From a56e08994441aee1a10299e364e2ff4ac4c66699 Mon Sep 17 00:00:00 2001
From: Freemandns <freemandns@mail.ru>
Date: Sat, 24 Dec 2022 00:15:19 +0300
Subject: [PATCH 1/5] Issues/2659: Fix password comparison.

---
 .../authme/security/PasswordSecurity.java     |  5 ++---
 .../authme/security/PasswordSecurityTest.java | 22 +++++++++----------
 2 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/src/main/java/fr/xephi/authme/security/PasswordSecurity.java b/src/main/java/fr/xephi/authme/security/PasswordSecurity.java
index 012fd3e51..83d9e9e94 100644
--- a/src/main/java/fr/xephi/authme/security/PasswordSecurity.java
+++ b/src/main/java/fr/xephi/authme/security/PasswordSecurity.java
@@ -82,9 +82,8 @@ public boolean comparePassword(String password, String playerName) {
      * @return True if the password matches, false otherwise
      */
     public boolean comparePassword(String password, HashedPassword hashedPassword, String playerName) {
-        String playerLowerCase = playerName.toLowerCase(Locale.ROOT);
-        return methodMatches(encryptionMethod, password, hashedPassword, playerLowerCase)
-            || compareWithLegacyHashes(password, hashedPassword, playerLowerCase);
+        return methodMatches(encryptionMethod, password, hashedPassword, playerName)
+            || compareWithLegacyHashes(password, hashedPassword, playerName);
     }
 
     /**
diff --git a/src/test/java/fr/xephi/authme/security/PasswordSecurityTest.java b/src/test/java/fr/xephi/authme/security/PasswordSecurityTest.java
index aa3165e76..0f0989c97 100644
--- a/src/test/java/fr/xephi/authme/security/PasswordSecurityTest.java
+++ b/src/test/java/fr/xephi/authme/security/PasswordSecurityTest.java
@@ -34,7 +34,7 @@
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.equalToIgnoringCase;
 import static org.hamcrest.Matchers.instanceOf;
-import static org.junit.Assert.assertThat;
+import static org.hamcrest.MatcherAssert.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.BDDMockito.given;
@@ -119,11 +119,11 @@ public void shouldReturnPasswordMatch() {
         HashedPassword password = new HashedPassword("$TEST$10$SOME_HASH", null);
         String playerName = "Tester";
         // Calls to EncryptionMethod are always with the lower-case version of the name
-        String playerLowerCase = playerName.toLowerCase(Locale.ROOT);
+        // String playerLowerCase = playerName.toLowerCase(Locale.ROOT);
         String clearTextPass = "myPassTest";
 
         given(dataSource.getPassword(playerName)).willReturn(password);
-        given(method.comparePassword(clearTextPass, password, playerLowerCase)).willReturn(true);
+        given(method.comparePassword(clearTextPass, password, playerName)).willReturn(true);
 
         // when
         boolean result = passwordSecurity.comparePassword(clearTextPass, playerName);
@@ -132,7 +132,7 @@ public void shouldReturnPasswordMatch() {
         assertThat(result, equalTo(true));
         verify(dataSource).getPassword(playerName);
         verify(pluginManager).callEvent(any(PasswordEncryptionEvent.class));
-        verify(method).comparePassword(clearTextPass, password, playerLowerCase);
+        verify(method).comparePassword(clearTextPass, password, playerName);
     }
 
     @Test
@@ -140,11 +140,10 @@ public void shouldReturnPasswordMismatch() {
         // given
         HashedPassword password = new HashedPassword("$TEST$10$SOME_HASH", null);
         String playerName = "My_PLayer";
-        String playerLowerCase = playerName.toLowerCase(Locale.ROOT);
         String clearTextPass = "passw0Rd1";
 
         given(dataSource.getPassword(playerName)).willReturn(password);
-        given(method.comparePassword(clearTextPass, password, playerLowerCase)).willReturn(false);
+        given(method.comparePassword(clearTextPass, password, playerName)).willReturn(false);
 
         // when
         boolean result = passwordSecurity.comparePassword(clearTextPass, playerName);
@@ -153,7 +152,7 @@ public void shouldReturnPasswordMismatch() {
         assertThat(result, equalTo(false));
         verify(dataSource).getPassword(playerName);
         verify(pluginManager).callEvent(any(PasswordEncryptionEvent.class));
-        verify(method).comparePassword(clearTextPass, password, playerLowerCase);
+        verify(method).comparePassword(clearTextPass, password, playerName);
     }
 
     @Test
@@ -179,14 +178,13 @@ public void shouldTryOtherMethodsForFailedPassword() {
         HashedPassword password =
             new HashedPassword("$2y$10$2e6d2193f43501c926e25elvWlPmWczmrfrnbZV0dUZGITjYjnkkW");
         String playerName = "somePlayer";
-        String playerLowerCase = playerName.toLowerCase(Locale.ROOT);
         String clearTextPass = "Test";
         // MD5 hash for "Test"
         HashedPassword newPassword = new HashedPassword("0cbc6611f5540bd0809a388dc95a615b");
 
         given(dataSource.getPassword(argThat(equalToIgnoringCase(playerName)))).willReturn(password);
-        given(method.comparePassword(clearTextPass, password, playerLowerCase)).willReturn(false);
-        given(method.computeHash(clearTextPass, playerLowerCase)).willReturn(newPassword);
+        given(method.comparePassword(clearTextPass, password, playerName)).willReturn(false);
+        given(method.computeHash(clearTextPass, playerName)).willReturn(newPassword);
         given(settings.getProperty(SecuritySettings.PASSWORD_HASH)).willReturn(HashAlgorithm.MD5);
         given(settings.getProperty(SecuritySettings.LEGACY_HASHES)).willReturn(newHashSet(HashAlgorithm.BCRYPT));
         passwordSecurity.reload();
@@ -201,8 +199,8 @@ public void shouldTryOtherMethodsForFailedPassword() {
         // should only be invoked with all lower-case names. Data source is case-insensitive itself, so this is fine.
         verify(dataSource).getPassword(argThat(equalToIgnoringCase(playerName)));
         verify(pluginManager, times(2)).callEvent(any(PasswordEncryptionEvent.class));
-        verify(method).comparePassword(clearTextPass, password, playerLowerCase);
-        verify(dataSource).updatePassword(playerLowerCase, newPassword);
+        verify(method).comparePassword(clearTextPass, password, playerName);
+        verify(dataSource).updatePassword(playerName, newPassword);
     }
 
     @Test

From dddb8037fc5c717d2f1c7528bdbcd259a8f7a640 Mon Sep 17 00:00:00 2001
From: Freemandns <freemandns@mail.ru>
Date: Sat, 24 Dec 2022 00:27:23 +0300
Subject: [PATCH 2/5] Issues/2659: An extra comment has been removed.

---
 src/test/java/fr/xephi/authme/security/PasswordSecurityTest.java | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/test/java/fr/xephi/authme/security/PasswordSecurityTest.java b/src/test/java/fr/xephi/authme/security/PasswordSecurityTest.java
index 0f0989c97..17e71a780 100644
--- a/src/test/java/fr/xephi/authme/security/PasswordSecurityTest.java
+++ b/src/test/java/fr/xephi/authme/security/PasswordSecurityTest.java
@@ -119,7 +119,6 @@ public void shouldReturnPasswordMatch() {
         HashedPassword password = new HashedPassword("$TEST$10$SOME_HASH", null);
         String playerName = "Tester";
         // Calls to EncryptionMethod are always with the lower-case version of the name
-        // String playerLowerCase = playerName.toLowerCase(Locale.ROOT);
         String clearTextPass = "myPassTest";
 
         given(dataSource.getPassword(playerName)).willReturn(password);

From 0aa5b095aa48f4c6507d5cb51c3612cf68339229 Mon Sep 17 00:00:00 2001
From: Freemandns <freemandns@mail.ru>
Date: Fri, 6 Jan 2023 13:55:48 +0300
Subject: [PATCH 3/5] issues/2659: Changed version.

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 581affd15..20a9619ce 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>fr.xephi</groupId>
     <artifactId>authme</artifactId>
-    <version>5.6.0-SNAPSHOT</version>
+    <version>5.6.1</version>
 
     <name>AuthMeReloaded</name>
     <description>The first authentication plugin for the Bukkit API!</description>
@@ -205,7 +205,7 @@
                 <configuration>
                     <source>${java.source}</source>
                     <target>${java.target}</target>
-                    <release>${java.apiVersion}</release>
+                    <!-- <release>${java.apiVersion}</release> -->
                 </configuration>
             </plugin>
             <!-- Generate test coverage reports -->

From bf7af1e8f39093cf35c93cbab45a8d9b44f7b0aa Mon Sep 17 00:00:00 2001
From: Freemandns <freemandns@mail.ru>
Date: Fri, 6 Jan 2023 14:27:16 +0300
Subject: [PATCH 4/5] issues/2659: Revert.

---
 src/test/java/fr/xephi/authme/security/PasswordSecurityTest.java | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/test/java/fr/xephi/authme/security/PasswordSecurityTest.java b/src/test/java/fr/xephi/authme/security/PasswordSecurityTest.java
index 17e71a780..e9ef29445 100644
--- a/src/test/java/fr/xephi/authme/security/PasswordSecurityTest.java
+++ b/src/test/java/fr/xephi/authme/security/PasswordSecurityTest.java
@@ -118,7 +118,6 @@ public void shouldReturnPasswordMatch() {
         // given
         HashedPassword password = new HashedPassword("$TEST$10$SOME_HASH", null);
         String playerName = "Tester";
-        // Calls to EncryptionMethod are always with the lower-case version of the name
         String clearTextPass = "myPassTest";
 
         given(dataSource.getPassword(playerName)).willReturn(password);

From 688f15c689f99608bdc30550dc50f3088d2385d7 Mon Sep 17 00:00:00 2001
From: Freemandns <freemandns@mail.ru>
Date: Fri, 6 Jan 2023 14:29:51 +0300
Subject: [PATCH 5/5] issues/2659: Revert 2...

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 20a9619ce..581affd15 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>fr.xephi</groupId>
     <artifactId>authme</artifactId>
-    <version>5.6.1</version>
+    <version>5.6.0-SNAPSHOT</version>
 
     <name>AuthMeReloaded</name>
     <description>The first authentication plugin for the Bukkit API!</description>
@@ -205,7 +205,7 @@
                 <configuration>
                     <source>${java.source}</source>
                     <target>${java.target}</target>
-                    <!-- <release>${java.apiVersion}</release> -->
+                    <release>${java.apiVersion}</release>
                 </configuration>
             </plugin>
             <!-- Generate test coverage reports -->