Spaces in Usernames #263
Comments
|
Username clashes could happen |
|
That just moved the goal posts though. Now someone can log in with user1 instead to either server. I can't think of any easy way except for just treating them the same so that you can never have both users logged in at the same time. It does open a security hole for users with spaces or underscores though. Only other option is to see if java edition allows some character that you cant use normally and use that char instead to map but this may cause other issues. |
|
I can't confirm this but I'm sure I remember testing that Xbox doesn't allow you to register the same name if the space or underscore is already taken. Could anyone check this to see if it's true or just something I dreamt up. 😄 |
|
yeah, that's true |
|
The issue probably comes from java not meant to have spaces if you have spaces you cannot run commands which gives problems |
Redned235
added
Confirmed Bug
|
It also breaks many json strings so lots of output breaks if you have a space. It does make me wonder how you run commands on bedrock with a space unless it uses quotes? |
Minecraft Bedrock and Xbox doesn't allow nicknames with underscores (When you try to add an underscore to your nickname, it will fail). |
|
I think there's no issue replacing spaces with underscores for server side, because you can't have the same nickname with spaces and underscores (because underscores are not supported by bedrock), unless you are using some custom Bedrock client that allow you to use nicknames with underscores (That vulnerability could be fixed by asserting if the bedrock nickname has forbidden characters. If forbidden characters are found, the player will not be able to login). |
Then call them user2 or user12 |
|
The vulnerability is this:
There is no way to prevent the above apart from renaming the players to names that are invalid to register with mojang for java minecraft but are still accepted to log in. I'm talking online servers with a whitelist rather than offline since offline can just use another authentication plugin. It's not a huge issue since admins/ops can be required to rename their accounts to ones that can't possibly be collided with or forbid login as them from a particular client. |
|
The default config adds a star to the front of the Xbox username, which is something you cannot have in a Java username so doesn't that fix the duplicate names issue? |
We were talking about 2 Bedrock accounts having the same name |
|
Forgive me, I'm not sure if I should open a new issue or not. Another unintended side effect of gamer tags with spaces is the inability to link Java and Bedrock accounts with Floodgate. I did try replacing the space with an underscore, but it does not work. Is there a possible workaround for this? |
|
Have you tried wrapping the bedrock username in quotes? |
|
Yes. The command returns usage instructions, so I guess it doesn't understand the input that way. |
|
This is a toggle within Floodgate now. Only setup where this would really benefit is offline mode which we don't support. Thanks for reporting this though! |
Describe the bug
I'm not sure whether to class this as a bug or feature because to my surprise Bedrock allows spaces in the username whilst Java edition does not like them (it breaks lots of things).
My suggestion is to remap the space to an underscore before passing it through to the next hop. I'm happy to create a PR for it but can anyone comment on if there will be unintended consequences on things like floodgate etc?
To Reproduce
Steps to reproduce the behavior:
Server version
1.15.2
Geyser version
Inventory branch build 2020-04-03
Bedrock version
1.14 I think
The text was updated successfully, but these errors were encountered: