From 1ab346d067798239b77e2d506f3f8d21c734e8f3 Mon Sep 17 00:00:00 2001
From: Kamilkime <kamilkime@pm.me>
Date: Tue, 9 Feb 2021 00:28:05 +0100
Subject: [PATCH 1/3] Correct name check on PaperSpigot, fixes #423, fixes
 #437, fixes #457

---
 bukkit/pom.xml                                | 28 ++++++++-----
 .../fastlogin/bukkit/FastLoginBukkit.java     | 24 +++++++----
 .../listener/PaperPreLoginListener.java       | 41 +++++++++++++++++++
 .../protocollib/SkinApplyListener.java        | 19 ++++-----
 core/src/main/resources/config.yml            |  3 ++
 5 files changed, 87 insertions(+), 28 deletions(-)
 create mode 100644 bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/PaperPreLoginListener.java

diff --git a/bukkit/pom.xml b/bukkit/pom.xml
index 5caffc82..93de0a08 100644
--- a/bukkit/pom.xml
+++ b/bukkit/pom.xml
@@ -41,6 +41,10 @@
                             <pattern>com.google.gson</pattern>
                             <shadedPattern>fastlogin.gson</shadedPattern>
                         </relocation>
+                        <relocation>
+                            <pattern>io.papermc.lib</pattern>
+                            <shadedPattern>fastlogin.paperlib</shadedPattern>
+                        </relocation>
                     </relocations>
                 </configuration>
                 <executions>
@@ -56,14 +60,10 @@
     </build>
 
     <repositories>
-        <!-- Bukkit-Server-API -->
+        <!-- PaperSpigot API and PaperLib -->
         <repository>
-            <id>spigot-repo</id>
-            <url>https://hub.spigotmc.org/nexus/content/repositories/snapshots/</url>
-            <!-- Disable snapshot release policy to speed up, when finding a artifact -->
-            <releases>
-                <enabled>false</enabled>
-            </releases>
+            <id>papermc</id>
+            <url>https://papermc.io/repo/repository/maven-public/</url>
         </repository>
 
         <!-- ProtocolLib -->
@@ -108,14 +108,22 @@
             <version>${project.version}</version>
         </dependency>
 
-        <!--Server API-->
+        <!-- PaperSpigot API for correcting usercache usage -->
         <dependency>
-            <groupId>org.spigotmc</groupId>
-            <artifactId>spigot-api</artifactId>
+            <groupId>com.destroystokyo.paper</groupId>
+            <artifactId>paper-api</artifactId>
             <version>1.15.2-R0.1-SNAPSHOT</version>
             <scope>provided</scope>
         </dependency>
 
+        <!-- PaperLib for checking if server uses PaperSpigot -->
+        <dependency>
+            <groupId>io.papermc</groupId>
+            <artifactId>paperlib</artifactId>
+            <version>1.0.6</version>
+            <scope>compile</scope>
+        </dependency>
+
         <!--Library for listening and sending Minecraft packets-->
         <dependency>
             <groupId>com.comphenix.protocol</groupId>
diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/FastLoginBukkit.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/FastLoginBukkit.java
index 03943e2b..eacfdfed 100644
--- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/FastLoginBukkit.java
+++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/FastLoginBukkit.java
@@ -3,6 +3,7 @@ package com.github.games647.fastlogin.bukkit;
 import com.github.games647.fastlogin.bukkit.command.CrackedCommand;
 import com.github.games647.fastlogin.bukkit.command.PremiumCommand;
 import com.github.games647.fastlogin.bukkit.listener.ConnectionListener;
+import com.github.games647.fastlogin.bukkit.listener.PaperPreLoginListener;
 import com.github.games647.fastlogin.bukkit.listener.protocollib.ProtocolLibListener;
 import com.github.games647.fastlogin.bukkit.listener.protocollib.SkinApplyListener;
 import com.github.games647.fastlogin.bukkit.listener.protocolsupport.ProtocolSupportListener;
@@ -11,6 +12,12 @@ import com.github.games647.fastlogin.core.CommonUtil;
 import com.github.games647.fastlogin.core.PremiumStatus;
 import com.github.games647.fastlogin.core.shared.FastLoginCore;
 import com.github.games647.fastlogin.core.shared.PlatformPlugin;
+import io.papermc.lib.PaperLib;
+import org.bukkit.command.CommandSender;
+import org.bukkit.entity.Player;
+import org.bukkit.plugin.PluginManager;
+import org.bukkit.plugin.java.JavaPlugin;
+import org.slf4j.Logger;
 
 import java.net.InetSocketAddress;
 import java.nio.file.Path;
@@ -19,12 +26,6 @@ import java.util.UUID;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 
-import org.bukkit.command.CommandSender;
-import org.bukkit.entity.Player;
-import org.bukkit.plugin.PluginManager;
-import org.bukkit.plugin.java.JavaPlugin;
-import org.slf4j.Logger;
-
 /**
  * This plugin checks if a player has a paid account and if so tries to skip offline mode authentication.
  */
@@ -75,7 +76,11 @@ public class FastLoginBukkit extends JavaPlugin implements PlatformPlugin<Comman
                 pluginManager.registerEvents(new ProtocolSupportListener(this, core.getRateLimiter()), this);
             } else if (pluginManager.isPluginEnabled("ProtocolLib")) {
                 ProtocolLibListener.register(this, core.getRateLimiter());
-                pluginManager.registerEvents(new SkinApplyListener(this), this);
+
+                //if server is using paper - we need to set the skin at pre login anyway, so no need for this listener
+                if (!PaperLib.isPaper() && getConfig().getBoolean("forwardSkin")) {
+                    pluginManager.registerEvents(new SkinApplyListener(this), this);
+                }
             } else {
                 logger.warn("Either ProtocolLib or ProtocolSupport have to be installed if you don't use BungeeCord");
             }
@@ -86,6 +91,11 @@ public class FastLoginBukkit extends JavaPlugin implements PlatformPlugin<Comman
 
         pluginManager.registerEvents(new ConnectionListener(this), this);
 
+        //if server is using paper - we need to add one more listener to correct the usercache usage
+        if (PaperLib.isPaper()) {
+            pluginManager.registerEvents(new PaperPreLoginListener(this), this);
+        }
+
         //register commands using a unique name
         getCommand("premium").setExecutor(new PremiumCommand(this));
         getCommand("cracked").setExecutor(new CrackedCommand(this));
diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/PaperPreLoginListener.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/PaperPreLoginListener.java
new file mode 100644
index 00000000..167ae006
--- /dev/null
+++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/PaperPreLoginListener.java
@@ -0,0 +1,41 @@
+package com.github.games647.fastlogin.bukkit.listener;
+
+import com.destroystokyo.paper.profile.ProfileProperty;
+import com.github.games647.craftapi.model.skin.Textures;
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import org.bukkit.event.EventHandler;
+import org.bukkit.event.EventPriority;
+import org.bukkit.event.Listener;
+import org.bukkit.event.player.AsyncPlayerPreLoginEvent;
+import org.bukkit.event.player.AsyncPlayerPreLoginEvent.Result;
+
+public class PaperPreLoginListener implements Listener {
+
+    private final FastLoginBukkit plugin;
+
+    public PaperPreLoginListener(final FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    @EventHandler(priority = EventPriority.HIGHEST)
+    //if paper is used - player skin must be set at pre login, otherwise usercache is used
+    //using usercache makes premium name change basically impossible
+    public void onAsyncPlayerPreLogin(AsyncPlayerPreLoginEvent event) {
+        if (event.getLoginResult() != Result.ALLOWED) {
+            return;
+        }
+
+        // event gives us only IP, not the port, so we need to loop through all the sessions
+        for (BukkitLoginSession session : plugin.getLoginSessions().values()) {
+            if (!event.getName().equals(session.getUsername())) {
+                continue;
+            }
+
+            session.getSkin().ifPresent(skin -> event.getPlayerProfile().setProperty(new ProfileProperty(Textures.KEY,
+                    skin.getValue(), skin.getSignature())));
+            break;
+        }
+    }
+
+}
diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/SkinApplyListener.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/SkinApplyListener.java
index 5f1df7d9..fedaa357 100644
--- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/SkinApplyListener.java
+++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/SkinApplyListener.java
@@ -9,9 +9,6 @@ import com.comphenix.protocol.wrappers.WrappedSignedProperty;
 import com.github.games647.craftapi.model.skin.Textures;
 import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-
-import java.lang.reflect.InvocationTargetException;
-
 import org.bukkit.entity.Player;
 import org.bukkit.event.EventHandler;
 import org.bukkit.event.EventPriority;
@@ -19,6 +16,8 @@ import org.bukkit.event.Listener;
 import org.bukkit.event.player.PlayerLoginEvent;
 import org.bukkit.event.player.PlayerLoginEvent.Result;
 
+import java.lang.reflect.InvocationTargetException;
+
 public class SkinApplyListener implements Listener {
 
     private static final Class<?> GAME_PROFILE = MinecraftReflection.getGameProfileClass();
@@ -39,14 +38,12 @@ public class SkinApplyListener implements Listener {
 
         Player player = loginEvent.getPlayer();
 
-        if (plugin.getConfig().getBoolean("forwardSkin")) {
-            //go through every session, because player.getAddress is null
-            //loginEvent.getAddress is just a InetAddress not InetSocketAddress, so not unique enough
-            for (BukkitLoginSession session : plugin.getLoginSessions().values()) {
-                if (session.getUsername().equals(player.getName())) {
-                    session.getSkin().ifPresent(skin -> applySkin(player, skin.getValue(), skin.getSignature()));
-                    break;
-                }
+        //go through every session, because player.getAddress is null
+        //loginEvent.getAddress is just a InetAddress not InetSocketAddress, so not unique enough
+        for (BukkitLoginSession session : plugin.getLoginSessions().values()) {
+            if (session.getUsername().equals(player.getName())) {
+                session.getSkin().ifPresent(skin -> applySkin(player, skin.getValue(), skin.getSignature()));
+                break;
             }
         }
     }
diff --git a/core/src/main/resources/config.yml b/core/src/main/resources/config.yml
index 6253ff98..1afd90a8 100644
--- a/core/src/main/resources/config.yml
+++ b/core/src/main/resources/config.yml
@@ -127,6 +127,9 @@ nameChangeCheck: false
 # the skin data is included in the Auth-Verification-Response sent by Mojang. If you want to use for other
 # players like cracked player, you have to use other plugins.
 #
+# If you use PaperSpigot - FastLogin will always try to set the skin, even if forwardSkin is set to false
+# It is needed to allow premium name change to work correctly
+#
 # If you want to use skins for your cracked player, you need an additional plugin like
 # ChangeSkin, SkinRestorer, ...
 forwardSkin: true

From 7fbfa8240c2d3850a6d119f0772fee8aa2751f62 Mon Sep 17 00:00:00 2001
From: Kamilkime <kamilkime@pm.me>
Date: Tue, 9 Feb 2021 01:28:12 +0100
Subject: [PATCH 2/3] Allow FastLogin to respect AuthMe pre IP register limit,
 fixes #458

---
 .../fastlogin/bukkit/hook/AuthMeHook.java     | 40 +++++++++++++++----
 core/src/main/resources/config.yml            | 10 +++++
 core/src/main/resources/messages.yml          |  6 +--
 3 files changed, 45 insertions(+), 11 deletions(-)

diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/AuthMeHook.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/AuthMeHook.java
index dbfd4df0..62821425 100644
--- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/AuthMeHook.java
+++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/AuthMeHook.java
@@ -3,15 +3,18 @@ package com.github.games647.fastlogin.bukkit.hook;
 import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
 import com.github.games647.fastlogin.core.hooks.AuthPlugin;
-
 import fr.xephi.authme.api.v3.AuthMeApi;
 import fr.xephi.authme.events.RestoreSessionEvent;
-
+import fr.xephi.authme.process.Management;
+import fr.xephi.authme.process.register.executors.ApiPasswordRegisterParams;
+import fr.xephi.authme.process.register.executors.RegistrationMethod;
 import org.bukkit.entity.Player;
 import org.bukkit.event.EventHandler;
 import org.bukkit.event.EventPriority;
 import org.bukkit.event.Listener;
 
+import java.lang.reflect.Field;
+
 /**
  * GitHub: https://github.com/Xephi/AuthMeReloaded/
  * <p>
@@ -25,8 +28,22 @@ public class AuthMeHook implements AuthPlugin<Player>, Listener {
 
     private final FastLoginBukkit plugin;
 
+    private final AuthMeApi authmeAPI;
+    private Management authmeManagement;
+
     public AuthMeHook(FastLoginBukkit plugin) {
         this.plugin = plugin;
+        this.authmeAPI = AuthMeApi.getInstance();
+
+        if (plugin.getConfig().getBoolean("respectIpLimit", false)) {
+            try {
+                Field managementField = this.authmeAPI.getClass().getDeclaredField("management");
+                managementField.setAccessible(true);
+                this.authmeManagement = (Management) managementField.get(this.authmeAPI);
+            } catch (NoSuchFieldException | IllegalAccessException exception) {
+                this.authmeManagement = null;
+            }
+        }
     }
 
     @EventHandler(priority = EventPriority.HIGHEST, ignoreCancelled = true)
@@ -41,25 +58,32 @@ public class AuthMeHook implements AuthPlugin<Player>, Listener {
 
     @Override
     public boolean forceLogin(Player player) {
-        if (AuthMeApi.getInstance().isAuthenticated(player)) {
+        if (authmeAPI.isAuthenticated(player)) {
             plugin.getLog().warn(ALREADY_AUTHENTICATED, player);
             return false;
         }
 
         //skips registration and login
-        AuthMeApi.getInstance().forceLogin(player);
+        authmeAPI.forceLogin(player);
         return true;
     }
 
     @Override
     public boolean isRegistered(String playerName) {
-        return AuthMeApi.getInstance().isRegistered(playerName);
+        return authmeAPI.isRegistered(playerName);
     }
 
     @Override
+    //this automatically login the player too
     public boolean forceRegister(Player player, String password) {
-        //this automatically login the player too
-        AuthMeApi.getInstance().forceRegister(player, password);
-        return true;
+        //if we have the management - we can trigger register with IP limit checks
+        if (authmeManagement != null) {
+            authmeManagement.performRegister(RegistrationMethod.PASSWORD_REGISTRATION,
+                    ApiPasswordRegisterParams.of(player, password, true));
+        } else {
+            authmeAPI.forceRegister(player, password);
+        }
+
+        return authmeAPI.isRegistered(player.getName());
     }
 }
diff --git a/core/src/main/resources/config.yml b/core/src/main/resources/config.yml
index 1afd90a8..37a313af 100644
--- a/core/src/main/resources/config.yml
+++ b/core/src/main/resources/config.yml
@@ -36,6 +36,15 @@ anti-bot:
 # For more information: https://github.com/games647/FastLogin#why-do-players-have-to-invoke-a-command
 autoRegister: false
 
+# Should FastLogin respect per IP limit of registrations (e.g. in AuthMe)
+# Because most auth plugins do their stuff async - FastLogin will still think the player was registered
+# To work best - you also need to enable auto-register-unknown
+#
+# If set to true - FastLogin will always attempt to register the player, even if the limit is exceeded
+# It is up to the auth plugin to handle the excessive registration
+# https://github.com/games647/FastLogin/issues/458
+respectIpLimit: false
+
 # This is extra configuration option to the feature above. If we request a premium authentication from a player who
 # isn't actual premium but used a premium username, the player will disconnect with the reason "invalid session" or
 # "bad login".
@@ -129,6 +138,7 @@ nameChangeCheck: false
 #
 # If you use PaperSpigot - FastLogin will always try to set the skin, even if forwardSkin is set to false
 # It is needed to allow premium name change to work correctly
+# https://github.com/games647/FastLogin/issues/457
 #
 # If you want to use skins for your cracked player, you need an additional plugin like
 # ChangeSkin, SkinRestorer, ...
diff --git a/core/src/main/resources/messages.yml b/core/src/main/resources/messages.yml
index 99221b51..fdc6cb84 100644
--- a/core/src/main/resources/messages.yml
+++ b/core/src/main/resources/messages.yml
@@ -53,10 +53,10 @@ player-unknown: '&4Player not in the database'
 # The user skipped the authentication, because it was a premium player
 auto-login: '&2Auto logged in'
 
-# The user was auto registered on the first join. The user account will be registered to protect it from cracked players
+# FastLogin attempted to auto register user. The user account is registered to protect it from cracked players
+# If FastLogin is respecting auth plugin IP limit - the registration may have failed, however the message is still displayed
 # The password can be used if the mojang servers are down and you still want your premium users to login (PLANNED)
-auto-register: '&2Auto registered with password: %password
-You may want change it?'
+auto-register: '&2Tried auto registering with password: &7%password&2. You may want change it?'
 
 # GameProfile is not able to toggle the premium state of other players
 no-permission: '&4Not enough permissions'

From c079653d09ea54ba10c2d1719646fa01ced1a7a4 Mon Sep 17 00:00:00 2001
From: Kamilkime <kamilkime@pm.me>
Date: Tue, 9 Feb 2021 10:42:10 +0100
Subject: [PATCH 3/3] Always return true when registering with AuthMe

---
 .../com/github/games647/fastlogin/bukkit/hook/AuthMeHook.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/AuthMeHook.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/AuthMeHook.java
index 62821425..0a5f5247 100644
--- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/AuthMeHook.java
+++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/AuthMeHook.java
@@ -84,6 +84,6 @@ public class AuthMeHook implements AuthPlugin<Player>, Listener {
             authmeAPI.forceRegister(player, password);
         }
 
-        return authmeAPI.isRegistered(player.getName());
+        return true;
     }
 }