Paper: Offline-mode (at least) whitelist is broken
What behaviour is expected:
A functional whitelist
What behaviour is observed:
It's quite probable that you won't be capable of accessing the server even if you are whitelisted. 3rd plugins are necessary.
Steps/models to reproduce:
Just start up a clean PaperSpigot or Spigot server in offline-mode true and add some players to the whitelist. Then attempt to access the server with one of said playernames, usually through an offline mode compatible client.
Plugin list:
Paper build number:
Paper version git-Paper-624 (MC: 1.13.2) (Implementing API version 1.13.2-R0.1-SNAPSHOT)
MithrandirCraft
All 8 comments
Whitelist cannot function in offline-mode anyway.
Online: UUIDs are bound to player acc and verified by session server (in simple terms)
Offline: UUIDs are generated from playername, namely Offline:<Nickname>.
As such, any player could rename himself and join the server as the 'whitelisted' person.
If you want to restrict offline-mode access, you either need an auth plugin (either per-player or global password).
If you really need to temporarily close down the server: add another auth plugin (mkay..?) / change port / edit UUIDs in whitelist manually to have Offline-mode UUIDs (not safe as per above)
VADemon
on 10 May 2019
Actually, this can be resolved by check online mode in multiple locations(UserCache, etc,.), to apply offline UUID for offline servers instead of lookup an online one.
cakoyo
on 14 May 2019
I mean, I can't really say that anybody is really interested in delving into offline mode issues, but it appears fine here?
electronicboy
on 20 May 2019
I have had this issue as well with two players out of the total 14 people who have visited my server. I eventually added them while they were online (with whitelist disabled), and that seemed to have work. The uuid for those two seemed to differ when they were added while not being online.
Migushthe2nd
on 13 Jun 2019
Migushthe2nd solution confirmed.
suwermave
on 17 Mar 2020
If the player isn't saved in the usercache.json file (he never joined the server before for example) trying to whitelist him will result in whitelisting the ONLINE uuid.
How UUIDs for offline players should be handled instead:
online-mode (server.properties): true
=> resolve online UUID
online-mode: false
bungeecord (spigot.yml): false
=> generate offline UUID from name
online-mode: false
bungeecord: true
bungee-online-mode (paper.yml): true
=> resolve online UUID
online-mode: false
bungeecord: true
bungee-online-mode: false
=> generate offline UUID from name
sgdc3
on 6 Apr 2020
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] picture](https://avatars3.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 3 Dec 2020
This was patched successfully in yatopia: https://github.com/YatopiaMC/Yatopia/blob/ver/1.16.4/patches/server/0030-Use-offline-uuids-if-we-need-to.patch
sgdc3
on 3 Dec 2020
Related issues
devcat
路
3Comments
Decme
路
3Comments
Marlej-dev
路
3Comments
Brokkonaut
路
3Comments
ghost
路
3Comments
Most helpful comment
If the player isn't saved in the usercache.json file (he never joined the server before for example) trying to whitelist him will result in whitelisting the ONLINE uuid.
How UUIDs for offline players should be handled instead:
online-mode (server.properties): true
=> resolve online UUID
online-mode: false
bungeecord (spigot.yml): false
=> generate offline UUID from name
online-mode: false
bungeecord: true
bungee-online-mode (paper.yml): true
=> resolve online UUID
online-mode: false
bungeecord: true
bungee-online-mode: false
=> generate offline UUID from name