mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-04-22 16:51:42 +00:00
Code Issues Projects Releases Wiki Activity

Login verification: guilty until proven innocent

Browse Source 
assume it's invalid until we've verified everything
This commit is contained in:
Dylan K. Taylor 2017-09-27 10:28:11 +01:00
parent 90cb018de2
commit 7a77bb0402
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/pocketmine/network/mcpe/VerifyLoginTask.php
View File

@ -42,7 +42,7 @@ class VerifyLoginTask extends AsyncTask{
* has an invalid signature. If false, the keychain might have been tampered with.
* The player will always be disconnected if this is false.
*/
private $valid = true;
private $valid = false;
/**
* @var bool
* Whether the player is logged into Xbox Live. This is true if any link in the keychain is signed with the Mojang
@ -63,15 +63,15 @@ class VerifyLoginTask extends AsyncTask{
foreach($packet->chainData["chain"] as $jwt){
if(!$this->validateToken($jwt, $currentKey)){
$this->valid = false;
return;
}
}
if(!$this->validateToken($packet->clientDataJwt, $currentKey)){
$this->valid = false;
return;
}
$this->valid = true;
}
private function validateToken(string $jwt, ?string &$currentPublicKey) : bool{