diff --git a/api/modules/session/models/JoinForm.php b/api/modules/session/models/JoinForm.php index 22478f6..b8b2aff 100644 --- a/api/modules/session/models/JoinForm.php +++ b/api/modules/session/models/JoinForm.php @@ -126,7 +126,7 @@ class JoinForm extends Model { $selectedProfile = $this->selectedProfile; $isUuid = StringHelper::isUuid($selectedProfile); - if ($isUuid && $account->uuid !== $selectedProfile) { + if ($isUuid && $account->uuid !== $this->normalizeUUID($selectedProfile)) { Session::error( "User with access_token = '{$accessToken}' trying to join with identity = '{$selectedProfile}'," . " but access_token issued to account with id = '{$account->uuid}'." @@ -149,4 +149,8 @@ class JoinForm extends Model { return $this->account; } + private function normalizeUUID(string $uuid): string { + return Uuid::fromString($uuid)->toString(); + } + } diff --git a/tests/codeception/api/functional/sessionserver/JoinCest.php b/tests/codeception/api/functional/sessionserver/JoinCest.php index af67ed6..1d539a1 100644 --- a/tests/codeception/api/functional/sessionserver/JoinCest.php +++ b/tests/codeception/api/functional/sessionserver/JoinCest.php @@ -52,6 +52,17 @@ class JoinCest { $this->expectSuccessResponse($I); } + public function joinByOauth2TokenWithNotDashedUUID(OauthSteps $I) { + $I->wantTo('join to server, using modern oAuth2 generated token and non dashed uuid'); + $accessToken = $I->getAccessToken([P::MINECRAFT_SERVER_SESSION]); + $this->route->join([ + 'accessToken' => $accessToken, + 'selectedProfile' => 'df936908b2e1544d96f82977ec213022', + 'serverId' => Uuid::uuid(), + ]); + $this->expectSuccessResponse($I); + } + public function joinByModernOauth2TokenWithoutPermission(OauthSteps $I) { $I->wantTo('join to server, using moder oAuth2 generated token, but without minecraft auth permission'); $accessToken = $I->getAccessToken(['account_info', 'account_email']);