mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-04-20 16:00:20 +00:00
Code Issues Projects Releases Wiki Activity

Player: cleanup how login verification is handled

Browse Source 
Players are now only considered authenticated if they have an XUID AND have a keychain with a Mojang signature in it somewhere.
This commit is contained in:
Dylan K. Taylor 2018-03-17 18:44:26 +00:00
parent b2ee6b2ca5
commit 9d5eeb328e
1 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/pocketmine/Player.php
View File

@ -232,8 +232,6 @@ class Player extends Human implements CommandSender, ChunkLoader, IPlayer{
protected $displayName = "";
/** @var int */
protected $randomClientId;
/** @var bool */
protected $authenticated = false;
/** @var string */
protected $xuid = "";
@ -374,7 +372,7 @@ class Player extends Human implements CommandSender, ChunkLoader, IPlayer{
}
public function isAuthenticated() : bool{
return $this->authenticated;
return $this->xuid !== "";
}
/**
@ -1948,7 +1946,7 @@ class Player extends Human implements CommandSender, ChunkLoader, IPlayer{
$this->sendDataPacket($pk, false, $immediate);
}
public function onVerifyCompleted(LoginPacket $packet, ?string $error, bool $isAuthenticated) : void{
public function onVerifyCompleted(LoginPacket $packet, ?string $error, bool $signedByMojang) : void{
if($this->closed){
return;
}
@ -1958,27 +1956,29 @@ class Player extends Human implements CommandSender, ChunkLoader, IPlayer{
return;
}
$this->authenticated = $isAuthenticated;
$xuid = $packet->xuid;
if(!$signedByMojang and $xuid !== ""){
$this->server->getLogger()->warning($this->getName() . " has an XUID, but their login keychain is not signed by Mojang");
$xuid = "";
}
if($xuid === ""){
if($signedByMojang){
$this->server->getLogger()->error($this->getName() . " should have an XUID, but none found");
}
if(!$isAuthenticated){
if($this->server->requiresAuthentication() and $this->kick("disconnectionScreen.notAuthenticated", false)){ //use kick to allow plugins to cancel this
return;
}
$this->server->getLogger()->debug($this->getName() . " is NOT logged into to Xbox Live");
if($packet->xuid !== ""){
$this->server->getLogger()->warning($this->getName() . " has an XUID, but their login keychain is not signed by Mojang");
}
}else{
$this->server->getLogger()->debug($this->getName() . " is logged into Xbox Live");
if($packet->xuid === ""){
$this->server->getLogger()->error($this->getName() . " should have an XUID, but none found");
}
$this->xuid = $packet->xuid; //don't set this unless we know they are logged in
$this->xuid = $xuid;
}
//TODO: get data from loginpacket (xbox user ID and stuff), add events
//TODO: encryption
$this->processLogin();
}