Elytrium / LimboAuth

Minecraft Auth System for Velocity proxy built in virtual server (Limbo). Built with LimboAPI.
GNU Affero General Public License v3.0
187 stars 77 forks source link

Premium player can't join the server getting prompt to rejoin the server as if he had written /premium command #104

Open RealKomander opened 1 year ago

RealKomander commented 1 year ago

I turned on the option to register online players automatically, however one particular player keeps getting the message that is normally sent after you type /premium command. image

His nickname doesn't appear in the database, I tried /forcechangepassword him, nothing helps Here's the config:

version: "1.1.12"
# Available serializers:
# LEGACY_AMPERSAND - "&c&lExample &c&9Text".
# LEGACY_SECTION - "§c§lExample §c§9Text".
# MINIMESSAGE - "<bold><red>Example</red> <blue>Text</blue></bold>". (https://webui.adventure.kyori.net/)
# GSON - "[{"text":"Example","bold":true,"color":"red"},{"text":" ","bold":true},{"text":"Text","bold":true,"color":"blue"}]". (https://minecraft.tools/en/json_text.php/)
# GSON_COLOR_DOWNSAMPLING - Same as GSON, but uses downsampling.
serializer: LEGACY_AMPERSAND
prefix: ""

# Don't use \n, use {NL} for new line, and {PRFX} for prefix.
main:
  # Maximum time for player to authenticate in milliseconds. If the player stays on the auth limbo for longer than this time, then the player will be kicked.
  auth-time: 60000
  enable-bossbar: false
  # Available colors: PINK, BLUE, RED, GREEN, YELLOW, PURPLE, WHITE
  bossbar-color: RED
  # Available overlays: PROGRESS, NOTCHED_6, NOTCHED_10, NOTCHED_12, NOTCHED_20
  bossbar-overlay: NOTCHED_20
  min-password-length: 4
  # Max password length for the BCrypt hashing algorithm, which is used in this plugin, can't be higher than 71. You can set a lower value than 71.
  max-password-length: 71
  check-password-strength: true
  unsafe-passwords-file: "unsafe_passwords.txt"
  # Players with premium nicknames should register/auth if this option is enabled
  # Players with premium nicknames must login with a premium Minecraft account if this option is disabled
  online-mode-need-auth: false
  # Needs floodgate plugin if disabled.
  floodgate-need-auth: false
  # TOTALLY disables hybrid auth feature
  force-offline-mode: false
  # Forces all players to get offline uuid
  force-offline-uuid: false
  # If enabled, the plugin will firstly check whether the player is premium through the local database, and secondly through Mojang API.
  check-premium-priority-internal: true
  # Delay in milliseconds before sending auth-confirming titles and messages to the player. (login-premium-title, login-floodgate, etc.)
  premium-and-floodgate-messages-delay: 1250
  # Forcibly set player's UUID to the value from the database
  # If the player had the cracked account, and switched to the premium account, the cracked UUID will be used.
  save-uuid: false
  # Saves in the database the accounts of premium users whose login is via online-mode-need-auth: false
  # Can be disabled to reduce the size of stored data in the database
  save-premium-accounts: true
  enable-totp: true
  totp-need-password: true
  register-need-repeat-password: true
  change-password-need-old-password: true
  # Used in unregister and premium commands.
  confirm-keyword: "confirm"
  # This prefix will be added to offline mode players nickname
  offline-mode-prefix: ""
  # This prefix will be added to online mode players nickname
  online-mode-prefix: ""
  # If you want to migrate your database from another plugin, which is not using BCrypt.
  # You can set an old hash algorithm to migrate from.
  # AUTHME - AuthMe SHA256(SHA256(password) + salt) that looks like $SHA$salt$hash (AuthMe, MoonVKAuth, DSKAuth, DBA)
  # AUTHME_NP - AuthMe SHA256(SHA256(password) + salt) that looks like SHA$salt$hash (JPremium)
  # SHA256_NP - SHA256(password) that looks like SHA$salt$hash
  # SHA256_P - SHA256(password) that looks like $SHA$salt$hash
  # SHA512_NP - SHA512(password) that looks like SHA$salt$hash
  # SHA512_P - SHA512(password) that looks like $SHA$salt$hash
  # SHA512_DBA - DBA plugin SHA512(SHA512(password) + salt) that looks like SHA$salt$hash (DBA, JPremium)
  # MD5 - Basic md5 hash
  # ARGON2 - Argon2 hash that looks like $argon2i$v=1234$m=1234,t=1234,p=1234$hash
  # MOON_SHA256 - Moon SHA256(SHA256(password)) that looks like $SHA$hash (no salt)
  # SHA256_NO_SALT - SHA256(password) that looks like $SHA$hash (NexAuth)
  # SHA512_NO_SALT - SHA512(password) that looks like $SHA$hash (NexAuth)
  # SHA512_P_REVERSED_HASH - SHA512(password) that looks like $SHA$hash$salt (nLogin)
  # SHA512_NLOGIN - SHA512(SHA512(password) + salt) that looks like $SHA$hash$salt (nLogin)
  migration-hash: AUTHME
  # Available dimensions: OVERWORLD, NETHER, THE_END
  dimension: THE_END
  purge-cache-millis: 3600000
  purge-premium-cache-millis: 28800000
  purge-bruteforce-cache-millis: 28800000
  # Used to ban IPs when a possible attacker incorrectly enters the password
  bruteforce-max-attempts: 10
  # QR Generator URL, set {data} placeholder
  qr-generator-url: "https://api.qrserver.com/v1/create-qr-code/?data={data}&size=200x200&ecc=M&margin=30"
  totp-issuer: "LimboAuth by Elytrium"
  bcrypt-cost: 10
  login-attempts: 3
  ip-limit-registrations: 3
  totp-recovery-codes-amount: 16
  # Time in milliseconds, when ip limit works, set to 0 for disable.
  ip-limit-valid-time: 21600000
  # Regex of allowed nicknames
  # ^ means the start of the line, $ means the end of the line
  # [A-Za-z0-9_] is a character set of A-Z, a-z, 0-9 and _
  # {3,16} means that allowed length is from 3 to 16 chars
  allowed-nickname-regex: "^[A-Za-z0-9_]{3,16}$"
  load-world: false
  # World file type:
  #  SCHEMATIC (MCEdit .schematic, 1.12.2 and lower, not recommended)
  #  STRUCTURE (structure block .nbt, any Minecraft version is supported, but the latest one is recommended).
  #  WORLDEDIT_SCHEM (WorldEdit .schem, any Minecraft version is supported, but the latest one is recommended).
  world-file-type: STRUCTURE
  world-file-path: "world.nbt"
  disable-falling: true
  # World time in ticks (24000 ticks == 1 in-game day)
  world-ticks: 1000
  # World light level (from 0 to 15)
  world-light-level: 15
  # Available: ADVENTURE, CREATIVE, SURVIVAL, SPECTATOR
  game-mode: ADVENTURE
  # Custom isPremium URL
  # You can use Mojang one's API (set by default)
  # Or CloudFlare one's: https://api.ashcon.app/mojang/v2/user/%s
  # Or use this code to make your own API: https://blog.cloudflare.com/minecraft-api-with-workers-coffeescript/
  # Or implement your own API, it should just respond with HTTP code 200 (see parameters below) only if the player is premium
  ispremium-auth-url: "https://api.mojang.com/users/profiles/minecraft/%s"
  # Status codes (see the comment above)
  # Responses with unlisted status codes will be identified as responses with a server error
  # Set 200 if you use using Mojang or CloudFlare API
  status-code-user-exists:
    - 200
  # Set 204 and 404 if you use Mojang API, 404 if you use CloudFlare API
  status-code-user-not-exists:
    - 204
    - 404
  # Set 429 if you use Mojang or CloudFlare API
  status-code-rate-limit:
    - 429
  # Sample Mojang API exists response: {"name":"hevav","id":"9c7024b2a48746b3b3934f397ae5d70f"}
  # Sample CloudFlare API exists response: {"uuid":"9c7024b2a48746b3b3934f397ae5d70f","username":"hevav", ...}
  # 
  # Sample Mojang API not exists response (sometimes can be empty): {"path":"/users/profiles/minecraft/someletters1234566","errorMessage":"Couldn't find any profile with that name"}
  # Sample CloudFlare API not exists response: {"code":404,"error":"Not Found","reason":"No user with the name 'someletters123456' was found"}
  # 
  # Responses with an invalid scheme will be identified as responses with a server error
  # Set this parameter to [], to disable JSON scheme validation
  user-exists-json-validator-fields:
    - "name"
    - "id"
  json-uuid-field: "id"
  user-not-exists-json-validator-fields: []
  # If Mojang rate-limits your server, we cannot determine if the player is premium or not
  # This option allows you to choose whether every player will be defined as premium or as cracked while Mojang is rate-limiting the server
  # True - as premium; False - as cracked
  on-rate-limit-premium: true
  # If Mojang API is down, we cannot determine if the player is premium or not
  # This option allows you to choose whether every player will be defined as premium or as cracked while Mojang API is unavailable
  # True - as premium; False - as cracked
  on-server-error-premium: true
  register-command:
    - "/r"
    - "/reg"
    - "/register"
  login-command:
    - "/l"
    - "/log"
    - "/login"
  totp-command:
    - "/2fa"
    - "/totp"
  # New players will be kicked with registrations-disabled-kick message
  disable-registrations: false
  # Implement the automatic login using the plugin, the LimboAuth client mod and optionally using a custom launcher
  # See https://github.com/Elytrium/LimboAuth-ClientMod
  mod:
    enabled: true
    # Should the plugin forbid logging in without a mod
    login-only-by-mod: false
    # The key must be the same in the plugin config and in the server hash issuer, if you use it
    verify-key: "KhCOlrKyjgWnA1GCqtna0m5x"
  world-coords:
    x: 0
    y: 0
    z: 0
  auth-coords:
    x: 0.0
    y: 0.0
    z: 0.0
    yaw: 0.0
    pitch: 0.0
  cracked-title-settings:
    fade-in: 10
    stay: 70
    fade-out: 20
    clear-after-login: false
  premium-title-settings:
    fade-in: 10
    stay: 70
    fade-out: 20
  # Available values: FALSE, TRUE, PERMISSION
  #  FALSE - the command will be disallowed
  #  TRUE - the command will be allowed if player has false permission state
  #  PERMISSION - the command will be allowed if player has true permission state
  command-permission-state:
    # Permission: limboauth.commands.changepassword
    change-password: PERMISSION
    # Permission: limboauth.commands.destroysession
    destroy-session: PERMISSION
    # Permission: limboauth.commands.premium
    premium: PERMISSION
    # Permission: limboauth.commands.totp
    totp: PERMISSION
    # Permission: limboauth.commands.unregister
    unregister: PERMISSION
    # Permission: limboauth.admin.forcechangepassword
    force-change-password: PERMISSION
    # Permission: limboauth.admin.forceregister
    force-register: PERMISSION
    # Permission: limboauth.admin.forceunregister
    force-unregister: PERMISSION
    # Permission: limboauth.admin.reload

    reload: PERMISSION
    # Permission: limboauth.admin.help
    help: TRUE
  strings:
    reload: "{PRFX} &aReloaded successfully!"
    error-occurred: "{PRFX} &cAn internal error has occurred!"
    database-error-kick: "{PRFX} &cA database error has occurred!"
    not-player: "{PRFX} &cСonsole is not allowed to execute this command!"
    not-registered: "{PRFX} &cТы не зарегистрирован или твой аккаунт не премиум!"
    cracked-command: "{PRFX}{NL}&aYou can not use this command since your account is &6PREMIUM&a!"
    wrong-password: "{PRFX} &cПароль неверный!"
    nickname-invalid-kick: "{PRFX}В твоем нике есть запрещенные символы или он длиннее 15 символов, используй другой!"
    reconnect-kick: "{PRFX}Премиум установлен, перезайди на сервер!"
    # 6 hours by default in ip-limit-valid-time
    ip-limit-kick: "{PRFX}{NL}{NL}&cYour IP has reached max registered accounts. If this is an error, restart your router, or wait about 6 hours."
    wrong-nickname-case-kick: "{PRFX}{NL}&cYou should join using username &6{0}&c, not &6{1}&c."
    bossbar: "{PRFX} You have &6{0} &fseconds left to log in."
    times-up: "{PRFX}{NL}&cВремя на авторизацию истекло"
    login-premium: "" # Can be empty.
    login-premium-title: "" # Can be empty.
    login-premium-subtitle: "" # Can be empty.
    login-floodgate: "" # Can be empty.
    login-floodgate-title: "" # Can be empty.
    login-floodgate-subtitle: "" # Can be empty.
    login: "{PRFX} Напиши &6/login <пароль>&a, чтобы зайти на сервер"
    login-wrong-password: "{PRFX} &cПароль неверный, осталось &6{0} &cпопыток"
    login-wrong-password-kick: "{PRFX}Пароль неверный!"
    login-successful: "{PRFX} &aЛогин успешен!"
    login-title: "Напиши &6/login <пароль>&a, чтобы зайти на сервер" # Can be empty.
    login-subtitle: "" # Can be empty.
    login-successful-title: "" # Can be empty.
    login-successful-subtitle: "" # Can be empty.
    # Or if register-need-repeat-password set to false remove the "<repeat password>" part.
    register: "{PRFX} Пожалуйста, зарегистрируйся используя команду &6/register <пароль> <повтор пароля>"
    register-different-passwords: "{PRFX} &cПароли различаются!"
    register-password-too-short: "{PRFX} &cПароль слишком короткий!"
    register-password-too-long: "{PRFX} &cПароль слишком длинный!"
    register-password-unsafe: "{PRFX} &cПароль небезопасен, используй другой"
    register-successful: "{PRFX} &aТы успешно зарегистрирован"
    register-title: "" # Can be empty.
    register-subtitle: "" # Can be empty.
    register-successful-title: "{PRFX}" # Can be empty.
    register-successful-subtitle: "&aТы успешно зарегистрирован" # Can be empty.
    unregister-successful: "{PRFX}{NL}&aУспешно отменена регистрация!"
    unregister-usage: "{PRFX} Usage: &6/unregister <current password> confirm"
    premium-successful: "{PRFX}{NL}&aSuccessfully changed account state to &6PREMIUM&a!"
    already-premium: "{PRFX} &cYour account is already &6PREMIUM&c!"
    not-premium: "{PRFX} &cYour account is not &6PREMIUM&c!"
    premium-usage: "{PRFX} Usage: &6/premium <current password> confirm"
    event-cancelled: "{PRFX} Authorization event was cancelled"
    force-unregister-successful: "{PRFX} &6{0} &asuccessfully unregistered!"
    force-unregister-kick: "{PRFX}{NL}&aYou have been unregistered by administrator!"
    force-unregister-not-successful: "{PRFX} &cUnable to unregister &6{0}&c. Most likely this player has never been on this server."
    force-unregister-usage: "{PRFX} Usage: &6/forceunregister <nickname>"
    registrations-disabled-kick: "{PRFX} Registrations are currently disabled."
    change-password-successful: "{PRFX} &aSuccessfully changed password!"
    # Or if change-password-need-old-pass set to false remove the "<old password>" part.
    change-password-usage: "{PRFX} Usage: &6/changepassword <old password> <new password>"
    force-change-password-successful: "{PRFX} &aSuccessfully changed password for player &6{0}&a!"
    force-change-password-message: "{PRFX} &aYour password has been changed to &6{0} &aby administator!"
    force-change-password-not-successful: "{PRFX} &cUnable to change password for &6{0}&c. Most likely this player has never been on this server."
    force-change-password-usage: "{PRFX} Usage: &6/forcechangepassword <nickname> <new password>"
    force-register-usage: "{PRFX} Usage: &6/forceregister <nickname> <password>"
    force-register-incorrect-nickname: "{PRFX} &cNickname contains forbidden characters."
    force-register-taken-nickname: "{PRFX} &cThis nickname is already taken."
    force-register-successful: "{PRFX} &aSuccessfully registered player &6{0}&a!"
    force-register-not-successful: "{PRFX} &cUnable to register player &6{0}&c."
    totp: "{PRFX} Please, enter your 2FA key using &6/2fa <key>"
    totp-title: "{PRFX}" # Can be empty.
    totp-subtitle: "&aEnter your 2FA key using &6/2fa <key>" # Can be empty.
    totp-successful: "{PRFX} &aSuccessfully enabled 2FA!"
    totp-disabled: "{PRFX} &aSuccessfully disabled 2FA!"
    # Or if totp-need-pass set to false remove the "<current password>" part.
    totp-usage: "{PRFX} Usage: &6/2fa enable <current password>&f or &6/2fa disable <totp key>&f."
    totp-wrong: "{PRFX} &cWrong 2FA key!"
    totp-already-enabled: "{PRFX} &c2FA is already enabled. Disable it using &6/2fa disable <key>&c."
    totp-qr: "{PRFX} Click here to open 2FA QR code in browser."
    totp-token: "{PRFX} &aYour 2FA token &7(Click to copy)&a: &6{0}"
    totp-recovery: "{PRFX} &aYour recovery codes &7(Click to copy)&a: &6{0}"
    destroy-session-successful: "{PRFX} &eYour session is now destroyed, you'll need to log in again after reconnecting."
    mod-session-expired: "{PRFX} Your session has expired, log in again."

# Database settings
database:
  # Database type: mysql, postgresql, sqlite or h2.
  storage-type: MYSQL
  # Settings for Network-based database (like MySQL, PostgreSQL): 
  hostname: "127.0.0.1:3306"
  user: "root"
  password: ""
  database: "limboauth"
  connection-parameters: "?autoReconnect=true&initialTimeout=1&useSSL=false"
en0tuk commented 1 year ago

А какой версии у тебя LimboAuth и LimboAPI

RealKomander commented 1 year ago

API 1.1.13 и auth 1.1.12, т.е. последние

RealKomander commented 1 year ago

@en0tuk, баг все еще есть, прямо сейчас начал со мной происходить

RealKomander commented 1 year ago

ОШИБКА ПРОДОЛЖАЕТСЯ, ПОМОГИТЕ

RealKomander commented 1 year ago

Still getting the same issue

Tr0llMode commented 1 year ago

same issue https://github.com/Elytrium/LimboAuth/issues/127