Description

Player information is written to plugins/LuckPerms/yaml-storage/uuidcache.txt even if player fails to authenticate

Reproduction Steps

• Non-whitelisted player tries to connect, fails to authenticate
• Player information written to plugins/LuckPerms/yaml-storage/uuidcache.txt

Expected Behaviour

No logging of players who fails to authenticate

Server Details

git-Paper-342 (MC: 1.20.4)

LuckPerms Version

5.4.113

Extra information

May be similar to Multiverse/Multiverse-Inventories#495

Only log information

[21:03:45] [User Authenticator #0/INFO]: UUID of player ChegBurp is e97019e5-216d-4037-a0df-1caaff480b23
[21:03:45] [Server thread/INFO]: Disconnecting ChegBurp (/98.243.172.249:61679): You are not whitelisted on this server!
[21:03:45] [Server thread/INFO]: ChegBurp (/98.243.172.249:61679) lost connection: You are not whitelisted on this server!

I have enabled

debug-logins: true

in plugins/LuckPerms/config.yml to get more information on the next one.

go into your server console and do /whitelist off also next time remove your IP from your issues

My server IP is not public. Non-whitelisted players cannot log in. The point is they should not be logged by LuckPerms, when they fail to authenticate.

As to the second point: that's not my IP, it's the miscreant's -- a bot Minecraft IP scanner. I don't mind publishing it.

Vanilla whitelist check happens after the login/authentication process when the player is ready to enter the world basically, LP will grab and cache the UUID during user login which happens before the whitelist/banlist is checked. I guess storing the ID could be delayed until after that but that could have some other implications e.g. around plugins using the API.

After some internal dialogue conclusion is that this is working as intended and it is not in our best interest to change how names/IDs are cached. Thanks for the issue report.