Merge branch 'develop'

2024-11-10 07:22:00 +05:30 · 2017-10-20 15:20:14 +03:00 · 2017-10-20 15:20:14 +03:00 · 9cc39bb613
commit 9cc39bb613
parent 759e711c78 9d8b695fff
4 changed files with 29 additions and 3 deletions
--- a/api/modules/session/models/JoinForm.php
+++ b/api/modules/session/models/JoinForm.php
@ -126,7 +126,7 @@ class JoinForm extends Model {

        $selectedProfile = $this->selectedProfile;
        $isUuid = StringHelper::isUuid($selectedProfile);
-        if ($isUuid && $account->uuid !== $selectedProfile) {
+        if ($isUuid && $account->uuid !== $this->normalizeUUID($selectedProfile)) {
            Session::error(
                "User with access_token = '{$accessToken}' trying to join with identity = '{$selectedProfile}'," .
                " but access_token issued to account with id = '{$account->uuid}'."
@ -134,7 +134,7 @@ class JoinForm extends Model {
            throw new ForbiddenOperationException('Wrong selected_profile.');
        }

-        if (!$isUuid && $account->username !== $selectedProfile) {
+        if (!$isUuid && mb_strtolower($account->username) !== mb_strtolower($selectedProfile)) {
            Session::error(
                "User with access_token = '{$accessToken}' trying to join with identity = '{$selectedProfile}'," .
                " but access_token issued to account with username = '{$account->username}'."
@ -149,4 +149,8 @@ class JoinForm extends Model {
        return $this->account;
    }

+    private function normalizeUUID(string $uuid): string {
+        return Uuid::fromString($uuid)->toString();
+    }
+
 }
--- a/common/config/config.php
+++ b/common/config/config.php
@ -1,6 +1,6 @@
 <?php
 return [
-    'version' => '1.1.19',
+    'version' => '1.1.20',
    'vendorPath' => dirname(__DIR__, 2) . '/vendor',
    'components' => [
        'cache' => [
--- a/tests/codeception/api/functional/sessionserver/JoinCest.php
+++ b/tests/codeception/api/functional/sessionserver/JoinCest.php
@ -52,6 +52,17 @@ class JoinCest {
        $this->expectSuccessResponse($I);
    }

+    public function joinByOauth2TokenWithNotDashedUUID(OauthSteps $I) {
+        $I->wantTo('join to server, using modern oAuth2 generated token and non dashed uuid');
+        $accessToken = $I->getAccessToken([P::MINECRAFT_SERVER_SESSION]);
+        $this->route->join([
+            'accessToken' => $accessToken,
+            'selectedProfile' => 'df936908b2e1544d96f82977ec213022',
+            'serverId' => Uuid::uuid(),
+        ]);
+        $this->expectSuccessResponse($I);
+    }
+
    public function joinByModernOauth2TokenWithoutPermission(OauthSteps $I) {
        $I->wantTo('join to server, using moder oAuth2 generated token, but without minecraft auth permission');
        $accessToken = $I->getAccessToken(['account_info', 'account_email']);
--- a/tests/codeception/api/functional/sessionserver/JoinLegacyCest.php
+++ b/tests/codeception/api/functional/sessionserver/JoinLegacyCest.php
@ -30,6 +30,17 @@ class JoinLegacyCest {
        $this->expectSuccessResponse($I);
    }

+    public function joinByOauth2TokenAndDifferentLetterCase(AuthserverSteps $I) {
+        $I->wantTo('join to server by legacy protocol, using legacy authserver access token and different letter case');
+        [$accessToken] = $I->amAuthenticated();
+        $this->route->joinLegacy([
+            'sessionId' => $accessToken,
+            'user' => 'admin',
+            'serverId' => Uuid::uuid(),
+        ]);
+        $this->expectSuccessResponse($I);
+    }
+
    public function joinByNewSessionFormat(AuthserverSteps $I) {
        $I->wantTo('join to server by legacy protocol with new launcher session format, using legacy authserver');
        [$accessToken] = $I->amAuthenticated();