PSA: The Switch to UUIDs - Potential Plugin/Server Breakage

Discussion in 'Community News and Announcements' started by EvilSeph, Mar 30, 2014.

Thread Status:
Not open for further replies.
  1. Offline

    EvilSeph

    At the beginning of the year Mojang started dropping hints of their plan to switch from a name based accounts system to a universally unique identifier (UUID) based accounts system, ultimately moving towards allowing people to change their Minecraft name. With much of Minecraft currently relying on a name based accounts system (bans, whitelist, ops to name a few) along with plugins using names to keep track of players (permissions, ownership, protections), this change has a high potential to break both plugins and servers if server admins and developers are not prepared for it. At the time of writing, Mojang have said they're planning to enable name changing around the time Minecraft 1.8 is released and with Minecraft 1.8 slated to release in May, the window for preparations is quickly closing.

    What is a UUID?
    A Universally Unique IDentifier is a fairly long series of hexadecimal numbers commonly used in software to uniquely identify something. With Minecraft, Mojang is planning to use UUIDs to identify player accounts, with each Mojang account tied to a UUID. For example: Notch's account now has the UUID "069a79f4-44e9-4726-a5be-fca90e38aaf5".

    Potential Server Breakage
    Up until this switch to UUIDs, Minecraft has relied on names for many of its core systems (bans, the whitelist, ops, etc.) and plugins have used names for permissions and protections. Once Mojang allow players to change their names at will with Minecraft 1.8, these systems’ accuracy can no longer be relied on. For Minecraft, Mojang have said they'll be handling the transition of bans, whitelist, etc. for the most part, but most Bukkit plugins will need to be updated to use UUIDs to track players instead of names.

    To prepare servers for the switch to UUIDs, server admins should perform an audit on their plugins to determine which ones currently use names for player identification. It is recommended that server admins communicate with the developers of the plugins that they use to ensure that they're preparing for the switch to UUIDs. The types of plugins that will likely be affected include (but are not limited to): permissions, region protection, world protection, chest protection, ownership, teleportation, economy, chat, and ban management plugins.

    Basically, it comes down to this: neglecting to prepare for the switch to UUIDs is the equivalent of running your server in offline mode. With player names no longer being static, anyone could potentially pick up an Admin's username and take over your server or bypass your protections.

    Plugin Developer Considerations
    Yesterday (March 29th, 2014) we went live with our UUID migration plan (Bukkit commit, CraftBukkit commit), where I made the decision to make use of Java's deprecation system as a means to get the attention of our plugin developers and make sure they're aware of the problems this switch to UUIDs is going to cause. This deprecation sweep was intended as a companion to this article. Information on this switch to a UUID based system has been hard to come by, with the majority of it coming from tweets from Mojang. As a result, while we have somewhat devised a migration plan, it is purely based on guesswork and assumptions which could be far off the mark by the time the system goes live.

    Points for Developers to Consider:
    • Names will no longer be a unique identifier for a player
    • String based lookups still work, they've just been deprecated to raise awareness of the upcoming changes. Some of the deprecations will be removed in the future. See our Current Migration plan below for more information.
    • Any data stored about users should be updated to use UUIDs
    • Since Minecraft 1.7, a player's UUID can be acquired through Player.getUniqueId();
    • Server.getOfflinePlayer(UUID) is a blocking, inefficient temporary hack provided for you to prepare a migration plan of your own.
    • You need to use Mojang’s AccountsClient or evilmidget38's UUIDFetcher (recommended) to convert Name to UUID. We may or may not provide our own built-in solution for this.
    Our Current Migration Plan, for reference:
    Minecraft 1.7.5
    • Deprecate string based player lookups to raise developer awareness of the switch to UUIDs and the impact it would have
    • Add a temporary hack to allow for early support for name lookup by UUID, which is currently inefficient and blocking
      • This is provided for plugins to prepare a migration plan of their own and NOT for use in production.
    Minecraft 1.7.6+
    • UUID lookup will become the most efficient lookup method: check if UUID matches stored player data on disk
    • Name lookup will then become the least efficient lookup method
    Minecraft 1.8
    • UUID awareness deprecations will be removed as time for preparation has passed, if they haven't been removed already
    General Notes:
    • A Mojang account is required if you want to change your name
    • Names need to be unique; you can't change your name to one that is already in use
    • Name changing is free but will probably be limited in some way to prevent abuse
    • If you haven't migrated your account to a Mojang one, you should do so as soon as possible to secure your name
    • Name changing is slated to go live when the web service has been updated and around the time Minecraft 1.8 releases
    • Once you have changed your name, your previous name is now up for grabs. This is not a traditional local nickname system, it is a global claim-based system. It is unknown if there will be a grace period or any protection against name sniping.
     

  2. Code:java
    1. public static UUID getUuid(String uuid){
    2. return UUID.fromString(uuid.replaceAll("(\\w{8})(\\w{4})(\\w{4})(\\w{4})(\\w{12})", "$1-$2-$3-$4-$5"));
    3. }
     
    coaster3000 and Black Hole like this.
  3. Offline

    ThaSourceGaming

    So I see Mojang's goal is to get rid of Bukkit and bring all Bukkit users to Mojang's new secret development project where Mojang will be serving plugins. Goal for Mojang will be to remove Bukkit from the market and instead lure all Bukkit users towards Mojang's plugin dev. Seems to be working so far :((( I hope Bukkit fights back, they just want us to fall so they can make profits ... they are looking for "stable income" .. seems like Mojang is not having enough money ?? what the hell.
     
    KingFaris11 likes this.
  4. Offline

    Gamecube762

    ThaSourceGaming Mojang doesn't focus on the modded(Bukkit, Spigot, Client Mods) side of Minecraft, they only focus on the vanilla side. They see how much stuff we are able to do with the modded side and they decide to add something similar to the vanilla side to make it easier without needing to figure out how the modded versions work. Even if Mojang creates the Modding API for vanilla, Bukkit will still stand tall with it's API and will have a bigger API than the Modding API. The more stuff that is added to vanilla, the more stuff we get to have in the Bukkit API.
     
  5. Offline

    Syd

    ThaSourceGaming
    wat?
    Mojangs goal is it to finally allow users to change their names and refactor Minecraft to be more efficient, not to get rid of Bukkit.
    If they wanted to get rid of Bukkit, they just need to say it, because Bukkit is breaking the TOS since it's very begining.

    And when Mojang finally brings out the PluginAPI, most people will switch anyways, as the PluginAPI should have way more possibilities by design than Bukkit. (Server AND Client stuff.)
     
  6. Offline

    mbaxter ʇıʞʞnq ɐ sɐɥ ı

    mazentheamazin Gamecube762

    A UUID is only 16 bytes of data. Displaying in hexidecimal with dashes makes it 36 characters, which is more than double the space usage for no benefit. Store it in 128 bit form (16 bytes) instead to save space.
     
  7. Offline

    Acer_Mortem

    Question:

    With the change to using UUID's, I have begun to mess around with the new API for some of my basic plugins, and I'm curious: If we store the string names online players in an ArrayList, and then remove them from that ArrayList upon logout, would this method be unaffected from the UUID switch? Or would I have to start switching my ArrayLists over to tracking UUID's instead of String names?
     
  8. Offline

    marwzoor

    Just to clarify, you can't change username to one that is already being used. Which means no one can take the username of an admin or such.
     
  9. Offline

    mbaxter ʇıʞʞnq ɐ sɐɥ ı

    If the admin changes their name, freeing it up, yes you could ;)

    We'll know when we get there. Personally I'd just store the UUID for any player tracking operations so that I have a uniform approach to tracking players.
     
  10. Offline

    Acer_Mortem

    mbaxter

    Okay :( Means alot of work, but I guess it'll be better in the long haul. Thanks mbaxter!
     
  11. Offline

    ItsLeoFTW

    *facepalm* Great. This will be a nightmare, especially for permissions plugins. Get ready, plugin developers!
     
  12. Offline

    marwzoor

    Yeah well that's another problem :)
     
  13. This is going to be a nightmare. I assume this will effect older versions of minecraft aswell, in which case it will cause issues with modpack servers (ranging from 1.2.5 to 1.6.4). As alot of developers will most likely not update these old versions of their plugin it will cause issues for us server admins.
     
  14. Offline

    grid21

    Can someone explain to me why Mojang thinks that this is a good idea that people can change their name at will? That just breaks the whole system and leaves open a BIG security hole.
     
    danw3st likes this.
  15. Offline

    Wizehh

    Oh boy. So now we store their UUID in our files and databases? I surmise that's going to be rather problematic for any chance at readability. Also, when we make the change to UUID's, won't players be able to wreak absolute havoc on our servers? Honestly, I don't see why Mojang should feel the need to do this; a loss of real, indelible names could potentially break everything.
     
    danw3st likes this.
  16. Offline

    noobkackboon

    Actually they started WAY earlier (AccountsClient is from Oct 10, 2013)



    In fact, it's always exactly 32 hex numbers (or 16 bytes, without the dashes, ofc)


    Indeed! Why wasn't this PSA made earlier? I mean, it's not like this is just known for 2 days..

    Having this on bukkit's side would be great. However all it really does is
    Code:
    POST https://api.mojang.com/profiles
    Content-Type: application/json
     
    [
      {
        "name": "userA",
        "agent": "Minecraft"
      },
      {
        "name": "userB",
        "agent": "Minecraft"
      }
    ]
    
    Which will return a JSON object with all exising profiles of those requested, their UUID and their (case corrected!) IGN


    Yes, it's possible!
    https://sessionserver.mojang.com/session/minecraft/profile/[UUID]
     
    KingFaris11 likes this.
  17. Offline

    TNTUP

    Aww dangit UUID changes, that gonna break all plugins Im using... Some of my real alts aren't migrated, because in the past, they got hacked or something, so I dont trust mojang's migrated thing... Am I forced to migrate it or what? If I dont, anyone can take TNTUP as their name?

    Why Mojang is doing that, allowing anyone to use whatever name, ruining player's rep, you can do like "Dinnerboned" or what... >_<

    I guess its the end for some server owners, plugins that are marked as inactive, no alternatives, as PayDay... DaC (Dé à Coudre, French named plugin), PaintWar, SimpleRegionMarket, LWC... and much more...
     
  18. Offline

    TnT

    We still don't have all the pieces of the puzzle. We're still gathering information to attempt to educate our community better. If you have any PSA from Mojang with more technical details than we have provided here, please link it so we can disseminate the information and provide information on to better aid our community in this transition.
     
  19. Offline

    XD 3VIL M0NKEY

    So...
    Are we going to get a Mojang client where we can buy games or sell our trading cards on the community market?
    Wait... Where is that from?

    Steam ID > UUID :p
     
  20. Offline

    FerusGrim

    Not to plug my own plugin (heh), but I made a plugin purely to test these updates.

    If any beginner developer (like myself) is having any confusion on how to USE this new system, you can check out my project's github page, and it has methods on both getting the UUID from an online player, and getting the UUID from an offline player.

    https://github.com/FerusGrim/PlayerUUID

    EDIT: It goes without saying, of course, that you'll need Mojang's AccountsClient to get a UUID from a name. And, if you integrate AccountsClient directly into your source, you'll need Google's GSon, as well.
     
  21. Offline

    General

    I'm just curious, what was wrong with the old way of storing names? Too inefficient? I feel like the switch Mojang is making is being made too suddenly and too abrasively.
     
  22. Offline

    EvilSeph

    Updated the article with a few important changes:
    • Emphasised that the temporary hack for early support for name lookup by UUID should NOT be used for production and ONLY testing/working on a migration plan
    • Added a warning that changing your name means someone else can take 'ownership' of it.
    • Added links to helpful UUID/name conversion utilities written by evilmidget38
     
    Black Hole likes this.
  23. Offline

    Squawkers13

    I am curious how to code support for pre-UUID versions without deploying a separate build.
     
  24. Offline

    Favorlock

    Thank you for the insightful post. Definitely gonna start converting our plugins over to the UUID system now.
     
  25. Offline

    GummiBearz

    I am sure Mojang will allow a future to stop players from changing their names to a server owner's name but if not we must complain to mojang to stop this player changing update
     
  26. Offline

    General

    If anything, it's only going to be delayed. I'm still wondering why the change is necessary, though, concerning all this hubbub that it caused.
     
  27. Offline

    Blah1

    2 things:
    Can you choose a name that someone else already has or it has to be unique. So, can there be like 5 people named Notch on a server?

    Also, does any have any idea when this update is coming out? I knew this was going to happen but it all seems like it's happening pretty quickly.
     
  28. Offline

    jojodmo

    I use this in a lot of my plugins: https://github.com/Mojang/AccountsClient/... The only problem is that whenever you get a user's UUID a lot of times, your server starts getting laggy. So, what I do is store the player's username in a HashMap, along with their UUID, and when I want to get a player's uuid, I just check if the HashMap contains the player's name, if it does then I get the UUID from there, otherwise, I just get the UUID from Mojang...
     
  29. Offline

    rgrant214

    Ok Guys this is a very simple approach to a growing thing.

    Mojang released MineCraft as a one time payment in order to get your Username and minecraft with all future updates( at least as far as up to now)

    As Mojang increases its Userbase of (as we all know) indicisive pubescent youth, alot of them want to change their usernames totally because they get their accounts from some other person or they inherit them from their sisters brothers cousins etc.

    Mojang instead of wanting to make the usernames permenant instead are going in the right direction to cater to the masses and allow the username changes.

    However to track those players when they change their names they must come up with some decisive method to establish a global Hey this is This Guy, or ThatGuy. That is where the UUID comes in.

    I think that it will be very simple once we are able to get a concrete method on updating existing usernames to match their UUID' however in the interim that is where the problem is going to create havoc.

    So the issue that I see that everyone would be having would be this.

    1. Usernames are up for grabs if one user changes theirs
    2. How do we as developers of plugins etc get the users UUID before they login to the server?
    3. How do we automate this update / upgrade to our systems and methods?
    4. How do we know for certain that this updating of information will be valid once the UUID's have taken over and we are no longer using the PlayerName to store their information?
    I guess the answers to these issues would be Time, Testing, and Updating your plugins.
    Now if they would get rid of old abandoned projects finally that would be great

    Mod Edit (TnT): Removed misleading statements.
     
  30. Offline

    GoldPixel

    I am a server owner.
    Can i start change this yet? if so how? Any tutorial?
    I got example: Groupmanager,Essentials.
    If i can't yet any idea when?
     
  31. Offline

    hoqhuuep

    Both answered in the OP.
     
Thread Status:
Not open for further replies.

Share This Page