Paper/patches/server/0833-Validate-usernames.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Spottedleaf <Spottedleaf@users.noreply.github.com>
Date: Sat, 1 Jan 2022 05:19:37 -0800
Subject: [PATCH] Validate usernames


diff --git a/src/main/java/com/destroystokyo/paper/PaperConfig.java b/src/main/java/com/destroystokyo/paper/PaperConfig.java
index 24ddf8cfdbe6ed2fb148f57f0d7dd98446b07bbc..da6346cacf08e12f7f1fabe2d5b1c66c82fab679 100644
--- a/src/main/java/com/destroystokyo/paper/PaperConfig.java
+++ b/src/main/java/com/destroystokyo/paper/PaperConfig.java
@@ -495,6 +495,12 @@ public class PaperConfig {
         set("settings.unsupported-settings.allow-tnt-duplication", null);
     }
 
+    public static boolean performUsernameValidation;
+    private static void performUsernameValidation() {
+        performUsernameValidation = getBoolean("settings.unsupported-settings.perform-username-validation", true);
+    }
+
+
     public static int playerAutoSaveRate = -1;
     public static int maxPlayerAutoSavePerTick = 10;
     private static void playerAutoSaveRate() {
diff --git a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
index f5c1dff1d571e89f960f11400edbcbbea0620575..7065aa4522431d08018fec8e591ba7c255398140 100644
--- a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
+++ b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
@@ -61,6 +61,7 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener
     private ServerPlayer delayedAcceptPlayer;
     public String hostname = ""; // CraftBukkit - add field
     private int velocityLoginMessageId = -1; // Paper - Velocity support
+    public boolean iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation = false; // Paper - username validation overriding
 
     public ServerLoginPacketListenerImpl(MinecraftServer server, Connection connection) {
         this.state = ServerLoginPacketListenerImpl.State.HELLO;
@@ -226,11 +227,39 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener
         // Paper end
     }
 
+    // Paper start - validate usernames
+    public static boolean validateUsername(String in) {
+        if (in == null || in.isEmpty() || in.length() > 16) {
+            return false;
+        }
+
+        for (int i = 0, len = in.length(); i < len; ++i) {
+            char c = in.charAt(i);
+
+            if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || (c == '_' || c == '.')) {
+                continue;
+            }
+
+            return false;
+        }
+
+        return true;
+    }
+    // Paper end - validate usernames
+
     @Override
     public void handleHello(ServerboundHelloPacket packet) {
         Validate.validState(this.state == ServerLoginPacketListenerImpl.State.HELLO, "Unexpected hello packet", new Object[0]);
         this.gameProfile = packet.getGameProfile();
         Validate.validState(ServerLoginPacketListenerImpl.isValidUsername(this.gameProfile.getName()), "Invalid characters in username", new Object[0]);
+        // Paper start - validate usernames
+        if (com.destroystokyo.paper.PaperConfig.isProxyOnlineMode() && com.destroystokyo.paper.PaperConfig.performUsernameValidation) {
+            if (!this.iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation && !validateUsername(this.gameProfile.getName())) {
+                ServerLoginPacketListenerImpl.this.disconnect("Failed to verify username!");
+                return;
+            }
+        }
+        // Paper end - validate usernames
         if (this.server.usesAuthentication() && !this.connection.isMemoryConnection()) {
             this.state = ServerLoginPacketListenerImpl.State.KEY;
             this.connection.send(new ClientboundHelloPacket("", this.server.getKeyPair().getPublic().getEncoded(), this.nonce));
diff --git a/src/main/java/net/minecraft/server/players/PlayerList.java b/src/main/java/net/minecraft/server/players/PlayerList.java
index 6a3d444fcac8c7d561dcadb02f64eaa3c3d7b1cd..fae67931849eb0c19598def9f538c7971c36c575 100644
--- a/src/main/java/net/minecraft/server/players/PlayerList.java
+++ b/src/main/java/net/minecraft/server/players/PlayerList.java
@@ -707,7 +707,7 @@ public abstract class PlayerList {
 
         for (int i = 0; i < this.players.size(); ++i) {
             entityplayer = (ServerPlayer) this.players.get(i);
-            if (entityplayer.getUUID().equals(uuid)) {
+            if (entityplayer.getUUID().equals(uuid) || (com.destroystokyo.paper.PaperConfig.isProxyOnlineMode() && entityplayer.getGameProfile().getName().equalsIgnoreCase(gameprofile.getName()))) { // Paper - validate usernames
                 list.add(entityplayer);
             }
         }