mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-06-13 06:55:29 +00:00
Code Issues Projects Releases Wiki Activity

Login verification: guilty until proven innocent

Browse Source 
assume it's invalid until we've verified everything
This commit is contained in:
Dylan K. Taylor 2017-09-27 10:28:11 +01:00
parent 90cb018de2
commit 7a77bb0402
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/pocketmine/network/mcpe/VerifyLoginTask.php
View File

@ -42,7 +42,7 @@ class VerifyLoginTask extends AsyncTask{
* has an invalid signature. If false, the keychain might have been tampered with. * has an invalid signature. If false, the keychain might have been tampered with.
* The player will always be disconnected if this is false. * The player will always be disconnected if this is false.
*/ */
private $valid = true; private $valid = false;
/** /**
* @var bool * @var bool
* Whether the player is logged into Xbox Live. This is true if any link in the keychain is signed with the Mojang * Whether the player is logged into Xbox Live. This is true if any link in the keychain is signed with the Mojang
@ -63,15 +63,15 @@ class VerifyLoginTask extends AsyncTask{
foreach($packet->chainData["chain"] as $jwt){ foreach($packet->chainData["chain"] as $jwt){
if(!$this->validateToken($jwt, $currentKey)){ if(!$this->validateToken($jwt, $currentKey)){
$this->valid = false;
return; return;
} }
} }
if(!$this->validateToken($packet->clientDataJwt, $currentKey)){ if(!$this->validateToken($packet->clientDataJwt, $currentKey)){
$this->valid = false; return;
} }
$this->valid = true;
} }
private function validateToken(string $jwt, ?string &$currentPublicKey) : bool{ private function validateToken(string $jwt, ?string &$currentPublicKey) : bool{