From 2bd339b0bfe37d8825ed17c0d74ee35512d48590 Mon Sep 17 00:00:00 2001
From: games647 <games647@users.noreply.github.com>
Date: Mon, 25 May 2020 13:20:34 +0200
Subject: [PATCH] Use username from Mojang for offline IDs

Affected systems: BungeeCord after name change
Effects: Carry on items, permissions, etc. from the old user account without access to the new one

After a name change it could happen that the client still only
knows the old username and will send it to the server. Mojang will provide us with an up-to-date username that we should use instead.

The username is also sent to Mojang, so that they could verify the use. Therefore exploiting this behavior extensively for arbitrary usernames is not possible.

Related #344
---
 .../protocollib/VerifyResponseTask.java       | 18 ++++++---
 .../ProtocolSupportListener.java              |  3 --
 .../fastlogin/bukkit/task/ForceLoginTask.java | 12 +++---
 .../bungee/listener/ConnectListener.java      | 15 ++++----
 .../fastlogin/core/shared/LoginSession.java   | 37 ++++++++++++-------
 5 files changed, 51 insertions(+), 34 deletions(-)

diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java
index 6ad02bdd..e60dd253 100644
--- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java
+++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java
@@ -94,30 +94,36 @@ public class VerifyResponseTask implements Runnable {
 
         String serverId = EncryptionUtil.getServerIdHashString("", loginKey, serverKey.getPublic());
 
-        String username = session.getUsername();
+        String requestedUsername = session.getRequestUsername();
         InetSocketAddress socketAddress = player.getAddress();
         try {
             MojangResolver resolver = plugin.getCore().getResolver();
             InetAddress address = socketAddress.getAddress();
-            Optional<Verification> response = resolver.hasJoined(username, serverId, address);
+            Optional<Verification> response = resolver.hasJoined(requestedUsername, serverId, address);
             if (response.isPresent()) {
-                plugin.getLog().info("GameProfile {} has a verified premium account", username);
+                plugin.getLog().info("GameProfile {} has a verified premium account", requestedUsername);
+                String realUsername = response.get().getName();
+                if (realUsername == null) {
+                    disconnect("invalid-session", true, "Username field null for {}", requestedUsername);
+                    return;
+                }
 
                 SkinProperty[] properties = response.get().getProperties();
                 if (properties.length > 0) {
                     session.setSkinProperty(properties[0]);
                 }
 
+                session.setVerifiedUsername(realUsername);
                 session.setUuid(response.get().getId());
                 session.setVerified(true);
 
                 setPremiumUUID(session.getUuid());
-                receiveFakeStartPacket(username);
+                receiveFakeStartPacket(realUsername);
             } else {
                 //user tried to fake a authentication
                 disconnect("invalid-session", true
                         , "GameProfile {0} ({1}) tried to log in with an invalid session ServerId: {2}"
-                        , session.getUsername(), socketAddress, serverId);
+                        , session.getRequestUsername(), socketAddress, serverId);
             }
         } catch (IOException ioEx) {
             disconnect("error-kick", false, "Failed to connect to session server", ioEx);
@@ -146,7 +152,7 @@ public class VerifyResponseTask implements Runnable {
             //check if the verify token are equal to the server sent one
             disconnect("invalid-verify-token", true
                     , "GameProfile {0} ({1}) tried to login with an invalid verify token. Server: {2} Client: {3}"
-                    , session.getUsername(), packetEvent.getPlayer().getAddress(), requestVerify, responseVerify);
+                    , session.getRequestUsername(), packetEvent.getPlayer().getAddress(), requestVerify, responseVerify);
             return false;
         }
 
diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocolsupport/ProtocolSupportListener.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocolsupport/ProtocolSupportListener.java
index 5dc3a74b..0e52b159 100644
--- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocolsupport/ProtocolSupportListener.java
+++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocolsupport/ProtocolSupportListener.java
@@ -92,9 +92,6 @@ public class ProtocolSupportListener extends JoinManagement<Player, CommandSende
 
         BukkitLoginSession playerSession = new BukkitLoginSession(username, registered, profile);
         plugin.putSession(source.getAddress(), playerSession);
-        if (plugin.getConfig().getBoolean("premiumUuid")) {
-            source.getLoginStartEvent().setOnlineMode(true);
-        }
     }
 
     @Override
diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/task/ForceLoginTask.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/task/ForceLoginTask.java
index 9f72cb7f..9e54e21a 100644
--- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/task/ForceLoginTask.java
+++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/task/ForceLoginTask.java
@@ -31,6 +31,12 @@ public class ForceLoginTask extends ForceLoginManagement<Player, CommandSender,
         FastLoginBukkit plugin = core.getPlugin();
         player.setMetadata(core.getPlugin().getName(), new FixedMetadataValue(plugin, true));
 
+        if (session != null && !session.getUsername().equals(player.getName())) {
+            String playerName = player.getName();
+            plugin.getLog().warn("Player username {} is not matching session {}", playerName, session.getUsername());
+            return;
+        }
+
         super.run();
 
         PremiumStatus status = PremiumStatus.CRACKED;
@@ -73,10 +79,6 @@ public class ForceLoginTask extends ForceLoginManagement<Player, CommandSender,
 
     @Override
     public boolean isOnlineMode() {
-        if (session == null) {
-            return false;
-        }
-
-        return session.isVerified() && player.getName().equals(session.getUsername());
+        return session.isVerified();
     }
 }
diff --git a/bungee/src/main/java/com/github/games647/fastlogin/bungee/listener/ConnectListener.java b/bungee/src/main/java/com/github/games647/fastlogin/bungee/listener/ConnectListener.java
index a70947b9..07c14cc8 100644
--- a/bungee/src/main/java/com/github/games647/fastlogin/bungee/listener/ConnectListener.java
+++ b/bungee/src/main/java/com/github/games647/fastlogin/bungee/listener/ConnectListener.java
@@ -101,25 +101,26 @@ public class ConnectListener implements Listener {
         final PendingConnection connection = loginEvent.getConnection();
         final InitialHandler initialHandler = (InitialHandler) connection;
 
-        final String username = initialHandler.getLoginRequest().getData();
         if (connection.isOnlineMode()) {
             LoginSession session = plugin.getSession().get(connection);
-            session.setUuid(connection.getUniqueId());
+            LoginResult loginProfile = initialHandler.getLoginProfile();
+
+            UUID verifiedUUID = connection.getUniqueId();
+            session.setUuid(verifiedUUID);
+            session.setVerifiedUsername(loginProfile.getName());
 
             StoredProfile playerProfile = session.getProfile();
-            playerProfile.setId(connection.getUniqueId());
+            playerProfile.setId(verifiedUUID);
 
             //bungeecord will do this automatically so override it on disabled option
             if (!plugin.getCore().getConfig().get("premiumUuid", true)) {
+                String username = loginProfile.getName();
                 setOfflineId(initialHandler, username);
             }
 
             if (!plugin.getCore().getConfig().get("forwardSkin", true)) {
                 // this is null on offline mode
-                LoginResult loginProfile = initialHandler.getLoginProfile();
-                if (loginProfile != null) {
-                    loginProfile.setProperties(emptyProperties);
-                }
+                loginProfile.setProperties(emptyProperties);
             }
         }
     }
diff --git a/core/src/main/java/com/github/games647/fastlogin/core/shared/LoginSession.java b/core/src/main/java/com/github/games647/fastlogin/core/shared/LoginSession.java
index 38928d7b..31a5bd30 100644
--- a/core/src/main/java/com/github/games647/fastlogin/core/shared/LoginSession.java
+++ b/core/src/main/java/com/github/games647/fastlogin/core/shared/LoginSession.java
@@ -1,32 +1,42 @@
 package com.github.games647.fastlogin.core.shared;
 
 import com.github.games647.fastlogin.core.StoredProfile;
+import com.google.common.base.Objects;
 
 import java.util.UUID;
 
 public abstract class LoginSession {
 
-    private final String username;
     private final StoredProfile profile;
-    
+
+    private String requestUsername;
+    private String username;
     private UUID uuid;
 
     protected boolean registered;
 
-    public LoginSession(String username, boolean registered, StoredProfile profile) {
-        this.username = username;
+    public LoginSession(String requestUsername, boolean registered, StoredProfile profile) {
+        this.requestUsername = requestUsername;
+        this.username = requestUsername;
+
         this.registered = registered;
         this.profile = profile;
     }
 
+    public String getRequestUsername() {
+        return requestUsername;
+    }
+
     public String getUsername() {
         return username;
     }
 
+    public synchronized void setVerifiedUsername(String username) {
+        this.username = username;
+    }
+
     /**
-     * This value is always false if we authenticate the player with a cracked authentication
-     *
-     * @return
+     * @return This value is always false if we authenticate the player with a cracked authentication
      */
     public synchronized boolean needsRegistration() {
         return !registered;
@@ -56,11 +66,12 @@ public abstract class LoginSession {
 
     @Override
     public synchronized String toString() {
-        return this.getClass().getSimpleName() + '{' +
-                "username='" + username + '\'' +
-                ", profile=" + profile +
-                ", uuid=" + uuid +
-                ", registered=" + registered +
-                '}';
+        return Objects.toStringHelper(this)
+                .add("profile", profile)
+                .add("requestUsername", requestUsername)
+                .add("username", username)
+                .add("uuid", uuid)
+                .add("registered", registered)
+                .toString();
     }
 }