mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-06-13 23:15:29 +00:00
Code Issues Projects Releases Wiki Activity

Revert "Stop using insecure UUIDs from non-XBL players"

Browse Source 
This reverts commit 9baf59702bf63453d071c92150823e1a0683d025.

I forgot this is also needed for the player list, and for skin updates
to work ... this will need to be revisited
This commit is contained in:
Dylan K. Taylor 2023-05-27 18:10:55 +01:00
parent 9baf59702b
commit 7f1550ef04
No known key found for this signature in database
GPG Key ID: 8927471A91CAFD3D
3 changed files with 3 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/network/mcpe/handler/LoginPacketHandler.php
View File

@ -95,7 +95,7 @@ class LoginPacketHandler extends PacketHandler{
}else{ }else{
$playerInfo = new PlayerInfo( $playerInfo = new PlayerInfo(
$extraData->displayName, $extraData->displayName,
null, //we can't trust UUIDs of non-XBL players - replace this with a server-generated UUID $uuid,
$skin, $skin,
$clientData->LanguageCode, $clientData->LanguageCode,
(array) $clientData (array) $clientData

20
src/player/PlayerInfo.php
View File

@ -25,42 +25,24 @@ namespace pocketmine\player;
use pocketmine\entity\Skin; use pocketmine\entity\Skin;
use pocketmine\utils\TextFormat; use pocketmine\utils\TextFormat;
use Ramsey\Uuid\Uuid;
use Ramsey\Uuid\UuidInterface; use Ramsey\Uuid\UuidInterface;
/** /**
* Encapsulates data needed to create a player. * Encapsulates data needed to create a player.
*/ */
class PlayerInfo{ class PlayerInfo{
/**
* Namespace for server-generated UUIDs for unauthenticated (non-XBL) players.
* This must not be changed.
*/
private const UNAUTHENTICATED_PLAYER_UUID_NS = '6a6424c0-a26f-43b7-8e72-4176d051748d';
private UuidInterface $uuid;
/** /**
* @param mixed[] $extraData * @param mixed[] $extraData
* @phpstan-param array<string, mixed> $extraData * @phpstan-param array<string, mixed> $extraData
*/ */
public function __construct( public function __construct(
private string $username, private string $username,
?UuidInterface $uuid, private UuidInterface $uuid,
private Skin $skin, private Skin $skin,
private string $locale, private string $locale,
private array $extraData = [] private array $extraData = []
){ ){
$this->username = TextFormat::clean($username); $this->username = TextFormat::clean($username);
$this->uuid = $uuid ?? self::generateServerAuthoritativeUuid($this->username);
}
/**
* Generates a UUID based on the player's username. This is used for any non-authenticated player, as we can't
* trust UUIDs sent by unauthenticated players.
*/
public static function generateServerAuthoritativeUuid(string $username) : UuidInterface{
//TODO: should we be cleaning the username here?
return Uuid::uuid5(self::UNAUTHENTICATED_PLAYER_UUID_NS, TextFormat::clean($username));
} }
public function getUsername() : string{ public function getUsername() : string{

2
src/player/XboxLivePlayerInfo.php
View File

@ -48,7 +48,7 @@ final class XboxLivePlayerInfo extends PlayerInfo{
public function withoutXboxData() : PlayerInfo{ public function withoutXboxData() : PlayerInfo{
return new PlayerInfo( return new PlayerInfo(
$this->getUsername(), $this->getUsername(),
null, //we can't trust UUIDs of non-XBL players - replace this with a server-generated UUID $this->getUuid(),
$this->getSkin(), $this->getSkin(),
$this->getLocale(), $this->getLocale(),
$this->getExtraData() $this->getExtraData()