Support for per-player notes

[lolbraa]

My server-staff have requested support for notes. Just like a ban/mute/warning, you would add a "note" to a player. It should not do anything practical, just making the staff able to share player notes.

[EvilOlaf]

This already a feature of BM. Use addnote to attach a note to a player. Use notes to lookup all notes of currently online players. When a player joins its notes will be shown to staff or any other player that have certain permissions.

[manuelgu]

@EvilOlaf He is aware of that. This Issue is in the WebUI Repo, so I'm assuming he would like to see Player Notes support for the WebUI :)

[EvilOlaf]

Woops, sorry, did not see that it was in the WebUI repo.

Never mind.

[confuser]

If this were added, it'd need to be protected behind the administration login, as notes often contain private data.

[manuelgu]

@confuser :+1: Agree.

[lolbraa]

Actually, I was not aware of the note system implemented in the plugin. But the point of my request was for the WebUI, anyway, like you figured. Hope you'll be able to implement this, as it's heavily requested. Thanks!

[EvilOlaf]

When you start using it ingame you probably do not need it in the Web-UI anymore :D. It is really awesome.

[TomLewis]

please make this happen, you should login via the mojang servers, and have a list of UUID's of mods that can view/edit notes. http://wiki.vg/Authentication

[lolbraa]

That is so true. Making it really safe and convinient

[confuser]

@FrozenBeard this is a completely different issue, and to clarify, that won't be implemented. There's no guarantee that people using this script won't use such a feature to log/steal account details. Also, putting your Mojang login into something other than the Minecraft launcher or the Mojang site is incredibly risky in the first place. Mojang should really implement the login system as OAuth, then I'd happily integrate it.

[TomLewis]

@confuser No need to actually enter the player details, why would you assume that? thats absolutely stupid. Its entirely on the developer to build it so you click a link, it opens up the MC website to login, you log in, and it redirects you. Like all the other systems that already do this Fbook/Gmail etc. At no point did I say to have the player enter their username and pass, thats absolutely stupid. Other option to autenticate, get them to /login in game to generate a pass to link their account. (much slower and a pain in the ass)

[confuser]

And how exactly does it get Mojang's website to redirect you back to your website, alongside the authentication token? I wasn't aware they supported such a feature. I'd love to see an example?

[frdmn]

@FrozenBeard It's totally stupid to implement such a proxy authentication method which you just described. As long as Minecraft/Mojang doesn't support OAuth(2) (or an alternative authorization system), I am also very much against this idea.

The only thing I found was MineID, which is not official by Mojand and only defers the risk of leaking passwords to the end of MineID. (They still "proxy authenticate" via plaintext for you).

Edit: this might be a intresting read: https://bugs.mojang.com/browse/MCAPI-176?jql=text%20~%20%22oauth%22 - they don't seem to be interessted in such a auth implentation

[TomLewis]

@frdmn Holy crap you're right, I honestly thought it was part of their API, there could be one way of doing it that actually checks via JS the minecraft.net website, load that page via JS in-app their end (Not server side) and it could see if they are logged in with a simple parse of the page. I know this is an ugly, ugly way of doing it, but that may work. Im sure i've seen a website use the oauth method before. I will do some more research to see if I can find it. I also wanted to implement something similar in my minecraft web interface I have made, im really dissapointed this isnt part of their api, they could really cut down with stolen accounts with something like that, Im going to email their dev team. If a real authentication method was implemented by mojang would you back me by saying you want to implement it?

[confuser]

Covered in new UI, see #215