search

MrLetsplay2003 / ShittyAuthLauncher

A Minecraft launcher for using a custom (shitty) authentication server
8 stars 2 forks source link

Post data doesn't seem to be received by custom auth servers #4

Closed ajh123 closed 2 years ago

ajh123 commented 2 years ago

My auth server is based of the Mjolnir-Authentication-Server

the authenticate endpoint looks like this

exports.authenticate = authenticate;
function authenticate(request, response) {
    logger.log("Authentication request, user: " + request.body.username);
    console.log("body: %j", request.body); //This is now empty :(

    userManager.authenticate(request.body.username, request.body.password, request.body.clientToken)
        .then(function (data) {
            logger.log("  Success, with hash "+data.hash);
            var jsonResponse = {
                "user": {
                    "username": request.body.username,
                    "properties": []
                },
                "accessToken": data.accessToken,
                "clientToken": data.clientToken
            };
            if (request.body.agent) {
                jsonResponse.selectedProfile = {
                    "id": data.userId,
                    "name": data.playerName
                };
                jsonResponse.availableProfiles = [
                    {
                        "id": data.userId,
                        "name": data.playerName
                    }
                ];
            }

            console.log(jsonResponse)
            response.json(jsonResponse);
        })
        .catch(function () {
            logger.log("  Bad credentials");
            response.json({
                "error": "ForbiddenOperationException",
                "errorMessage": "Invalid credentials. Invalid username or password."
            });
        });
}

When this line https://github.com/MrLetsplay2003/ShittyAuthLauncher/blob/eec7e6657a3d8fa46ff81d79e985d10554c2b065/src/me/mrletsplay/shittyauthlauncher/auth/AuthHelper.java#L33 was 

post.setContent(req.toString().getBytes(StandardCharsets.UTF_8));

and weren't deprecated, the post data was successfully received.

MrLetsplay2003 commented 2 years ago

I just set up a simple local installation (using HTTP) with the latest version of that server and can't reproduce this issue. Using version 1.5.1 of the launcher, I can log in with a user I created without problems.

Output when logging the request body: image

ajh123 commented 2 years ago

Here is my full auth server https://github.com/ajh123-development/auth-server, there have been a few updates to the original one

MrLetsplay2003 commented 2 years ago

I've tried it with your version and it still receives the data correctly.

ajh123 commented 2 years ago

It might be my mysql driver for it

ajh123 commented 2 years ago

It's not my mysql driver because I can get a simple curl working

curl -X POST https://minersonline.ddns.net/api/authenticate \
   -H 'Content-Type: application/json' \
   -d '{"agent":{"name":"Minecraft","version":"1"},"username":"sam@minersonline.ddns.net","password":"testing"}'

{"user":{"username":"sam@minersonline.ddns.net","properties":[]},"accessToken":"784bfa5c202a2b5486dd615e13e9684c","clientToken":"5ac3286e566624b643f0107130c5f565","selectedProfile":{"id":"c3e994d776994264a3a75f0342a961dc","name":"samuelh2005"},"availableProfiles":[{"id":"c3e994d776994264a3a75f0342a961dc","name":"samuelh2005"}]}
MrLetsplay2003 commented 2 years ago

That's strange. I'll take another look at it tomorrow, but as far as I can tell, the launcher does what it's supposed to (at least in the latest version)

ajh123 commented 2 years ago

I cant login with the built jar in the release either

MrLetsplay2003 commented 2 years ago

After some more testing around, I noticed that the header for the content type was actually being sent twice, which apparently confused the server. It should now be fixed, thank you for reporting the bug :+1:

ajh123 commented 2 years ago

I can say that I can login now!