fix(proxy): Correctly perform autoLogin, even if the user is online

Author: Xephi

authme-core/src/main/java/fr/xephi/authme/process/join/AsynchronousJoin.java

@@ -176,7 +176,10 @@ public void processJoin(Player player) {
                 // Run commands
                 bukkitService.scheduleSyncTaskFromOptionallyAsyncTask(player,
                     () -> commandManager.runCommandsOnSessionLogin(player));
-                bukkitService.runTaskOptionallyAsync(() -> asynchronousLogin.forceLogin(player));
+                // Use forceLoginFromProxy (quiet=true, no BungeeCord redirect) so that if
+                // BungeeReceiver.performLogin() concurrently already completed the login, this
+                // call is a no-op rather than sending an "already logged in" error.
+                bukkitService.runTaskOptionallyAsync(() -> asynchronousLogin.forceLoginFromProxy(player));
                 logger.info("The user " + player.getName() + " has been automatically logged in, "
                     + "as present in autologin queue.");
                 return;

authme-core/src/main/java/fr/xephi/authme/service/bungeecord/BungeeReceiver.java

@@ -129,14 +129,19 @@ private boolean verifyHmac(String playerName, long timestamp, String providedHma
 
     private void performLogin(String name) {
         logger.debug("Received perform.login request for " + name);
+        // Always queue in the proxy session manager so processJoin can consume it even when
+        // the player is already online (PlayerJoinEvent fires before ServerSwitchEvent on the
+        // proxy, so processJoin may run before perform.login arrives at this backend).
+        proxySessionManager.processProxySessionMessage(name);
         Player player = bukkitService.getPlayerExact(name);
         if (player != null && player.isOnline()) {
+            // Player is already online: also drive the login directly in case processJoin
+            // has already run past the proxy-session check and created a limbo player.
             management.forceLoginFromProxy(player);
             logger.debug("Sending auto-login ACK for " + player.getName());
             bungeeSender.sendAuthMeBungeecordMessage(player, MessageType.PERFORM_LOGIN_ACK);
             logger.info(player.getName() + " has been automatically logged in via proxy request.");
         } else {
-            proxySessionManager.processProxySessionMessage(name);
             logger.info(name + " is not yet online; queued for auto-login when they connect.");
         }
     }

authme-core/src/test/java/fr/xephi/authme/process/join/AsynchronousJoinTest.java

@@ -183,6 +183,25 @@ public void shouldResumeSessionWithoutOpeningDialog() {
         verify(dialogAdapter, never()).showLoginDialog(eq(player), any(DialogWindowSpec.class));
     }
 
+    @Test
+    public void shouldAutoLoginFromProxySessionWithoutCreatingLimbo() {
+        // given
+        Player player = mockPlayer("Bobby");
+        setUpRegisteredJoin(player);
+        given(proxySessionManager.shouldResumeSession("bobby")).willReturn(true);
+
+        // when
+        asynchronousJoin.processJoin(player);
+
+        // then - uses forceLoginFromProxy (quiet, no redirect) so a concurrent BungeeReceiver
+        // login does not cause an "already logged in" error
+        verify(service).send(player, fr.xephi.authme.message.MessageKey.SESSION_RECONNECTION);
+        verify(commandManager).runCommandsOnSessionLogin(player);
+        verify(asynchronousLogin).forceLoginFromProxy(player);
+        verify(asynchronousLogin, never()).forceLogin(player);
+        verify(limboService, never()).createLimboPlayer(player, true);
+    }
+
     @Test
     public void shouldProcessPendingPreJoinLoginInsteadOfShowingDialog() {
         // given

authme-core/src/test/java/fr/xephi/authme/service/bungeecord/BungeeReceiverTest.java

@@ -1,12 +1,16 @@
 package fr.xephi.authme.service.bungeecord;
 
+import com.google.common.io.ByteArrayDataOutput;
+import com.google.common.io.ByteStreams;
 import fr.xephi.authme.AuthMe;
 import fr.xephi.authme.data.ProxySessionManager;
 import fr.xephi.authme.process.Management;
+import fr.xephi.authme.security.HashUtils;
 import fr.xephi.authme.service.BukkitService;
 import fr.xephi.authme.settings.Settings;
 import fr.xephi.authme.settings.properties.HooksSettings;
 import org.bukkit.Server;
+import org.bukkit.entity.Player;
 import org.bukkit.plugin.messaging.Messenger;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -19,6 +23,8 @@
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
 
 @ExtendWith(MockitoExtension.class)
@@ -77,4 +83,71 @@ void shouldUnregisterIncomingChannelWhenDisabledOnReload() {
         verify(messenger).registerIncomingPluginChannel(plugin, "authme:main", bungeeReceiver);
         verify(messenger).unregisterIncomingPluginChannel(plugin, "authme:main", bungeeReceiver);
     }
+
+    @Test
+    void shouldQueueSessionAndForceLoginWhenPerformLoginReceivedForOnlinePlayer() {
+        // given
+        String sharedSecret = "test-secret";
+        String playerName = "Bobby";
+        long timestamp = System.currentTimeMillis();
+        String hmac = HashUtils.hmacSha256(sharedSecret, playerName + ":" + timestamp);
+
+        given(settings.getProperty(HooksSettings.BUNGEECORD)).willReturn(true);
+        given(settings.getProperty(HooksSettings.PROXY_SHARED_SECRET)).willReturn(sharedSecret);
+        given(messenger.isIncomingChannelRegistered(plugin, "authme:main")).willReturn(false);
+
+        Player player = mock(Player.class);
+        given(player.isOnline()).willReturn(true);
+        given(bukkitService.getPlayerExact(playerName)).willReturn(player);
+
+        BungeeReceiver receiver =
+            new BungeeReceiver(plugin, bukkitService, proxySessionManager, management, bungeeSender, settings);
+
+        byte[] payload = buildPerformLoginPayload(playerName, timestamp, hmac);
+
+        // when
+        receiver.onPluginMessageReceived("authme:main", player, payload);
+
+        // then
+        verify(proxySessionManager).processProxySessionMessage(playerName);
+        verify(management).forceLoginFromProxy(player);
+        verify(bungeeSender).sendAuthMeBungeecordMessage(player, MessageType.PERFORM_LOGIN_ACK);
+    }
+
+    @Test
+    void shouldOnlyQueueSessionWhenPerformLoginReceivedForOfflinePlayer() {
+        // given
+        String sharedSecret = "test-secret";
+        String playerName = "Bobby";
+        long timestamp = System.currentTimeMillis();
+        String hmac = HashUtils.hmacSha256(sharedSecret, playerName + ":" + timestamp);
+
+        given(settings.getProperty(HooksSettings.BUNGEECORD)).willReturn(true);
+        given(settings.getProperty(HooksSettings.PROXY_SHARED_SECRET)).willReturn(sharedSecret);
+        given(messenger.isIncomingChannelRegistered(plugin, "authme:main")).willReturn(false);
+        given(bukkitService.getPlayerExact(playerName)).willReturn(null);
+
+        BungeeReceiver receiver =
+            new BungeeReceiver(plugin, bukkitService, proxySessionManager, management, bungeeSender, settings);
+
+        Player carrier = mock(Player.class);
+        byte[] payload = buildPerformLoginPayload(playerName, timestamp, hmac);
+
+        // when
+        receiver.onPluginMessageReceived("authme:main", carrier, payload);
+
+        // then
+        verify(proxySessionManager).processProxySessionMessage(playerName);
+        verify(management, never()).forceLoginFromProxy(any());
+        verify(bungeeSender, never()).sendAuthMeBungeecordMessage(any(), any());
+    }
+
+    private static byte[] buildPerformLoginPayload(String playerName, long timestamp, String hmac) {
+        ByteArrayDataOutput out = ByteStreams.newDataOutput();
+        out.writeUTF(MessageType.PERFORM_LOGIN.getId());
+        out.writeUTF(playerName);
+        out.writeLong(timestamp);
+        out.writeUTF(hmac);
+        return out.toByteArray();
+    }
 }