xAuth

Placeholder Default Image

xAuth v2.4.x
Authentication plugin for bukkit powered servers


About

xAuth is a second-factor authentication plugin that can be used to secure player accounts on your server. As the plugin has been enhanced over time, the direction and main purpose have expanded to new possibilities. Let's say you run a community page. With xAuth, players can authenticate using their forum accounts or using a web-driven account management system. It is also possible to get the credentials from a foreign database.

News and Updates

Please checkout News and upcoming changes for news and update notices.

Concept

The basic idea of this protection plugin is allowing players to register an account based on their player name and a supplied password and optionally their email-address. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


Permissions (READ ME)

This plugin has the ability to block almost any action (including command execution) for guests and registered xauth players. It also does not use negated permissions in order to not interfere with existing plugins. Permissions are "allowed" or "restricted".

Important-Note:
In order to restrict certain actions executed by registered xauth players you need to restrict them since xauth players are trusted. This is different from guests since the default for guests is always "restrict" if not set since a guest is an unknown state. Guest nodes can also only be set via configuration and have the last say even if you might have the right to execute any command.

Please keep in mind in order to block admin commands you need to restrict them via xauth.restrict.player.command.xauth.* or add each command to a group.

This might be confusing at first but has its cons since you always can see if a permission is restricted or allowed via permission node and not via bullet point. More details can be found on page Permission-System


Features

  • Before registering/logging in, players can't:
    • Chat, execute commands, interact with objects (like levers or chests), move or pickup items
    • Break or place blocks
    • Receive or give damage, be targeted (followed) by hostile mobs
  • Inventory and location protection
  • In-depth setting and message configuration
  • Persistent login session through server restarts
  • Player name filter and password complexity configuration
  • Kick non-logged in (but registered) players after a configureable amount of time
  • Fine graded Permission System that also allows you to block interactions or commands
  • Permissions support (PermissionsEx, Bukkit, GroupManager)
  • Kick or temporarily lockout the IP address of a player who fials to log in after a configureable amount of tries
  • Custom, highly secure password hashing
  • Authenticate yourself with /login <password>
  • H2 / mySQL Database storage supported
  • Authentication over URL (AuthURL) allows for connection to forum or website databases
  • Auto-Updater (thanks to Gravity)

News

Checkout the News & Upcoming-Changes page for details.

Wiki

The Wiki is located on github.
Please visit the http://bukkit.luricos.de/ress/icons/github_16.png Github Project-Page and click on Wiki

Credits

All credits goes to CypherX from bukkit forums who created this plugin. Thanks for your work and long time support!

The old bukkit-thread can be found here

You must login to post a comment. Don't have an account? Register to get one!

  • Avatar of Avasam Avasam Oct 31, 2014 at 04:57 UTC - 0 likes

    /xauth config guest.restrict.block.place.minecart false : "This configuration node does not exist!"

    Also, I get these but still can't move around/place blocks etc.(if guest.restricted returns false I should be able to do it right?)

    30.10 23:46:47 [Server] INFO Event: 'PlayerMoveEvent', Section: 'player', Action: 'move' 30.10 23:46:47 [Server] INFO [HQ Guest] ConfigNode: 'guest.restrict.player.move.player.avasam', result: false

    30.10 23:54:59 [Server] INFO Event: 'PlayerInteractEvent', Section: 'player', Action: 'interact' 30.10 23:54:59 [Server] INFO [HQ Guest] ConfigNode: 'guest.restrict.player.interact.doublestep', result: false

    I tried using the commands '/xauth config guest.restrict.player.interact true' and /xauth config guest.restrict.player.move true' but it still return false for some reasons.

    (Oh and letting guests place minecarts as a temp fix is exactly what I'm trying to do. But I'm stuck with a more fundamental problem)

    Edit: Meanwhile, this is the node I'm looking for (once I get the whole thing working): guest.restrict.player.interact.rails

    Edit 2: It seems that 'result: true' means I CAN do it. but still, 'guest.restrict.player.command.login' is the only thing that will ever return 'true' no matter what I tried.

    Last edited Oct 31, 2014 by Avasam
  • Avatar of luricos luricos Oct 29, 2014 at 23:46 UTC - 0 likes

    @Avasam: Go

    Okay so this is actually a problem related to the implementation. I do not know enough about Spigot or Cauldron so i can not say if the cart placement can be done without using a fakeplayer. Seems the author of railcraft decided to use the fakeplayer to be compatible with MCPC+.

    Im afraid you need to contact the author. If you want you can give him my contact details or link him to my github repo so he can write me a message. Maybe we can sort this out.

    From what i can tell the problem is related to that specific check if the cart can actually be placed. He does that with a fakeplayer which will not be able to place since that fakeplayer does not authenticate with xauth. You could however allow minecart item placement for guests but be aware that any guest could place them too.

    I would however use this only as a temporary solution. Use the xauth debug mode to check what node is used when you try to place a minecart. This can be done as a logged in user since you only have to replace xauth. with guest. The nodes are build in the exact way.

    Checkout http://dev.bukkit.org/bukkit-plugins/xauth/pages/permission-system/ how to enable the permission debug option. You will find a handy cheat sheet there too.

    If i remember correctly the node requested would be guest.restrict.block.place.<block id or name>

    So xauth config guest.restrict.block.place.328 false or xauth config guest.restrict.block.place.minecart false should allow placing this block.

    Last edited Oct 29, 2014 by luricos
  • Avatar of luricos luricos Oct 29, 2014 at 23:15 UTC - 0 likes

    @Avasam: Go

    Permission node requests are logged at a different logging level (not at info) so you will only see them if you set the log level to debug. or use xauth debug command. Commented your ticket. Will check the Class.

  • Avatar of Avasam Avasam Oct 29, 2014 at 18:35 UTC - 0 likes

    Actually, I really don't mind if guests can place minecarts, especially is this makes any authentification plugin fully compatible with railcraft.

    About the guest nodes, I made a ticket since only guest.restrict.player.command works (no log whatsoever)

    FYI, here's the railcraft fakeplayers classpath: 'railcraft/api/carts/CartTools' (dunno if it really helps, but hey)

    Last edited Oct 29, 2014 by Avasam
  • Avatar of luricos luricos Oct 28, 2014 at 18:15 UTC - 0 likes

    @Avasam: Go

    Guest nodes are edited via config file. Anything you enter there changes the bahavior of all guests. If you would allow access to place minecarts then any guest could place a minecart which i presume you dont want.

    I would have to check the source of the plugin to see how they place minecarts. If they really fake a real player then i dont see how i could bypass this since all players go through the same processing logic.

    If they fire an custom event for minecart placement then i could detect such things but best would be if they do not fake a player since i do not see why this is needed to simply place a minecart at a certain location.

  • Avatar of Avasam Avasam Oct 28, 2014 at 01:50 UTC - 0 likes

    Sadly it does not, since the plugin is simply preventing any player who hasn't logged in to do anything. But [RailCraft] is a player that can't login, and so it is restricted to do anything, like placing minecarts for example.

    That's why I'm wondering if there's any way to let guests place minecarts (in fact, I'm unable to let guests do anything, but that might just be me)

  • Avatar of luricos luricos Oct 27, 2014 at 15:27 UTC - 0 likes

    @Avasam: Go If it does throw an error please open a ticket so i can have a look into it.

  • Avatar of Avasam Avasam Oct 27, 2014 at 03:53 UTC - 0 likes

    Is there a way to make xAuth work with [RailCraft] fakeplayer? (to be more precise, that means cart dispenser placing minecarts on rails)

    Maybe by letting guests place minecarts or making it so a certain username totally bypasse xAuth?

    Last edited Oct 27, 2014 by Avasam: typos
  • Avatar of luricos luricos Oct 26, 2014 at 22:26 UTC - 0 likes

    @LizardFreak7: Go

    please create an issue on my jira instance at jira.luricos.de if you think that this is related to the plugin. A error log would help. Please see that you include the lines where it says "caused by". Thanks!

  • Avatar of luricos luricos Oct 26, 2014 at 22:24 UTC - 0 likes

    @filszyp: Go

    will do thanks!

Facts

Date created
Jan 23, 2012
Categories
Last update
Oct 22, 2013
Development stage
Release
Language
  • enUS
License
GNU General Public License version 3 (GPLv3)
Curse link
xAuth
Downloads
495,295
Recent files

Authors

Relationships

Optional dependency
Essentials
PermissionsEx