[BUG] Premium players logging in as non-premium players

[Maks1116]

Describe the bug When players with premium minecraft account join my server plugin doesn't seem to be detecting that they are using premium account.

To Reproduce My config:

version: "1.0.6-SNAPSHOT"
# Available serializers:
# LEGACY_AMPERSAND - "&c&lExample &c&9Text".
# LEGACY_SECTION - "§c§lExample §c§9Text".
# MINIMESSAGE - "<bold><red>Example</red> <blue>Text</blue></bold>". (https://webui.adventure.kyori.net/)
# GSON - "[{"text":"Example","bold":true,"color":"red"},{"text":" ","bold":true},{"text":"Text","bold":true,"color":"blue"}]". (https://minecraft.tools/en/json_text.php/)
# GSON_COLOR_DOWNSAMPLING - Same as GSON, but uses downsampling.
serializer: "LEGACY_AMPERSAND"
prefix: "Logowanie &6>>&f"

# Don't use \n, use {NL} for new line, and {PRFX} for prefix.
main:
  # Maximum time for player to authenticate in milliseconds. If the player stays on the auth limbo for longer than this time, then the player will be kicked.
  auth-time: 60000
  enable-bossbar: true
  # Available colors: PINK, BLUE, RED, GREEN, YELLOW, PURPLE, WHITE
  bossbar-color: "RED"
  # Available overlays: PROGRESS, NOTCHED_6, NOTCHED_10, NOTCHED_12, NOTCHED_20
  bossbar-overlay: "NOTCHED_20"
  min-password-length: 4
  # Max password length for the BCrypt hashing algorithm, which is used in this plugin, can't be higher than 71. You can set a lower value than 71.
  max-password-length: 71
  check-password-strength: true
  unsafe-passwords-file: "unsafe_passwords.txt"
  online-mode-need-auth: false
  # Needs floodgate plugin.
  floodgate-need-auth: true
  # TOTALLY disables hybrid auth feature
  force-offline-mode: false
  # Forces all players to get offline uuid
  force-offline-uuid: false
  # Delay in milliseconds before sending auth-confirming titles and messages to the player. (login-premium-title, login-floodgate, etc.)
  premium-and-floodgate-messages-delay: 1250
  # Forcibly set player's UUID to the value from the database
  # If the player had the cracked account, and switched to the premium account, the cracked UUID will be used.
  save-uuid: false
  enable-totp: true
  totp-need-password: true
  register-need-repeat-password: false
  change-password-need-old-password: true
  # Used in unregister and premium commands.
  confirm-keyword: "confirm"
  # This prefix will be added to offline mode players nickname
  offline-mode-prefix: ""
  # This prefix will be added to online mode players nickname
  online-mode-prefix: ""
  # If you want to migrate your database from another plugin, which is not using BCrypt.
  # You can set an old hash algorithm to migrate from.
  # AUTHME - AuthMe SHA256(SHA256(password) + salt) that looks like $SHA$salt$hash (AuthMe, MoonVKAuth, DSKAuth, DBA)
  # AUTHME_NP - AuthMe SHA256(SHA256(password) + salt) that looks like SHA$salt$hash (JPremium)
  # SHA256_NP - SHA256(password) that looks like SHA$salt$hash
  # SHA256_P - SHA256(password) that looks like $SHA$salt$hash
  # SHA512_NP - SHA512(password) that looks like SHA$salt$hash
  # SHA512_P - SHA512(password) that looks like $SHA$salt$hash
  # SHA512_DBA - DBA plugin SHA512(SHA512(password) + salt) that looks like SHA$salt$hash (DBA, JPremium)
  # MD5 - Basic md5 hash
  # ARGON2 - Argon2 hash that looks like $argon2i$v=1234$m=1234,t=1234,p=1234$hash
  # MOON_SHA256 - Moon SHA256(SHA256(password)) that looks like $SHA$hash (no salt)
  # SHA256_NO_SALT - SHA256(password) that looks like $SHA$hash (NexAuth)
  # SHA512_NO_SALT - SHA512(password) that looks like $SHA$hash (NexAuth)
  # SHA512_P_REVERSED_HASH - SHA512(password) that looks like $SHA$hash$salt (nLogin)
  migration-hash: ""
  # Available dimensions: OVERWORLD, NETHER, THE_END
  dimension: "THE_END"
  purge-cache-millis: 3600000
  purge-premium-cache-millis: 28800000
  # QR Generator URL, set {data} placeholder
  qr-generator-url: "https://api.qrserver.com/v1/create-qr-code/?data={data}&size=200x200&ecc=M&margin=30"
  totp-issuer: "ELOCraft"
  bcrypt-cost: 10
  login-attempts: 3
  ip-limit-registrations: 3
  totp-recovery-codes-amount: 16
  # Time in milliseconds, when ip limit works, set to 0 for disable.
  ip-limit-valid-time: 21600000
  # Regex of allowed nicknames
  # ^ means the start of the line, $ means the end of the line
  # [A-Za-z0-9_] is a character set of A-Z, a-z, 0-9 and _
  # {3,16} means that allowed length is from 3 to 16 chars
  allowed-nickname-regex: "^[A-Za-z0-9_]{3,16}$"
  load-world: false
  # World file type: "schematic" (1.12.2 and lower, not recommended), "structure" block .nbt (saved in 1.17 - 1.18.2).
  world-file-type: "structure"
  world-file-path: "world.nbt"
  # World time in ticks (24000 ticks == 1 in-game day)
  world-ticks: 1000
  # World light level (from 0 to 15)
  world-light-level: 15
  # Available: ADVENTURE, CREATIVE, SURVIVAL, SPECTATOR
  game-mode: "ADVENTURE"
  # Custom isPremium URL
  # You can use Mojang one's API (set by default)
  # Or CloudFlare one's: https://api.ashcon.app/mojang/v1/user/%s
  # Or use this code to make your own API: https://blog.cloudflare.com/minecraft-api-with-workers-coffeescript/
  # Or implement your own API, it should just respond with HTTP code 200 only if the player is premium
  ispremium-auth-url: "https://api.ashcon.app/mojang/v1/user/%s"
  # If Mojang rate-limits your server, we cannot determine if the player is premium or not
  # This option allows you to choose whether every player will be defined as premium or as cracked while Mojang is rate-limiting the server
  # True - as premium; False - as cracked
  on-rate-limit-premium: true
  register-command:
    - "/r"
    - "/reg"
    - "/register"
  login-command:
    - "/l"
    - "/log"
    - "/login"
  totp-command:
    - "/2fa"
    - "/totp"
  # New players will be kicked with registrations-disabled-kick message
  disable-registrations: false
  world-coords:
    x: 0
    y: 0
    z: 0
  cracked-title-settings:
    fade-in: 10
    stay: 70
    fade-out: 20
    clear-after-login: false
  premium-title-settings:
    fade-in: 10
    stay: 70
    fade-out: 20
  strings:
    reload: "{PRFX} &aReloaded successfully!"
    reload-failed: "{PRFX} &cReload failed, check console for details."
    error-occurred: "{PRFX} &cAn internal error has occurred!"
    database-error-kick: "{PRFX} &cA database error has occurred!"
    not-player: "{PRFX} &cKonsola nie może tego uruchomić!"
    not-registered: "{PRFX} &cNie jesteś zarejestrowany albo masz konto &6PREMIUM!"
    cracked-command: "{PRFX}{NL}&aNie możesz użyć tego polecenia, ponieważ masz konto &6PREMIUM&a!"
    wrong-password: "{PRFX} &cZłe hasło!"
    nickname-invalid-kick: "{PRFX}{NL}&cTwój nick zawiera niedozwolone znaki. Zmień go!"
    # 6 hours by default in ip-limit-valid-time
    ip-limit-kick: "{PRFX}{NL}{NL}&cTwó adres IP osiągnął limit zarejestrowanych graczy."
    wrong-nickname-case-kick: "{PRFX}{NL}&cWielkość liter w twoim nicku jest nieodpowiednia."
    bossbar: "{PRFX} Masz &6{0} &fsekund na zalogowanie."
    times-up: "{PRFX}{NL}&cCzas na logowanie minął."
    login-premium: "" # Can be empty.
    login-premium-title: "" # Can be empty.
    login-premium-subtitle: "" # Can be empty.
    login-floodgate: "" # Can be empty.
    login-floodgate-title: "" # Can be empty.
    login-floodgate-subtitle: "" # Can be empty.
    login: "{PRFX} &aZaloguj się używając &6/login <hasło>&a, pozostało &6{0} &aprób."
    login-wrong-password: "{PRFX} &cWpisałeś złe hasło. Masz &6{0} &cprób."
    login-wrong-password-kick: "{PRFX}{NL}&cZbyt wiele razy wpisałeś złe hasło!"
    login-successful: "{PRFX} &aPomyślnie zalogowano!"
    login-title: "" # Can be empty.
    login-subtitle: "" # Can be empty.
    login-successful-title: "" # Can be empty.
    login-successful-subtitle: "" # Can be empty.
    # Or if register-need-repeat-password set to false remove the "<repeat password>" part.
    register: "{PRFX} Zarejestruj się używając &6/register <hasło>"
    register-different-passwords: "{PRFX} &cHasła różnią się od siebie!"
    register-password-too-short: "{PRFX} &cZa krótkie hasło, użyj innego!"
    register-password-too-long: "{PRFX} &cZa długie hasło, użyj innego!"
    register-password-unsafe: "{PRFX} &cHasło nie jest bezpieczne, użyj innego!"
    register-successful: "{PRFX} &aPomyślnie zarejestrowano!"
    register-title: "" # Can be empty.
    register-subtitle: "" # Can be empty.
    register-successful-title: "" # Can be empty.
    register-successful-subtitle: "" # Can be empty.
    unregister-successful: "{PRFX}{NL}&aPomyślnie wyrejestrowano!"
    unregister-usage: "{PRFX} Użyj: &6/unregister <aktualne hasło> confirm"
    premium-successful: "{PRFX}{NL}&aZmieniono konto na &6PREMIUM&a!"
    already-premium: "{PRFX} &cTwoje konto jest już zarejestrowane jako &6PREMIUM&c!"
    not-premium: "{PRFX} &cTwoje konto nie jest zarejestrowane jako &6PREMIUM&c!"
    premium-usage: "{PRFX} Użycie: &6/premium <hasło> confirm"
    event-cancelled: "{PRFX} Authorization event was cancelled"
    force-unregister-successful: "{PRFX} &6{0} &apomyślnie odrejestrowano!"
    force-unregister-kick: "{PRFX}{NL}&aZostałeś odrejestrowany przez administratora!"
    force-unregister-not-successful: "{PRFX} &cNie udało się odrejestrować &6{0}&c. Prawdopodobnie gracz nie był na serwerze."
    force-unregister-usage: "{PRFX} Użycie: &6/forceunregister <nick>"
    registrations-disabled-kick: "{PRFX} Registrations are currently disabled."
    change-password-successful: "{PRFX} &aPomyślnie zmieniono hasło!"
    # Or if change-password-need-old-pass set to false remove the "<old password>" part.
    change-password-usage: "{PRFX} Użycie: &6/changepassword <stare hasło> <nowe hasło>"
    force-change-password-successful: "{PRFX} &aPomyślnie zmieniono hasło dla gracza &6{0}&a!"
    force-change-password-message: "{PRFX} &aTwoje hasło zostało zmienione na &6{0} &aprzez administratora!"
    force-change-password-not-successful: "{PRFX} &cNie można zmienić hasła dla gracza &6{0}&c. Przwdopodobnie gracz nie był na serwerze."
    force-change-password-usage: "{PRFX} Użycie: &6/forcechangepassword <nick> <nowe hasło>"
    totp: "{PRFX} Wpisz klucz 2FA używając &6/2fa <klucz>"
    totp-title: "" # Can be empty.
    totp-subtitle: "" # Can be empty.
    totp-successful: "{PRFX} &aPomyślnie włączono 2FA!"
    totp-disabled: "{PRFX} &aPomyślnie wyłączono 2FA!"
    # Or if totp-need-pass set to false remove the "<current password>" part.
    totp-usage: "{PRFX} Użycie: &6/2fa enable <hasło>&f lub &6/2fa disable <klucz 2FA>&f."
    totp-wrong: "{PRFX} &cZły klucz 2FA!"
    totp-already-enabled: "{PRFX} &c2FA jest już włączone. Dyłącz je używając &6/2fa disable <klucz 2FA>&c."
    totp-qr: "{PRFX} Naciśnij tutaj aby otworzyć kod 2FA w przeglądarce."
    totp-token: "{PRFX} &aTwój token 2FA &7(naciśnij, aby skopiować)&a: &6{0}"
    totp-recovery: "{PRFX} &aTwoje kody odzyskiwania &7(kliknij, aby skopiować)&a: &6{0}"
    destroy-session-successful: "{PRFX} &eTwoja sesja została zniszczona. Musisz zalogować się ponownie po ponownym dołączeniu."
  auth-coords:
    x: 0.0
    y: 0.0
    z: 0.0
    yaw: 0.0
    pitch: 0.0

# Database settings
database:
  # Database type: mysql, postgresql or h2.
  storage-type: "mysql"
  # Settings for Network-based database (like MySQL, PostgreSQL): 
  hostname: "127.0.0.1:3306"
  user: "something"
  password: "something"
  database: "something"
  connection-parameters: "?autoReconnect=true&initialTimeout=1&useSSL=false"

Expected behavior When player joins server they should have been detected as a premium account or not.

Server Info (please complete the following information):

• All Limbo plugins versions:

• [e.g. LimboAPI 1.0.6-SNAPSHOT, downloaded from https://github.com/Elytrium/LimboAPI/actions/runs/2675404300]

• [e.g. LimboAuth 1.0.6-SNAPSHOT, downloaded from https://github.com/Elytrium/LimboAPI/actions/runs/2656704149]

• /velocity dump link: https://dump.velocitypowered.com/nocifuleca.json

Am I doing something wrong or is this a bug?

[Maks1116]

Looks like it just started working, I'm going to close this issue.