Merge branch 'develop'

api/modules/session/models/JoinForm.php

@@ -126,7 +126,7 @@ class JoinForm extends Model {
 
         $selectedProfile = $this->selectedProfile;
         $isUuid = StringHelper::isUuid($selectedProfile);
-        if ($isUuid && $account->uuid !== $selectedProfile) {
+        if ($isUuid && $account->uuid !== $this->normalizeUUID($selectedProfile)) {
             Session::error(
                 "User with access_token = '{$accessToken}' trying to join with identity = '{$selectedProfile}'," .
                 " but access_token issued to account with id = '{$account->uuid}'."
@@ -134,7 +134,7 @@ class JoinForm extends Model {
             throw new ForbiddenOperationException('Wrong selected_profile.');
         }
 
-        if (!$isUuid && $account->username !== $selectedProfile) {
+        if (!$isUuid && mb_strtolower($account->username) !== mb_strtolower($selectedProfile)) {
             Session::error(
                 "User with access_token = '{$accessToken}' trying to join with identity = '{$selectedProfile}'," .
                 " but access_token issued to account with username = '{$account->username}'."
@@ -149,4 +149,8 @@ class JoinForm extends Model {
         return $this->account;
     }
 
+    private function normalizeUUID(string $uuid): string {
+        return Uuid::fromString($uuid)->toString();
+    }
+
 }

common/config/config.php

@@ -1,6 +1,6 @@
 <?php
 return [
-    'version' => '1.1.19',
+    'version' => '1.1.20',
     'vendorPath' => dirname(__DIR__, 2) . '/vendor',
     'components' => [
         'cache' => [

tests/codeception/api/functional/sessionserver/JoinCest.php

@@ -52,6 +52,17 @@ class JoinCest {
         $this->expectSuccessResponse($I);
     }
 
+    public function joinByOauth2TokenWithNotDashedUUID(OauthSteps $I) {
+        $I->wantTo('join to server, using modern oAuth2 generated token and non dashed uuid');
+        $accessToken = $I->getAccessToken([P::MINECRAFT_SERVER_SESSION]);
+        $this->route->join([
+            'accessToken' => $accessToken,
+            'selectedProfile' => 'df936908b2e1544d96f82977ec213022',
+            'serverId' => Uuid::uuid(),
+        ]);
+        $this->expectSuccessResponse($I);
+    }
+
     public function joinByModernOauth2TokenWithoutPermission(OauthSteps $I) {
         $I->wantTo('join to server, using moder oAuth2 generated token, but without minecraft auth permission');
         $accessToken = $I->getAccessToken(['account_info', 'account_email']);

tests/codeception/api/functional/sessionserver/JoinLegacyCest.php

@@ -30,6 +30,17 @@ class JoinLegacyCest {
         $this->expectSuccessResponse($I);
     }
 
+    public function joinByOauth2TokenAndDifferentLetterCase(AuthserverSteps $I) {
+        $I->wantTo('join to server by legacy protocol, using legacy authserver access token and different letter case');
+        [$accessToken] = $I->amAuthenticated();
+        $this->route->joinLegacy([
+            'sessionId' => $accessToken,
+            'user' => 'admin',
+            'serverId' => Uuid::uuid(),
+        ]);
+        $this->expectSuccessResponse($I);
+    }
+
     public function joinByNewSessionFormat(AuthserverSteps $I) {
         $I->wantTo('join to server by legacy protocol with new launcher session format, using legacy authserver');
         [$accessToken] = $I->amAuthenticated();