From 7f1550ef0466571fbfd6193a771f4396e488d786 Mon Sep 17 00:00:00 2001 From: "Dylan K. Taylor" Date: Sat, 27 May 2023 18:10:55 +0100 Subject: [PATCH] Revert "Stop using insecure UUIDs from non-XBL players" This reverts commit 9baf59702bf63453d071c92150823e1a0683d025. I forgot this is also needed for the player list, and for skin updates to work ... this will need to be revisited --- .../mcpe/handler/LoginPacketHandler.php | 2 +- src/player/PlayerInfo.php | 20 +------------------ src/player/XboxLivePlayerInfo.php | 2 +- 3 files changed, 3 insertions(+), 21 deletions(-) diff --git a/src/network/mcpe/handler/LoginPacketHandler.php b/src/network/mcpe/handler/LoginPacketHandler.php index e738323e4..a8c3d4d62 100644 --- a/src/network/mcpe/handler/LoginPacketHandler.php +++ b/src/network/mcpe/handler/LoginPacketHandler.php @@ -95,7 +95,7 @@ class LoginPacketHandler extends PacketHandler{ }else{ $playerInfo = new PlayerInfo( $extraData->displayName, - null, //we can't trust UUIDs of non-XBL players - replace this with a server-generated UUID + $uuid, $skin, $clientData->LanguageCode, (array) $clientData diff --git a/src/player/PlayerInfo.php b/src/player/PlayerInfo.php index 82736f0f8..966993435 100644 --- a/src/player/PlayerInfo.php +++ b/src/player/PlayerInfo.php @@ -25,42 +25,24 @@ namespace pocketmine\player; use pocketmine\entity\Skin; use pocketmine\utils\TextFormat; -use Ramsey\Uuid\Uuid; use Ramsey\Uuid\UuidInterface; /** * Encapsulates data needed to create a player. */ class PlayerInfo{ - /** - * Namespace for server-generated UUIDs for unauthenticated (non-XBL) players. - * This must not be changed. - */ - private const UNAUTHENTICATED_PLAYER_UUID_NS = '6a6424c0-a26f-43b7-8e72-4176d051748d'; - - private UuidInterface $uuid; /** * @param mixed[] $extraData * @phpstan-param array $extraData */ public function __construct( private string $username, - ?UuidInterface $uuid, + private UuidInterface $uuid, private Skin $skin, private string $locale, private array $extraData = [] ){ $this->username = TextFormat::clean($username); - $this->uuid = $uuid ?? self::generateServerAuthoritativeUuid($this->username); - } - - /** - * Generates a UUID based on the player's username. This is used for any non-authenticated player, as we can't - * trust UUIDs sent by unauthenticated players. - */ - public static function generateServerAuthoritativeUuid(string $username) : UuidInterface{ - //TODO: should we be cleaning the username here? - return Uuid::uuid5(self::UNAUTHENTICATED_PLAYER_UUID_NS, TextFormat::clean($username)); } public function getUsername() : string{ diff --git a/src/player/XboxLivePlayerInfo.php b/src/player/XboxLivePlayerInfo.php index 1d2bdd0e0..8a17ee744 100644 --- a/src/player/XboxLivePlayerInfo.php +++ b/src/player/XboxLivePlayerInfo.php @@ -48,7 +48,7 @@ final class XboxLivePlayerInfo extends PlayerInfo{ public function withoutXboxData() : PlayerInfo{ return new PlayerInfo( $this->getUsername(), - null, //we can't trust UUIDs of non-XBL players - replace this with a server-generated UUID + $this->getUuid(), $this->getSkin(), $this->getLocale(), $this->getExtraData()