --git a/src/main/java/ad1tya2/adiauth/Bungee/events/discord.java b/src/main/java/ad1tya2/adiauth/Bungee/events/discord.java
@@ -80,6 +80,7 @@ public void onButtonClick(ButtonClickEvent event){
                         if(event.getComponentId().equals("AdiAuthLogin")){
                             UserProfile profile = storage.getPlayerByDiscord(event.getUser().getId());
                             if(profile == null){
+                                event.getInteraction().reply("Are you sure you need to use this?").setEphemeral(true).queue();
                                 return;
                             }
                             ProxiedPlayer p = ProxyServer.getInstance().getPlayer(profile.username);

Original file line number	Diff line number	Diff line change
`@@ -56,6 +56,7 @@ public boolean isLoggable(LogRecord record) {`
`56`	`56`	`getProxy().getPluginManager().registerCommand(this, new forcechangepass());`
`57`	`57`	`getProxy().getPluginManager().registerCommand(this, new twofactor());`
`58`	`58`	`getProxy().getPluginManager().registerCommand(this, new converter());`
	`59`	`+ getProxy().getPluginManager().registerCommand(this, new checkuserdata());`
`59`	`60`	`servers.serversStatusChecker();`
`60`	`61`
`61`	`62`	`}`
Original file line number	Diff line number	Diff line change
`@@ -80,6 +80,7 @@ public void onButtonClick(ButtonClickEvent event){`
`80`	`80`	`if(event.getComponentId().equals("AdiAuthLogin")){`
`81`	`81`	`UserProfile profile = storage.getPlayerByDiscord(event.getUser().getId());`
`82`	`82`	`if(profile == null){`
	`83`	`+ event.getInteraction().reply("Are you sure you need to use this?").setEphemeral(true).queue();`
`83`	`84`	`return;`
`84`	`85`	`}`
`85`	`86`	`ProxiedPlayer p = ProxyServer.getInstance().getPlayer(profile.username);`