Disable UUID auto-login for superadmin group

[AdvenRanises]

Fixes #3278. Prevents superadmin accounts from being automatically authenticated via UUID, requiring manual /login instead.

[greptile-apps]

Greptile Summary

This PR disables UUID-based auto-login for accounts in the superadmin group, requiring those players to authenticate manually with /login instead of being silently logged in on connect.

• The bypass is implemented with an empty if (group.Name == \"superadmin\") block, but NetMessage.SendData(WorldInfo) is called unconditionally at line 2850 (before the check) and again at line 2924 when the empty block falls through without a return — resulting in WorldInfo being sent twice per superadmin connection.
• No message is sent to the player when auto-login is skipped, so superadmins connecting via UUID receive no indication that they need to use /login — undermining the feature's purpose.

Confidence Score: 2/5

The change achieves its goal of blocking UUID auto-login for superadmins, but the implementation has two real defects that need fixing before merge.

The empty if block leaves WorldInfo being sent twice to every superadmin client on connect, and superadmin players get no indication that they need to manually /login — both are present, observable defects on the changed code path rather than theoretical concerns.

TShockAPI/GetDataHandlers.cs — specifically the new superadmin branch in HandleConnecting around lines 2857–2905.

Important Files Changed

Filename	Overview
TShockAPI/GetDataHandlers.cs	UUID auto-login bypass for superadmin added via an empty if-block, but the approach causes WorldInfo to be sent twice per connection and leaves the player with no notification about needing to manually /login.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant C as Client
    participant H as HandleConnecting
    participant DB as TShock DB

    C->>H: Player connects (UUID present)
    H->>DB: GetUserAccountByName
    DB-->>H: account (superadmin)
    H->>H: UUID matches?

    alt UUID matches
        H->>C: SendData(WorldInfo) [line 2850]
        H->>DB: GetGroupByName("superadmin")
        DB-->>H: group

        alt "group.Name == "superadmin" (new behavior)"
            Note over H: Empty block — no login, no message
            H->>C: SendData(WorldInfo) [line 2924 — DUPLICATE]
            H-->>C: return true (unauthenticated)
        else normal group
            H->>DB: GetPlayerData
            DB-->>H: playerData
            H->>H: "Set IsLoggedIn = true, assign group/account"
            H->>C: SendSuccessMessage("Authenticated as ...")
            H-->>C: return true (authenticated)
        end
    end

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant C as Client
    participant H as HandleConnecting
    participant DB as TShock DB

    C->>H: Player connects (UUID present)
    H->>DB: GetUserAccountByName
    DB-->>H: account (superadmin)
    H->>H: UUID matches?

    alt UUID matches
        H->>C: SendData(WorldInfo) [line 2850]
        H->>DB: GetGroupByName("superadmin")
        DB-->>H: group

        alt "group.Name == "superadmin" (new behavior)"
            Note over H: Empty block — no login, no message
            H->>C: SendData(WorldInfo) [line 2924 — DUPLICATE]
            H-->>C: return true (unauthenticated)
        else normal group
            H->>DB: GetPlayerData
            DB-->>H: playerData
            H->>H: "Set IsLoggedIn = true, assign group/account"
            H->>C: SendSuccessMessage("Authenticated as ...")
            H-->>C: return true (authenticated)
        end
    end

Loading

_{Reviews (1): Last reviewed commit: "Require manual /login for superadmin acc..." | Re-trigger Greptile}

[greptile-apps]

Double WorldInfo packet sent to superadmin clients

Before this check, line 2850 unconditionally sends WorldInfo to the player whenever the UUID matches. When group.Name == "superadmin" the empty if body falls through to line 2924, which sends WorldInfo a second time. The non-superadmin path avoids this via its return true at line 2904, but the superadmin path has no early exit. Sending the same packet twice unexpectedly may confuse the client's connection state machine.

[greptile-apps]

No feedback to superadmin player about required manual login

When a superadmin's UUID matches and auto-login is skipped, the player receives no message explaining that they must use /login. They connect as an unauthenticated user silently, with no indication of why their UUID did not log them in. The feature's stated goal is to require manual login, but without a notification (e.g., args.Player.SendInfoMessage(...)) the player has no way to know the auto-login was intentionally blocked.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

[AdvenRanises]

Fixed Greptile feedback: added early return and SendInfoMessage for superadmin UUID block.

[SakuraIsayeki]

So as to not break current functionality, could it be possible to make this change appear behind a feature flag or option ? While I agree that UUID login presents risks, there should be a best effort made to preserve existing flows whilst allowing gradual/at-will security hardening.

Thoughts @hakusaro ?

[AdvenRanises]

Updated to use a config option as requested. Added DisableSuperAdminUUIDLogin (default: true) in TShockConfig.cs. Server owners can opt out by setting it to false if they want to preserve the old UUID auto-login behavior for superadmin accounts.