duckietm/Arcturus-Morningstar-Extended
1
0
Fork 0
mirror of https://github.com/duckietm/Arcturus-Morningstar-Extended.git synced 2026-06-20 07:26:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(rcon): validate offline badge targets

Browse Source 
GiveBadge could treat a missing offline user as eligible for a badge and insert through a nullable user subquery. Depending on SQL mode this could fail late or persist an orphaned user_id value. Resolve the offline user first, return HABBO_NOT_FOUND when absent, and insert badges with the resolved user id only.
This commit is contained in:
simoleo89
2026-06-13 15:33:38 +02:00
parent 4eafb54c57
commit 775197984f
2 changed files with 40 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Emulator/src/test/java/com/eu/habbo/messages/rcon/GiveBadgeContractTest.java
+27
View File
@@ -0,0 +1,27 @@
package com.eu.habbo.messages.rcon;
import org.junit.jupiter.api.Test;
import java.nio.file.Files;
import java.nio.file.Path;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertTrue;
class GiveBadgeContractTest {
private static String giveBadgeSource() throws Exception {
return Files.readString(Path.of("src/main/java/com/eu/habbo/messages/rcon/GiveBadge.java"));
}
@Test
void offlineBadgeGrantRequiresExistingUserBeforeInsert() throws Exception {
String source = giveBadgeSource();
assertTrue(source.contains("HabboManager.getOfflineHabboInfo(json.user_id)"),
"Offline RCON badge grants must verify the target user exists");
assertTrue(source.contains("RCONMessage.HABBO_NOT_FOUND"),
"Offline RCON badge grants must report missing users");
assertFalse(source.contains("(SELECT id FROM users WHERE users.id = ? LIMIT 1)"),
"Offline RCON badge grants must not insert through a nullable user subquery");
}
}