mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-04-23 00:55:57 +00:00
Code Issues Projects Releases Wiki Activity

Merge branch 'stable'

Browse Source
This commit is contained in:
Dylan K. Taylor 2021-02-07 20:57:19 +00:00
commit 8d5cc9adc3
No known key found for this signature in database
GPG Key ID: 8927471A91CAFD3D
6 changed files with 69 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
composer.json
View File

@ -5,7 +5,7 @@
"homepage": "https://pmmp.io",
"license": "LGPL-3.0",
"require": {
"php": ">=7.4.0",
"php": "^7.4 || ^8.0",
"php-64bit": "*",
"ext-chunkutils2": "^0.1.0",
"ext-crypto": "^0.3.1",

4
composer.lock generated
View File

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "d3ee8c7369af4993870e5a3cb907c520",
"content-hash": "18b4c55f8ac6014140b7fa575b6795bb",
"packages": [
{
"name": "adhocore/json-comment",
@ -3326,7 +3326,7 @@
"prefer-stable": false,
"prefer-lowest": false,
"platform": {
"php": ">=7.4.0",
"php": "^7.4 || ^8.0",
"php-64bit": "*",
"ext-chunkutils2": "^0.1.0",
"ext-crypto": "^0.3.1",

3
resources/pocketmine.yml
View File

@ -103,6 +103,9 @@ debug:
player:
#Choose whether to enable player data saving.
save-player-data: true
#If true, checks that joining players' Xbox user ID (XUID) match what was previously recorded.
#This also prevents non-XBL players using XBL players' usernames to steal their data on servers with xbox-auth=off.
verify-xuid: true
level-settings:
#The default format that levels will use when created

29
src/network/mcpe/NetworkSession.php
View File

@ -35,6 +35,8 @@ use pocketmine\event\server\DataPacketReceiveEvent;
use pocketmine\event\server\DataPacketSendEvent;
use pocketmine\form\Form;
use pocketmine\math\Vector3;
use pocketmine\nbt\tag\CompoundTag;
use pocketmine\nbt\tag\StringTag;
use pocketmine\network\BadPacketException;
use pocketmine\network\mcpe\cache\ChunkCache;
use pocketmine\network\mcpe\compression\CompressBatchPromise;
@ -150,6 +152,8 @@ class NetworkSession{
private $authenticated = false;
/** @var int */
private $connectTime;
/** @var CompoundTag|null */
private $cachedOfflinePlayerData = null;
/** @var EncryptionContext */
private $cipher;
@ -229,11 +233,7 @@ class NetworkSession{
}
protected function createPlayer() : void{
//TODO: make this async
//TODO: what about allowing this to be provided by PlayerCreationEvent?
$offlinePlayerData = $this->server->getOfflinePlayerData($this->info->getUsername());
$this->player = $this->server->createPlayer($this, $this->info, $this->authenticated, $offlinePlayerData);
$this->player = $this->server->createPlayer($this, $this->info, $this->authenticated, $this->cachedOfflinePlayerData);
$this->invManager = new InventoryManager($this->player, $this);
@ -607,6 +607,25 @@ class NetworkSession{
}
$this->logger->debug("Xbox Live authenticated: " . ($this->authenticated ? "YES" : "NO"));
//TODO: make player data loading async
//TODO: we shouldn't be loading player data here at all, but right now we don't have any choice :(
$this->cachedOfflinePlayerData = $this->server->getOfflinePlayerData($this->info->getUsername());
if((bool) $this->server->getConfigGroup()->getProperty("player.verify-xuid")){
$recordedXUID = $this->cachedOfflinePlayerData !== null ? $this->cachedOfflinePlayerData->getTag("LastKnownXUID") : null;
if(!($recordedXUID instanceof StringTag)){
$this->logger->debug("No previous XUID recorded, no choice but to trust this player");
}elseif(($this->info instanceof XboxLivePlayerInfo ? $this->info->getXuid() : "") !== $recordedXUID->getValue()){
//TODO: Longer term, we should be identifying playerdata using something more reliable, like XUID or UUID.
//However, that would be a very disruptive change, so this will serve as a stopgap for now.
//Side note: this will also prevent offline players hijacking XBL playerdata on online servers, since their
//XUID will always be empty.
$this->disconnect("XUID does not match (possible impersonation attempt)");
return;
}else{
$this->logger->debug("XUID match");
}
}
if($this->manager->kickDuplicates($this)){
if(EncryptionContext::$ENABLED){
$this->server->getAsyncPool()->submitTask(new PrepareEncryptionTask($clientPubKey, function(string $encryptionKey, string $handshakeJwt) : void{

2
src/player/Player.php
View File

@ -2034,6 +2034,8 @@ class Player extends Human implements CommandSender, ChunkListener, IPlayer{
public function getSaveData() : CompoundTag{
$nbt = $this->saveNBT();
$nbt->setString("LastKnownXUID", $this->xuid);
if($this->location->isValid()){
$nbt->setString("Level", $this->getWorld()->getFolderName());
}

37
tests/phpunit/network/mcpe/protocol/ProtocolInfoTest.php Normal file
View File

@ -0,0 +1,37 @@
<?php
/*
*
* ____ _ _ __ __ _ __ __ ____
* | _ \ ___ ___| | _____| |_| \/ (_)_ __ ___ | \/ | _ \
* | |_) / _ \ / __| |/ / _ \ __| |\/| | | '_ \ / _ \_____| |\/| | |_) |
* | __/ (_) | (__| < __/ |_| | | | | | | | __/_____| | | | __/
* |_| \___/ \___|_|\_\___|\__|_| |_|_|_| |_|\___| |_| |_|_|
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* @author PocketMine Team
* @link http://www.pocketmine.net/
*
*
*/
declare(strict_types=1);
namespace pocketmine\network\mcpe\protocol;
use PHPUnit\Framework\TestCase;
final class ProtocolInfoTest extends TestCase{
public function testMinecraftVersionNetwork() : void{
self::assertMatchesRegularExpression(
'/^(?:\d+\.)?(?:\d+\.)?(?:\d+\.)?\d+$/',
ProtocolInfo::MINECRAFT_VERSION_NETWORK,
"Network version should only contain 0-9 and \".\", and no more than 4 groups of digits"
);
}
}