xAuth
xAuth v2.6.x
Authentication plugin for bukkit powered servers
About
xAuth is a second-factor authentication plugin that can be used to secure player accounts on your server. As the plugin has been enhanced over time, the direction and main purpose have expanded to new possibilities. Let's say you run a community page. With xAuth, players can authenticate using their forum accounts or using a web-driven account management system. It is also possible to get the credentials from a foreign database.
Important Notice
Before upgrading please read xAuth Documentation (external link). I have added documenation to my Confluence instance that will be updated over time. Permissions Node changed! If you get "command is restricted" you most likely did not check the release log.
Further Instructions can be found there.
Concept
The basic idea of this protection plugin is allowing players to register an account based on their player name and a supplied password and optionally their email-address. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.
Permissions (READ ME)
This plugin has the ability to block almost any action (including command execution) for guests and registered xauth players. It also does not use negated permissions in order to not interfere with existing plugins. Permissions are "allowed" or "restricted".
Important-Note:
In order to restrict certain actions executed by registered xauth players you need to restrict them since xauth players are trusted. This is different from guests since the default for guests is always "restrict" if not set since a guest is an unknown state. Guest nodes can also only be set via configuration and have the last say even if you might have the right to execute any command.
Please keep in mind in order to block admin commands you need to restrict them via xauth.restrict.player.command.xauth.* or add each command to a group.
This might be confusing at first but has its cons since you always can see if a permission is restricted or allowed via permission node and not via bullet point. More details can be found on page Permission-System
Features
- Before registering/logging in, players can't:
- Chat, execute commands, interact with objects (like levers or chests), move or pickup items
- Break or place blocks
- Receive or give damage, be targeted (followed) by hostile mobs
- Inventory and location protection
- Command TabCompletion including Configuration Node Browser!
- In-depth setting and message configuration
- Persistent login session through server restarts
- Player name filter and password complexity configuration
- Kick non-logged in (but registered) players after a configureable amount of time
- Fine graded Permission System that also allows you to block interactions or commands
- Permissions support (PermissionsEx, Bukkit, GroupManager)
- Kick or temporarily lockout the IP address of a player who fials to log in after a configureable amount of tries
- Custom, highly secure password hashing
- Authenticate yourself with /login <password>
- H2 / mySQL Database storage supported
- Authentication over URL (AuthURL) allows for connection to forum or website databases
- Auto-Updater (thanks to Gravity)
News
Checkout the News & Upcoming-Changes page for details.
Wiki
The Wiki is located on github.
Please visit the Github Project-Page and click on Wiki
Credits
All credits goes to CypherX from bukkit forums who created this plugin. Thanks for your work and long time support!
The old bukkit-thread can be found here
Contact
If you need help regarding the plugin please use the Issue Link in the navigation bar or contact me via private message.
Thank you for updating the plugin! You should post your plugin on spigot.
@luricos
can you add capitalization checker? Because i dont want user log with different name, Scenario example:
xAuth must act like this:
I have a problem about login spawning. I set xauth global spawning location in a certain world (not main world), and set the world to default spawning world. Players spawn at that location before login, but after registering and logging in, they are teleported to the main world. That really makes me confused. What should I do to correct it?
Pls add AuthMe Reloaded import support
@luricos
Great news, thank you.
@ZachBail
well i have to check for specific java 8 related changes. one i already identified is fairly simple to fix. It will fix issues with permissions building when using java 8. everything else has to be tested which takes time. I will probably get back to xauth on thursday.
@Mark615
PM me so we can discuss this problem.
@luricos
This plugin looks amazing luricos. Any ETA on the update to java 8? I can't use XAuth till then because most, if not all, my players use 8 now that it is part of the auto-update.
@luricos:
I#am using Java 7. But why are all this permissions wrong?
btw this auth plugin it block the user if try to login with a different names? Example i register as Guy, and after a while i log as gUY, how xAuth will threat this? because with uuid thing it mess these user database,
@Mark615
Do you have Java 8 installed? If so use java 7.
I am using xauth version 2.6.0 and there are some problems which i don't understand.
no errors in the console, but when i log in with my player and try to move it, xauth tell me to log in "you must be logged in to do that". But i did before.
I tryed to handel the problem by adding permissions to pex "xauth.allow.command.*" But why are the given perms in the plugin.yml not the permissions which i need to allow an action?
My question is why did xauth mean that iam not logged in?
@luricos
grad to hear this.... because i am using 1.8 java in my server too.
Thanks
Works perfectly with Spigot 1.8.3 :D
I have found the issue regarding permission problems with xAuth 2.6.0.
This is not a bug in xAuth. The problem is that many of you do use xAuth with Java 8 which is not recommended by me. You should use Java 7. Java 8 is still in development and the problem is related to a method i use that is not behaving in Java 8 like it does in Java 7.
Full article is here: http://stackoverflow.com/questions/22718744/why-does-split-in-java-8-sometimes-remove-empty-strings-at-start-of-result-array
This breaks xAuth with Java 8. So permission resolve will not work with Java 8. I will implement a fix in 2.6.1 for you so this will not happen. If you can use Java 7 or wait for my fixed version that should be compatible with java 8 split behavior.
@Rycerz16
Please DM me if you have problems that cant be solved by one comment.
@oOBartekOo
thanks for your help.
@CroAtTheTop
Yes, there is xAuthImporter Tool available. PM me please so i can give you detailed instructions.
I am currently using AuthMe Reloaded and have my player databse in MySQL, is it possible to convert it to xAuth MySQL database?
I wanted to help. I thought it would help. and it will work correctly.