Open austinhuang0131 opened 5 years ago
This indeed should not appear anywhere, but since it is still a chat event, it could be catched by plugins(i.e. Prism-Bukkit) that log player commands. Further, the 2FA code should only be used once, so it's less sensitive than a password.
This indeed should not appear anywhere
We can just hide it from the server log, better than nothing
Before reporting an issue make sure you are running the latest build of the plugin and checked for duplicate issues!
yes
What behaviour is observed:
Console logs
/2fa code/confirm <code>
message as usual.What behaviour is expected:
Console logs something like "2fa success" instead of exposing the code, just like how
/login
is treated in the console. I'm not saying I don't trust my OPs but I just think it's necessary.Steps/models to reproduce:
You login using 2fa.
Plugin list:
n/a
Environment description
Spigot 1.13.2 @ Linux
AuthMe build number:
v5.5.1-SNAPSHOT (build: 2181)
Error Log:
n/a
Configuration:
n/a