fix(premium): revert user uuid to offline one on need

Author: Xephi

authme-core/src/main/java/fr/xephi/authme/listener/PlayerListener.java

@@ -10,6 +10,7 @@
 import fr.xephi.authme.permission.PermissionsManager;
 import fr.xephi.authme.permission.PlayerStatePermission;
 import fr.xephi.authme.platform.ChatAdapter;
+import fr.xephi.authme.platform.EventRegistrationAdapter;
 import fr.xephi.authme.platform.TeleportAdapter;
 import fr.xephi.authme.process.Management;
 import fr.xephi.authme.service.AntiBotService;
@@ -19,7 +20,9 @@
 import fr.xephi.authme.service.ValidationService;
 import fr.xephi.authme.settings.Settings;
 import fr.xephi.authme.settings.SpawnLoader;
+import fr.xephi.authme.service.PremiumLoginVerifier;
 import fr.xephi.authme.settings.properties.HooksSettings;
+import fr.xephi.authme.settings.properties.PremiumSettings;
 import fr.xephi.authme.settings.properties.RegistrationSettings;
 import fr.xephi.authme.settings.properties.RestrictionSettings;
 import org.bukkit.ChatColor;
@@ -59,6 +62,7 @@
 import org.bukkit.inventory.InventoryView;
 
 import javax.inject.Inject;
+import java.nio.charset.StandardCharsets;
 import java.util.Locale;
 import java.util.Set;
 import java.util.UUID;
@@ -106,6 +110,10 @@ public class PlayerListener implements Listener {
     private ChatAdapter chatAdapter;
     @Inject
     private TeleportAdapter teleportAdapter;
+    @Inject
+    private PremiumLoginVerifier premiumLoginVerifier;
+    @Inject
+    private EventRegistrationAdapter eventRegistrationAdapter;
 
     // Lowest priority to apply fast protection checks
     @EventHandler(priority = EventPriority.LOWEST)
@@ -164,6 +172,7 @@ public void onAsyncPlayerPreLoginEventHighest(AsyncPlayerPreLoginEvent event) {
             onJoinVerifier.checkNameCasing(name, auth);
             final String ip = event.getAddress().getHostAddress();
             onJoinVerifier.checkPlayerCountry(name, ip, isAuthAvailable);
+            normalizePremiumUuidIfNeeded(event, name, auth);
         } catch (FailedVerificationException e) {
             event.setKickMessage(messages.retrieveSingle(name, e.getReason(), e.getArgs()));
             event.setLoginResult(AsyncPlayerPreLoginEvent.Result.KICK_OTHER);
@@ -247,6 +256,36 @@ public void onPlayerQuit(PlayerQuitEvent event) {
         management.performQuit(player);
     }
 
+    /**
+     * When the backend is in offline-mode but the proxy has forwarded a Mojang UUID (v4) for a
+     * premium player, replaces the event UUID with the deterministic offline UUID so that all
+     * plugins — permissions, inventories, etc. — consistently use the same identifier.
+     *
+     * The Mojang UUID is saved in {@link PremiumLoginVerifier} so that
+     * {@code AsynchronousJoin#canBypassWithPremium} can still verify premium identity via the
+     * existing {@code getVerifiedUuid} path without requiring the PacketEvents handshake.
+     *
+     * UUID replacement is platform-specific: Paper/Folia implement it via
+     * {@link EventRegistrationAdapter#normalizePreLoginUuid}; Spigot silently skips it.
+     */
+    private void normalizePremiumUuidIfNeeded(AsyncPlayerPreLoginEvent event, String name, PlayerAuth auth) {
+        if (event.getUniqueId().version() != 4
+                || !Boolean.TRUE.equals(settings.getProperty(HooksSettings.BUNGEECORD))
+                || !Boolean.TRUE.equals(settings.getProperty(PremiumSettings.ENABLE_PREMIUM))) {
+            return;
+        }
+        // Skip if the player registered with a v4 UUID (truly online-mode backend or equivalent).
+        if (auth == null || (auth.getUuid() != null && auth.getUuid().version() == 4)) {
+            return;
+        }
+        UUID mojangUuid = event.getUniqueId();
+        UUID offlineUuid = UUID.nameUUIDFromBytes(
+            ("OfflinePlayer:" + event.getName()).getBytes(StandardCharsets.UTF_8));
+        // Store the Mojang UUID so canBypassWithPremium can verify it after the UUID is replaced.
+        premiumLoginVerifier.storeVerified(name, mojangUuid);
+        eventRegistrationAdapter.normalizePreLoginUuid(event, offlineUuid);
+    }
+
     private void saveStateBeforeQuit(Player player) {
         Set<EnderPearlRestoreData> pearls = player.getServer().getWorlds().stream()
             .flatMap(world -> world.getEntitiesByClass(EnderPearl.class).stream())

authme-core/src/main/java/fr/xephi/authme/platform/EventRegistrationAdapter.java

@@ -5,9 +5,11 @@
 import fr.xephi.authme.listener.PlayerListener;
 import fr.xephi.authme.listener.ServerListener;
 import org.bukkit.event.Listener;
+import org.bukkit.event.player.AsyncPlayerPreLoginEvent;
 
 import java.util.ArrayList;
 import java.util.List;
+import java.util.UUID;
 
 /**
  * Supplies the full listener set to register at startup for the active platform.
@@ -19,6 +21,18 @@ public interface EventRegistrationAdapter {
      */
     List<Class<? extends Listener>> getListeners();
 
+    /**
+     * Replaces the UUID on the given pre-login event with {@code offlineUuid}.
+     *
+     * <p>This is a platform capability: Paper/Folia implement it via
+     * {@code PlayerProfile.setId()} so the player's session UUID is the offline UUID from
+     * the start, making it consistent with all other plugins. Spigot provides no stable
+     * API to change the UUID at this stage and therefore uses the default no-op.
+     */
+    default void normalizePreLoginUuid(AsyncPlayerPreLoginEvent event, UUID offlineUuid) {
+        // No-op: Spigot does not expose a stable API to change the pre-login UUID
+    }
+
     /**
      * Returns the core listeners shared by all platforms.
      */

authme-core/src/test/java/fr/xephi/authme/listener/PlayerListenerTest.java

@@ -1180,6 +1180,7 @@ private static void verifyNoModifyingCalls(AsyncPlayerPreLoginEvent event) {
         verify(event, atLeast(0)).getLoginResult();
         verify(event, atLeast(0)).getAddress();
         verify(event, atLeast(0)).getName();
+        verify(event, atLeast(0)).getUniqueId();
         verifyNoMoreInteractions(event);
     }
 

authme-paper-common/src/main/java/fr/xephi/authme/platform/AbstractPaperPlatformAdapter.java

@@ -9,10 +9,12 @@
 import org.bukkit.Location;
 import org.bukkit.entity.Player;
 import org.bukkit.event.Listener;
+import org.bukkit.event.player.AsyncPlayerPreLoginEvent;
 import org.bukkit.event.player.PlayerKickEvent;
 
 import java.util.Collection;
 import java.util.List;
+import java.util.UUID;
 
 /**
  * Shared platform adapter behavior for Paper-derived servers.
@@ -74,6 +76,14 @@ public List<Class<? extends Listener>> getListeners() {
         return EventRegistrationAdapter.getCommonListeners();
     }
 
+    @Override
+    public void normalizePreLoginUuid(AsyncPlayerPreLoginEvent event, UUID offlineUuid) {
+        com.destroystokyo.paper.profile.PlayerProfile profile = event.getPlayerProfile();
+        if (profile != null) {
+            profile.setId(offlineUuid);
+        }
+    }
+
     @Override
     public boolean isProxyForwardingEnabled() {
         if (super.isProxyForwardingEnabled()) {