Find a way to run the online test without having the mojang server ban us

[rom1504]

https://github.com/PrismarineJS/node-minecraft-protocol/commit/6fb6b35cc537411ed587d0aafdc7fe7033a6221d

saving the tokens somehow might do it

[rom1504]

I recently switched to my own second account instead of @roblabla 's for the test and I just got that mail from mojang:

We suspect that your Mojang account email and password may have been compromised. To prevent unauthorized use of your account we've reset your account password. If you use that same password on other sites we strongly recommend that you change your password on those sites as well.

I guess that's what happened with roblabla's account too.

The online test is disabled for now, but we really need to find a better solution if we want to enable that online mode test.

[roblabla]

We could implement our own auth server fairly easily, and run the tests against that. Not as high fidelity as using the real minecraft servers, but should work well enough ^^.

[pqml]

I've made a mini module to deal with tokens and simulate the way the official launcher works I don't know if it could fix the problem ?

https://github.com/pqml/prismarine-tokens

[rom1504]

https://github.com/Litarvan/OpenAuth-Server

[rom1504]

some discussion about this, there https://github.com/PrismarineJS/mineflayer/issues/551

[rom1504]

similar to prismarine token is https://github.com/PrismarineJS/node-minecraft-wrap/blob/master/lib/wrap_client.js#L37

Problem is we run tests in parallel + circle ci doesn't keep the token file between runs.

Can we make circle ci keep the token file ? (let's say launcher_profiles.json)

That might be a good enough solution.

[pqml]

I don't think Circle CI can have persistent data.

A solution could be to store the json data to a remote server via a simple REST API and secure calls with an API Key. (Firebase / AWS services are good but a simple php script will work too)

You can setup environment variables in Circle CI to hide that key (https://circleci.com/docs/1.0/environment-variables/#setting-environment-variables-for-all-commands-without-adding-them-to-git)

[rom1504]

ah yes, "hidden" key + encrypted launcher_profiles.json in an other repo. couldn't be enabled for pull requests, but otherwise it might work

[Saiv46]

There's alternative (and open-source) authentication server available to everyone - Ely.by!

I think we can run instance of https://github.com/elyby/accounts alongside in CI

[rom1504]

If we're going to mock the auth, best do it via prismarine-auth

On Sun, May 12, 2024, 4:54 PM Alexander Ivanov @.***> wrote:

There's alternative (and open-source) authentication server available to everyone - Ely.by https://ely.by!

I think we can run instance of https://github.com/elyby/accounts alongside in CI

— Reply to this email directly, view it on GitHub https://github.com/PrismarineJS/node-minecraft-protocol/issues/372#issuecomment-2106273067, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAR437R2AV4PQQBCFQZVIWTZB57DBAVCNFSM4B32T5AKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMJQGYZDOMZQGY3Q . You are receiving this because you authored the thread.Message ID: @.***>