From 1c96196359ba107330bcaf5af4535636536af472 Mon Sep 17 00:00:00 2001
From: samczsun <github@samczsun.com>
Date: Sat, 4 Feb 2017 23:14:52 -0500
Subject: [PATCH] Various changes for network security

---
 .../core/account/command/UpdateRank.java      |  8 +-
 .../src/mineplex/core/antihack/AntiHack.java  | 75 +++++++++----------
 .../core/antihack/banwave/BanWaveManager.java |  3 +-
 .../GwenBanNotification.java                  |  4 +-
 .../GwenBanwaveNotification.java              |  4 +-
 .../src/mineplex/core/punish/Punish.java      | 10 ++-
 .../mineplex/core/punish/UI/PunishPage.java   |  2 +-
 .../core/twofactor/TwoFactorAuth.java         |  9 +++
 .../serverdata/commands/AddPunishCommand.java |  4 +-
 .../commands/RemovePunishCommand.java         |  8 +-
 .../commands/TwoFactorResetCommand.java       | 17 +++++
 .../commands/UpdateRankCommand.java           | 17 +++++
 12 files changed, 109 insertions(+), 52 deletions(-)
 create mode 100644 Plugins/Mineplex.ServerData/src/mineplex/serverdata/commands/TwoFactorResetCommand.java
 create mode 100644 Plugins/Mineplex.ServerData/src/mineplex/serverdata/commands/UpdateRankCommand.java

diff --git a/Plugins/Mineplex.Core/src/mineplex/core/account/command/UpdateRank.java b/Plugins/Mineplex.Core/src/mineplex/core/account/command/UpdateRank.java
index 432beb29d..ba8c69ffa 100644
--- a/Plugins/Mineplex.Core/src/mineplex/core/account/command/UpdateRank.java
+++ b/Plugins/Mineplex.Core/src/mineplex/core/account/command/UpdateRank.java
@@ -13,6 +13,7 @@ import mineplex.core.common.util.F;
 import mineplex.core.common.util.UUIDFetcher;
 import mineplex.core.common.util.UtilPlayer;
 import mineplex.core.common.util.UtilServer;
+import mineplex.serverdata.commands.UpdateRankCommand;
 
 import org.bukkit.Bukkit;
 import org.bukkit.ChatColor;
@@ -52,8 +53,13 @@ public class UpdateRank extends CommandBase<CoreClientManager>
 				UtilPlayer.message(caller, F.main(Plugin.getName(), ChatColor.RED + "" + ChatColor.BOLD + "Invalid rank!"));
 				return;
 			}
-			
+
 			final Rank rank = tempRank;
+
+			Plugin.runAsync(() ->
+			{
+				new UpdateRankCommand(caller.getName(), caller.getUniqueId().toString(), playerName, rank.name()).publish();
+			});
 			 
 			Plugin.getRepository().matchPlayerName(new Callback<List<String>>()
 			{
diff --git a/Plugins/Mineplex.Core/src/mineplex/core/antihack/AntiHack.java b/Plugins/Mineplex.Core/src/mineplex/core/antihack/AntiHack.java
index 16971daff..c6e339342 100644
--- a/Plugins/Mineplex.Core/src/mineplex/core/antihack/AntiHack.java
+++ b/Plugins/Mineplex.Core/src/mineplex/core/antihack/AntiHack.java
@@ -209,48 +209,47 @@ public class AntiHack extends MiniPlugin
 			{
 				CoreClient coreClient = _clientManager.Get(player);
 
-				Consumer<Consumer<PunishmentResponse>> doPunish = after ->
-				{
-					JsonObject custom = new JsonObject();
-					custom.addProperty("ban-reason", CheckManager.getCheckSimpleName(cause));
+				String id = generateId();
+				String finalMessage = "[GWEN] " + id;
+				JsonObject custom = new JsonObject();
+				custom.addProperty("ban-reason", CheckManager.getCheckSimpleName(cause));
 
-					String id = generateId();
-					String finalMessage = "[GWEN] " + id;
-					_logger.saveMetadata(player, id, () ->
+				_logger.saveMetadata(player, id, () ->
+				{
+					Consumer<Consumer<PunishmentResponse>> doPunish = after ->
 					{
-						runAsync(() ->
-						{
-							GwenBanNotification notification = new GwenBanNotification(_thisServer, player.getName(), player.getUniqueId().toString(), CheckManager.getCheckSimpleName(cause), id);
-							ServerCommandManager.getInstance().publishCommand(notification);
-						});
-
-						_punish.AddPunishment(coreClient.getName(), Category.Hacking, finalMessage, AntiHack.NAME, 3, true, -1, true, after);
-					}, custom);
-				};
-
-				if (coreClient.GetRank().has(Rank.TWITCH))
-				{
-					doPunish.accept(result ->
-					{
-						_pendingBan.remove(player);
-						_banned.add(player.getUniqueId());
-					});
-				}
-				else
-				{
-					runBanAnimation(player, () ->
-							doPunish.accept(result ->
+							runAsync(() ->
 							{
-								if (result == PunishmentResponse.Punished)
+								new GwenBanNotification(_thisServer, player.getName(), player.getUniqueId().toString(), coreClient.GetRank().name(), CheckManager.getCheckSimpleName(cause), id).publish();
+							});
+
+							_punish.AddPunishment(coreClient.getName(), Category.Hacking, finalMessage, AntiHack.NAME, 3, true, -1, true, after);
+					};
+
+					if (coreClient.GetRank().has(Rank.TWITCH))
+					{
+						doPunish.accept(result ->
+						{
+							_pendingBan.remove(player);
+							_banned.add(player.getUniqueId());
+						});
+					}
+					else
+					{
+						runBanAnimation(player, () ->
+								doPunish.accept(result ->
 								{
-									announceBan(player);
-									_banned.add(player.getUniqueId());
-									_banWaveManager.flagDone(coreClient);
-								}
-								_pendingBan.remove(player);
-							})
-					);
-				}
+									if (result == PunishmentResponse.Punished)
+									{
+										announceBan(player);
+										_banned.add(player.getUniqueId());
+										_banWaveManager.flagDone(coreClient);
+									}
+									_pendingBan.remove(player);
+								})
+						);
+					}
+				}, custom);
 			}
 		});
 	}
diff --git a/Plugins/Mineplex.Core/src/mineplex/core/antihack/banwave/BanWaveManager.java b/Plugins/Mineplex.Core/src/mineplex/core/antihack/banwave/BanWaveManager.java
index 33f112161..668c60db2 100644
--- a/Plugins/Mineplex.Core/src/mineplex/core/antihack/banwave/BanWaveManager.java
+++ b/Plugins/Mineplex.Core/src/mineplex/core/antihack/banwave/BanWaveManager.java
@@ -68,8 +68,7 @@ public class BanWaveManager extends MiniPlugin
 			{
 				runAsync(() ->
 				{
-					GwenBanwaveNotification notification = new GwenBanwaveNotification(UtilServer.getServerName(), player.getName(), player.getUniqueId().toString(), CheckManager.getCheckSimpleName(checkClass), id, timeToBan);
-					ServerCommandManager.getInstance().publishCommand(notification);
+					new GwenBanwaveNotification(UtilServer.getServerName(), player.getName(), player.getUniqueId().toString(), client.GetRank().name(), CheckManager.getCheckSimpleName(checkClass), id, timeToBan).publish();
 				});
 
 				JsonObject custom = new JsonObject();
diff --git a/Plugins/Mineplex.Core/src/mineplex/core/antihack/redisnotifications/GwenBanNotification.java b/Plugins/Mineplex.Core/src/mineplex/core/antihack/redisnotifications/GwenBanNotification.java
index 5be1a474c..725b24760 100644
--- a/Plugins/Mineplex.Core/src/mineplex/core/antihack/redisnotifications/GwenBanNotification.java
+++ b/Plugins/Mineplex.Core/src/mineplex/core/antihack/redisnotifications/GwenBanNotification.java
@@ -7,14 +7,16 @@ public class GwenBanNotification extends ServerCommand
 	private final String _serverName;
 	private final String _playerName;
 	private final String _playerUUID;
+	private final String _playerRank;
 	private final String _hackType;
 	private final String _metadataId;
 
-	public GwenBanNotification(String serverName, String playerName, String playerUUID, String hackType, String metadataId)
+	public GwenBanNotification(String serverName, String playerName, String playerUUID, String playerRank, String hackType, String metadataId)
 	{
 		_serverName = serverName;
 		_playerName = playerName;
 		_playerUUID = playerUUID;
+		_playerRank = playerRank;
 		_hackType = hackType;
 		_metadataId = metadataId;
 	}
diff --git a/Plugins/Mineplex.Core/src/mineplex/core/antihack/redisnotifications/GwenBanwaveNotification.java b/Plugins/Mineplex.Core/src/mineplex/core/antihack/redisnotifications/GwenBanwaveNotification.java
index 0ca1cf628..11cb1ab8d 100644
--- a/Plugins/Mineplex.Core/src/mineplex/core/antihack/redisnotifications/GwenBanwaveNotification.java
+++ b/Plugins/Mineplex.Core/src/mineplex/core/antihack/redisnotifications/GwenBanwaveNotification.java
@@ -7,15 +7,17 @@ public class GwenBanwaveNotification extends ServerCommand
 	private final String _serverName;
 	private final String _playerName;
 	private final String _playerUUID;
+	private final String _playerRank;
 	private final String _hackType;
 	private final String _metadataId;
 	private final long _timeToBan;
 
-	public GwenBanwaveNotification(String serverName, String playerName, String playerUUID, String hackType, String metadataId, long timeToBan)
+	public GwenBanwaveNotification(String serverName, String playerName, String playerUUID, String playerRank, String hackType, String metadataId, long timeToBan)
 	{
 		_serverName = serverName;
 		_playerName = playerName;
 		_playerUUID = playerUUID;
+		_playerRank = playerRank;
 		_hackType = hackType;
 		_metadataId = metadataId;
 		_timeToBan = timeToBan;
diff --git a/Plugins/Mineplex.Core/src/mineplex/core/punish/Punish.java b/Plugins/Mineplex.Core/src/mineplex/core/punish/Punish.java
index f72bd4747..1a26d65c4 100644
--- a/Plugins/Mineplex.Core/src/mineplex/core/punish/Punish.java
+++ b/Plugins/Mineplex.Core/src/mineplex/core/punish/Punish.java
@@ -18,10 +18,12 @@ import org.bukkit.event.player.PlayerQuitEvent;
 import org.bukkit.plugin.java.JavaPlugin;
 
 import com.google.gson.Gson;
+import com.google.gson.JsonObject;
 
 import mineplex.core.MiniPlugin;
 import mineplex.core.account.CoreClientManager;
 import mineplex.core.account.event.ClientWebResponseEvent;
+import mineplex.core.common.Constants;
 import mineplex.core.common.Rank;
 import mineplex.core.common.util.C;
 import mineplex.core.common.util.Callback;
@@ -243,7 +245,7 @@ public class Punish extends MiniPlugin
 				{
 					runAsync(() ->
 					{
-						ServerCommandManager.getInstance().publishCommand(new AddPunishCommand(finalPlayerName, category.name(), sentence.name(), reason, duration, finalCallerName, caller != null ? caller.getUniqueId().toString() : null));
+						new AddPunishCommand(finalPlayerName, severity, category.name(), sentence.name(), reason, duration, finalCallerName, caller != null ? caller.getUniqueId().toString() : null).publish();
 					});
 					final String durationString = UtilTime.convertString(finalDuration < 0 ? -1 : (long)(finalDuration * 3600000), 1, TimeUnit.FIT);
 					
@@ -398,7 +400,7 @@ public class Punish extends MiniPlugin
 		}
 	}
 
-	public void RemovePunishment(int punishmentId, String target, final Player admin, String reason, Callback<String> callback)
+	public void RemovePunishment(Punishment punishment, String target, final Player admin, String reason, Callback<String> callback)
 	{
 		CoreClient client = _clientManager.Get(admin);
 		_repository.RemovePunishment(string ->
@@ -408,12 +410,12 @@ public class Punish extends MiniPlugin
 				PunishmentResponse punishResponse = PunishmentResponse.valueOf(string);
 				if (punishResponse == PunishmentResponse.PunishmentRemoved)
 				{
-					ServerCommandManager.getInstance().publishCommand(new RemovePunishCommand(punishmentId, target, admin.getName(), admin.getUniqueId(), reason));
+					ServerCommandManager.getInstance().publishCommand(new RemovePunishCommand(Constants.GSON.fromJson(Constants.GSON.toJson(punishment), JsonObject.class), target, admin.getName(), admin.getUniqueId(), reason));
 				}
 			});
 
 			callback.run(string);
-		}, punishmentId, target, reason, client.getName());
+		}, punishment.GetPunishmentId(), target, reason, client.getName());
 	}
 
 	public CoreClientManager GetClients()
diff --git a/Plugins/Mineplex.Core/src/mineplex/core/punish/UI/PunishPage.java b/Plugins/Mineplex.Core/src/mineplex/core/punish/UI/PunishPage.java
index 58a7f150f..0886521c8 100644
--- a/Plugins/Mineplex.Core/src/mineplex/core/punish/UI/PunishPage.java
+++ b/Plugins/Mineplex.Core/src/mineplex/core/punish/UI/PunishPage.java
@@ -511,7 +511,7 @@ public class PunishPage extends CraftInventoryCustom implements Listener
 
 	public void RemovePunishment(final Punishment punishment, final ItemStack item)
 	{
-		_plugin.RemovePunishment(punishment.GetPunishmentId(), _target, _player, _reason, new Callback<String>()
+		_plugin.RemovePunishment(punishment, _target, _player, _reason, new Callback<String>()
 				{
 			@Override
 			public void run(String result)
diff --git a/Plugins/Mineplex.Core/src/mineplex/core/twofactor/TwoFactorAuth.java b/Plugins/Mineplex.Core/src/mineplex/core/twofactor/TwoFactorAuth.java
index bc46f5218..32107d3f6 100644
--- a/Plugins/Mineplex.Core/src/mineplex/core/twofactor/TwoFactorAuth.java
+++ b/Plugins/Mineplex.Core/src/mineplex/core/twofactor/TwoFactorAuth.java
@@ -39,6 +39,7 @@ import mineplex.core.common.util.BukkitFuture;
 import mineplex.core.common.util.F;
 import mineplex.core.common.util.UtilServer;
 import mineplex.core.recharge.Recharge;
+import mineplex.serverdata.commands.TwoFactorResetCommand;
 import mineplex.serverdata.database.DBPool;
 
 @ReflectivelyCreateMiniPlugin
@@ -88,6 +89,10 @@ public class TwoFactorAuth extends MiniClientPlugin<TwoFactorData>
 				if (args.length == 1) // Resetting their own 2FA
 				{
 					caller.sendMessage(F.main("2FA", "Resetting 2FA.."));
+					runAsync(() ->
+					{
+						new TwoFactorResetCommand(caller.getName(), caller.getUniqueId().toString(), caller.getName(), caller.getUniqueId().toString()).publish();
+					});
 					_repository.deletePlayerData(_clientManager.getAccountId(caller)).whenComplete(BukkitFuture.complete((__, err) ->
 					{
 						if (err != null)
@@ -119,6 +124,10 @@ public class TwoFactorAuth extends MiniClientPlugin<TwoFactorData>
 					}
 
 					caller.sendMessage(F.main("2FA", "Resetting 2FA for \"" + client.getName() + "\""));
+					runAsync(() ->
+					{
+						new TwoFactorResetCommand(caller.getName(), caller.getUniqueId().toString(), client.getName(), client.getUniqueId() == null ? "null" : client.getUniqueId().toString()).publish();
+					});
 					_repository.deletePlayerData(client.getAccountId()).whenComplete(BukkitFuture.complete((__, err) ->
 					{
 						if (err != null)
diff --git a/Plugins/Mineplex.ServerData/src/mineplex/serverdata/commands/AddPunishCommand.java b/Plugins/Mineplex.ServerData/src/mineplex/serverdata/commands/AddPunishCommand.java
index 9112bef37..6844e4302 100644
--- a/Plugins/Mineplex.ServerData/src/mineplex/serverdata/commands/AddPunishCommand.java
+++ b/Plugins/Mineplex.ServerData/src/mineplex/serverdata/commands/AddPunishCommand.java
@@ -11,10 +11,12 @@ public class AddPunishCommand extends ServerCommand
 	private final long _duration;
 	private final String _admin;
 	private final String _adminUUID;
+	private final int  _severity;
 
-	public AddPunishCommand(String finalPlayerName, String category, String sentence, String reason, long duration, String finalCallerName, String uuid)
+	public AddPunishCommand(String finalPlayerName, int severity, String category, String sentence, String reason, long duration, String finalCallerName, String uuid)
 	{
 		this._target = finalPlayerName;
+		this._severity = severity;
 		this._category = category;
 		this._sentence = sentence;
 		this._reason = reason;
diff --git a/Plugins/Mineplex.ServerData/src/mineplex/serverdata/commands/RemovePunishCommand.java b/Plugins/Mineplex.ServerData/src/mineplex/serverdata/commands/RemovePunishCommand.java
index 87c2ecf22..d34aad2f1 100644
--- a/Plugins/Mineplex.ServerData/src/mineplex/serverdata/commands/RemovePunishCommand.java
+++ b/Plugins/Mineplex.ServerData/src/mineplex/serverdata/commands/RemovePunishCommand.java
@@ -2,17 +2,19 @@ package mineplex.serverdata.commands;
 
 import java.util.UUID;
 
+import com.google.gson.JsonObject;
+
 public class RemovePunishCommand extends ServerCommand
 {
-	private final int _punishmentId;
+	private final JsonObject _punishment;
 	private final String _target;
 	private final String _admin;
 	private final String _adminUUID;
 	private final String _reason;
 
-	public RemovePunishCommand(int punishmentId, String target, String admin, UUID adminUUID, String reason)
+	public RemovePunishCommand(JsonObject punishment, String target, String admin, UUID adminUUID, String reason)
 	{
-		_punishmentId = punishmentId;
+		_punishment = punishment;
 		_target = target;
 		_admin = admin;
 		_adminUUID = adminUUID.toString();
diff --git a/Plugins/Mineplex.ServerData/src/mineplex/serverdata/commands/TwoFactorResetCommand.java b/Plugins/Mineplex.ServerData/src/mineplex/serverdata/commands/TwoFactorResetCommand.java
new file mode 100644
index 000000000..45c698e5f
--- /dev/null
+++ b/Plugins/Mineplex.ServerData/src/mineplex/serverdata/commands/TwoFactorResetCommand.java
@@ -0,0 +1,17 @@
+package mineplex.serverdata.commands;
+
+public class TwoFactorResetCommand extends ServerCommand
+{
+	private String _adminName;
+	private String _adminUUID;
+	private String _targetName;
+	private String _targetUUID;
+
+	public TwoFactorResetCommand(String adminName, String adminUUID, String targetName, String targetUUID)
+	{
+		_adminName = adminName;
+		_adminUUID = adminUUID;
+		_targetName = targetName;
+		_targetUUID = targetUUID;
+	}
+}
diff --git a/Plugins/Mineplex.ServerData/src/mineplex/serverdata/commands/UpdateRankCommand.java b/Plugins/Mineplex.ServerData/src/mineplex/serverdata/commands/UpdateRankCommand.java
new file mode 100644
index 000000000..e3c2478c7
--- /dev/null
+++ b/Plugins/Mineplex.ServerData/src/mineplex/serverdata/commands/UpdateRankCommand.java
@@ -0,0 +1,17 @@
+package mineplex.serverdata.commands;
+
+public class UpdateRankCommand extends ServerCommand
+{
+	private String _callerName;
+	private String _callerUUID;
+	private String _targetName;
+	private String _targetRankNew;
+
+	public UpdateRankCommand(String callerName, String callerUUID, String targetName, String targetRankNew)
+	{
+		_callerName = callerName;
+		_callerUUID = callerUUID;
+		_targetName = targetName;
+		_targetRankNew = targetRankNew;
+	}
+}