Allow invalid usernames to be searched
Opened this issue · 10 comments
Some players have invalid usernames that do not contain the regular [A-Za-z0-9_]{1,16}. Examples are [redacted]
Currently, this API does not allow for these usernames to be searched, and gives an error similar to "Invalid format for the UUID '[username]'". These usernames should be able to be searched.
Also, the legacy status of accounts should be able to be viewed as well - currently it is not. It is shown on the https://sessionserver.mojang.com/session/minecraft/profile/[uuid] endpoint, I remember it used to be shown here but I think something changed on Mojang's end. Example: looking up the account "ccc" - https://sessionserver.mojang.com/session/minecraft/profile/766b2079a6a14d2d9e92d09140ee474d (shows legacy: true) vs https://api.ashcon.app/mojang/v2/user/766b2079a6a14d2d9e92d09140ee474d or https://api.ashcon.app/mojang/v2/user/ccc (does not show this value).
That's interesting. I presume most website and servers will not accept their username, is it really worth supporting these super odd usernames?
Common sites like NameMC accept the names, so do other sites like it + other Mojang APIs. Servers allow the names on depending on whether they have a name policy or what server software they're running. One of my friends had a name with an accented character in it, think "ç" or something similar, most servers let him on fine. I think your cache probably has it in there, don't say the name publicly but I've looked it up before on your API by just typing the non-accented version in (that's how Mojang does it).
With regards to legacy status, I'm not good with JavaScript myself but I think it should be an easy fix, am I correct in saying that?
We can support the weird names I guess.
The legacy issue is a separate thing, but I can add that as well.
While this issue is open, any chance CORS can be fixed? A friend of mine wants to use this API on a website that allows lookups for Minecraft accounts, however it isn't working since the Access-Control-Allow-Origin header is apparently missing. Is it possible for this header to be added or was it intentional that it wasn't added?
Also, I've edited the OP, as the people who own the names I mentioned which are invalid may not be too happy that the names are publicly posted here on GitHub.
Yes, I'll be making some updates this weekend, should include CORS.
Sounds good, excited to see the fixes.
Also, is there a way to add a parameter to the URL to get the non-dashed UUID in the JSON response? And also, any ETA on when the API will allow invalids to be searched and the legacy status to be viewed?
I just checked, the API is still giving a 400 error for invalids that work on the Mojang API. After some testing I figured out that the Mojang API accepts any name unless it has non-ascii characters (see below comment). So maybe we could 400 if the username has non-ascii characters, then treat anything that isn't a uuid as a username? I'd like to use this API but I have to fall back on the Mojang API for invalids for now.
To add onto the above comment, the Mojang API still rejects some ascii names, after some testing it looks like the API accepts names that are 1-25 characters long with letters, numbers, spaces, and the special characters _!@$\-.? (excluding the usernames . and ..). Allowing those characters will fix many of the issues users are having.
Will this ever be fixed?
Example of a account that can't be searched: https://api.ashcon.app/mojang/v2/user/wonka-96
Its a real account: https://api.mojang.com/users/profiles/minecraft/wonka-96
If this is a problem with checking if a username is a UUID or not you can just use this regex pattern to check if its a valid uuid /([0-9a-f]{8})(?:-|)([0-9a-f]{4})(?:-|)(4[0-9a-f]{3})(?:-|)([89ab][0-9a-f]{3})(?:-|)([0-9a-f]{12})/.