RedGuy/AuthMeVelocity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix forcelogin auth exploit

Browse Source
This commit is contained in:
AlexProgrammerDE 2024-08-23 18:32:49 +02:00
parent e78f586e2a
commit 31800bcebc
1 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
velocity/src/main/java/io/github/_4drian3d/authmevelocity/velocity/listener/data/PluginMessageListener.java
View File

@ -58,15 +58,20 @@ public final class PluginMessageListener implements Listener<PluginMessageEvent>
public EventTask executeAsync(final PluginMessageEvent event) {
return EventTask.async(() -> {
plugin.logDebug(() -> "PluginMessageEvent | Start");
if (notAllowedEvent(event)) {
plugin.logDebug(() -> "PluginMessageEvent | Not allowed");
if (notHandledEvent(event)) {
plugin.logDebug(() -> "PluginMessageEvent | Not handled");
return;
}
final ServerConnection connection = (ServerConnection) event.getSource();
// Set the result to handled, the message is dropped at the proxy
event.setResult(PluginMessageEvent.ForwardResult.handled());
// Make sure the message is S -> P, NOT P -> S
if (!(event.getSource() instanceof ServerConnection connection)) {
plugin.logDebug("PluginMessageEvent | Not ServerConnection");
return;
}
final ByteArrayDataInput input = event.dataAsDataStream();
final String message = input.readUTF();
final MessageType type = TYPES.valueOrThrow(message.toUpperCase(Locale.ROOT));
@ -114,15 +119,11 @@ public final class PluginMessageListener implements Listener<PluginMessageEvent>
});
}
private boolean notAllowedEvent(PluginMessageEvent event) {
private boolean notHandledEvent(PluginMessageEvent event) {
if (!event.getResult().isAllowed()) {
plugin.logDebug("PluginMessageEvent | Result not allowed");
return true;
}
if (!(event.getSource() instanceof ServerConnection)) {
plugin.logDebug("PluginMessageEvent | Not ServerConnection");
return true;
}
final var identifier = event.getIdentifier();
if (!(identifier.equals(AuthMeVelocityPlugin.MODERN_CHANNEL)
|| identifier.equals(AuthMeVelocityPlugin.LEGACY_CHANNEL))) {