diff --git a/gradle.properties b/gradle.properties index 8cb0cf3..b82b2e5 100644 --- a/gradle.properties +++ b/gradle.properties @@ -7,22 +7,22 @@ mod_version = 8.0.0+1.21.3 ## {x-release-please-end} # Fabric -minecraft_version = 1.21.3 -loader_version = 0.16.7 -yarn_mappings = 1.21.3+build.2 -fabric_version = 0.107.0+1.21.3 +minecraft_version = 1.21.4 +loader_version = 0.16.9 +yarn_mappings = 1.21.4+build.2 +fabric_version = 0.112.0+1.21.4 # Dependencies -cloth_config_version = 16.0.141 -mod_menu_version = 12.0.0-beta.1 +cloth_config_version = 17.0.144 +mod_menu_version = 13.0.0-beta.1 -checkstyle_version = 10.20.0 +checkstyle_version = 10.21.0 jetbrains_annotations_version = 26.0.1 junit_jupiter_version = 5.11.3 # CurseForge cf_project_id = 356643 -cf_game_versions = Fabric, Java 21, 1.21.3 +cf_game_versions = Fabric, Java 21, 1.21.4 cf_relations_required = fabric-api cf_relations_optional = modmenu cf_relations_embedded = cloth-config @@ -31,7 +31,7 @@ cf_relations_incompatible = # Modrinth mr_project_id = yjgIrBjZ -mr_game_versions = 1.21.3 +mr_game_versions = 1.21.4 mr_relations_required = P7dR8mSH mr_relations_optional = mOgUt4GM mr_relations_incompatible = diff --git a/src/main/java/me/axieum/mcmod/authme/api/gui/widget/AuthButtonWidget.java b/src/main/java/me/axieum/mcmod/authme/api/gui/widget/AuthButtonWidget.java index 6dbd5d1..562fbb4 100644 --- a/src/main/java/me/axieum/mcmod/authme/api/gui/widget/AuthButtonWidget.java +++ b/src/main/java/me/axieum/mcmod/authme/api/gui/widget/AuthButtonWidget.java @@ -190,7 +190,7 @@ public void setSessionStatus(SessionStatus sessionStatus) public boolean mouseClicked(double mouseX, double mouseY, int button) { if (this.moveAction != null) { - return this.isValidClickButton(button) && this.clicked(mouseX, mouseY); + return this.isValidClickButton(button); } return super.mouseClicked(mouseX, mouseY, button); } diff --git a/src/main/java/me/axieum/mcmod/authme/api/util/MicrosoftUtils.java b/src/main/java/me/axieum/mcmod/authme/api/util/MicrosoftUtils.java index 46253af..ef5aed0 100644 --- a/src/main/java/me/axieum/mcmod/authme/api/util/MicrosoftUtils.java +++ b/src/main/java/me/axieum/mcmod/authme/api/util/MicrosoftUtils.java @@ -4,6 +4,7 @@ import java.net.InetSocketAddress; import java.net.URI; import java.nio.charset.StandardCharsets; +import java.util.Base64; import java.util.List; import java.util.Map; import java.util.Optional; @@ -16,12 +17,12 @@ import java.util.concurrent.atomic.AtomicReference; import java.util.function.Consumer; import java.util.function.Function; +import java.util.random.RandomGenerator; import java.util.stream.Collectors; import com.google.gson.JsonElement; import com.google.gson.JsonObject; import com.sun.net.httpserver.HttpServer; -import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.lang3.StringUtils; import org.apache.http.NameValuePair; import org.apache.http.client.config.RequestConfig; @@ -63,6 +64,9 @@ public final class MicrosoftUtils .setSocketTimeout(30_000) .build(); + // A secure random for OAuth2 state generation + private static final RandomGenerator SECURE_RANDOM = RandomGenerator.of("SecureRandom"); + // Default URLs used in the configuration. public static final String CLIENT_ID = "e16699bb-2aa8-46da-b5e3-45cbcce29091"; public static final String AUTHORIZE_URL = "https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize"; @@ -168,7 +172,7 @@ public static CompletableFuture acquireMSAuthCode( LOGGER.info("Acquiring Microsoft auth code..."); try { // Generate a random "state" to be included in the request that will in turn be returned with the token - final String state = RandomStringUtils.randomAlphanumeric(8); + final String state = generateState(); // Prepare a temporary HTTP server we can listen for the OAuth2 callback on final HttpServer server = HttpServer.create( @@ -600,6 +604,18 @@ public static CompletableFuture login(final String mcToken, final Execu }, executor); } + /** + * Generates a random OAuth2 state. + * + * @return OAuth2 state + */ + public static String generateState() + { + byte[] randomBytes = new byte[16]; + SECURE_RANDOM.nextBytes(randomBytes); + return Base64.getUrlEncoder().withoutPadding().encodeToString(randomBytes); + } + /** * Indicates the type of user interaction that is required when requesting * Microsoft authorization codes. diff --git a/src/main/resources/fabric.mod.json b/src/main/resources/fabric.mod.json index 52c37d4..884f6a9 100644 --- a/src/main/resources/fabric.mod.json +++ b/src/main/resources/fabric.mod.json @@ -35,7 +35,7 @@ ], "depends": { "java": ">=21", - "minecraft": "~1.21", + "minecraft": "~1.21.4", "fabricloader": ">=0.14.18", "fabric-lifecycle-events-v1": "*", "fabric-resource-loader-v0": "*",