Revert "Stop using insecure UUIDs from non-XBL players"

This reverts commit 9baf59702bf63453d071c92150823e1a0683d025. I forgot this is also needed for the player list, and for skin updates to work ... this will need to be revisited
2025-04-19 23:44:17 +00:00 · 2023-05-27 18:10:55 +01:00 · 2023-05-27 18:10:55 +01:00 · 7f1550ef04
commit 7f1550ef04
parent 9baf59702b
3 changed files with 3 additions and 21 deletions
--- a/src/network/mcpe/handler/LoginPacketHandler.php
+++ b/src/network/mcpe/handler/LoginPacketHandler.php
@ -95,7 +95,7 @@ class LoginPacketHandler extends PacketHandler{
 		}else{
 			$playerInfo = new PlayerInfo(
 				$extraData->displayName,
-				null, //we can't trust UUIDs of non-XBL players - replace this with a server-generated UUID
+				$uuid,
 				$skin,
 				$clientData->LanguageCode,
 				(array) $clientData
--- a/src/player/PlayerInfo.php
+++ b/src/player/PlayerInfo.php
@ -25,42 +25,24 @@ namespace pocketmine\player;

 use pocketmine\entity\Skin;
 use pocketmine\utils\TextFormat;
-use Ramsey\Uuid\Uuid;
 use Ramsey\Uuid\UuidInterface;

 /**
 * Encapsulates data needed to create a player.
 */
 class PlayerInfo{
-	/**
-	 * Namespace for server-generated UUIDs for unauthenticated (non-XBL) players.
-	 * This must not be changed.
-	 */
-	private const UNAUTHENTICATED_PLAYER_UUID_NS = '6a6424c0-a26f-43b7-8e72-4176d051748d';
-
-	private UuidInterface $uuid;
 	/**
 	 * @param mixed[] $extraData
 	 * @phpstan-param array<string, mixed> $extraData
 	 */
 	public function __construct(
 		private string $username,
-		?UuidInterface $uuid,
+		private UuidInterface $uuid,
 		private Skin $skin,
 		private string $locale,
 		private array $extraData = []
 	){
 		$this->username = TextFormat::clean($username);
-		$this->uuid = $uuid ?? self::generateServerAuthoritativeUuid($this->username);
-	}
-
-	/**
-	 * Generates a UUID based on the player's username. This is used for any non-authenticated player, as we can't
-	 * trust UUIDs sent by unauthenticated players.
-	 */
-	public static function generateServerAuthoritativeUuid(string $username) : UuidInterface{
-		//TODO: should we be cleaning the username here?
-		return Uuid::uuid5(self::UNAUTHENTICATED_PLAYER_UUID_NS, TextFormat::clean($username));
 	}

 	public function getUsername() : string{
--- a/src/player/XboxLivePlayerInfo.php
+++ b/src/player/XboxLivePlayerInfo.php
@ -48,7 +48,7 @@ final class XboxLivePlayerInfo extends PlayerInfo{
 	public function withoutXboxData() : PlayerInfo{
 		return new PlayerInfo(
 			$this->getUsername(),
-			null, //we can't trust UUIDs of non-XBL players - replace this with a server-generated UUID
+			$this->getUuid(),
 			$this->getSkin(),
 			$this->getLocale(),
 			$this->getExtraData()