mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-09-01 15:53:04 +00:00
Code Issues Projects Releases Wiki Activity

Player: cleanup how login verification is handled

Browse Source 
Players are now only considered authenticated if they have an XUID AND have a keychain with a Mojang signature in it somewhere.
This commit is contained in:
Dylan K. Taylor 2018-03-17 18:44:26 +00:00
parent b2ee6b2ca5
commit 9d5eeb328e
1 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/pocketmine/Player.php
View File

@ -232,8 +232,6 @@ class Player extends Human implements CommandSender, ChunkLoader, IPlayer{
protected $displayName = ""; protected $displayName = "";
/** @var int */ /** @var int */
protected $randomClientId; protected $randomClientId;
/** @var bool */
protected $authenticated = false;
/** @var string */ /** @var string */
protected $xuid = ""; protected $xuid = "";
@ -374,7 +372,7 @@ class Player extends Human implements CommandSender, ChunkLoader, IPlayer{
} }
public function isAuthenticated() : bool{ public function isAuthenticated() : bool{
return $this->authenticated; return $this->xuid !== "";
} }
/** /**
@ -1948,7 +1946,7 @@ class Player extends Human implements CommandSender, ChunkLoader, IPlayer{
$this->sendDataPacket($pk, false, $immediate); $this->sendDataPacket($pk, false, $immediate);
} }
public function onVerifyCompleted(LoginPacket $packet, ?string $error, bool $isAuthenticated) : void{ public function onVerifyCompleted(LoginPacket $packet, ?string $error, bool $signedByMojang) : void{
if($this->closed){ if($this->closed){
return; return;
} }
@ -1958,27 +1956,29 @@ class Player extends Human implements CommandSender, ChunkLoader, IPlayer{
return; return;
} }
$this->authenticated = $isAuthenticated; $xuid = $packet->xuid;
if(!$signedByMojang and $xuid !== ""){
$this->server->getLogger()->warning($this->getName() . " has an XUID, but their login keychain is not signed by Mojang");
$xuid = "";
}
if($xuid === ""){
if($signedByMojang){
$this->server->getLogger()->error($this->getName() . " should have an XUID, but none found");
}
if(!$isAuthenticated){
if($this->server->requiresAuthentication() and $this->kick("disconnectionScreen.notAuthenticated", false)){ //use kick to allow plugins to cancel this if($this->server->requiresAuthentication() and $this->kick("disconnectionScreen.notAuthenticated", false)){ //use kick to allow plugins to cancel this
return; return;
} }
$this->server->getLogger()->debug($this->getName() . " is NOT logged into to Xbox Live"); $this->server->getLogger()->debug($this->getName() . " is NOT logged into to Xbox Live");
if($packet->xuid !== ""){
$this->server->getLogger()->warning($this->getName() . " has an XUID, but their login keychain is not signed by Mojang");
}
}else{ }else{
$this->server->getLogger()->debug($this->getName() . " is logged into Xbox Live"); $this->server->getLogger()->debug($this->getName() . " is logged into Xbox Live");
$this->xuid = $xuid;
if($packet->xuid === ""){
$this->server->getLogger()->error($this->getName() . " should have an XUID, but none found");
}
$this->xuid = $packet->xuid; //don't set this unless we know they are logged in
} }
//TODO: get data from loginpacket (xbox user ID and stuff), add events //TODO: encryption
$this->processLogin(); $this->processLogin();
} }