Authenticator
v2.0.8
Authenticator is an advanced staff authentication system.
Features
Gallery
Note: These pictures are not up-to-date; a few messages have been altered.
Commands
Configuration
##################################################################################
# #
# Welcome to the configuration of Authenticator! #
# #
# Here are a few rules to consider when editing this file: #
# 1. This file consists of key-value-pairs. #
# 2. There is no whitespace between the key and value separator (=) #
# 3. Empty lines or lines starting with a hash tag (#) will be ignored #
# 4. Any and all whitespace will be respected when this file is read #
# 5. If a required key-value-pair is missing, the default value will be used. #
# An example for a non-required key-value-pair is data.storage.mysql.xxx #
# if the storage method is NOT set to mysql #
# 6. To use the default value for any key, prefix the line with a hash tag (#) #
# 7. For any key that is prefixed with "lang", the value may be split onto #
# multiple lines with two backslashes (\\) #
# #
# The default configuration can always be restored by deleting this file. #
# #
##################################################################################
# Whether to enable bungeecord support (players will only have to log in once after a server restart)
bungeecord=false
# The mysql data used for bungeecord support, required only if bungeecord=true
bungeecord.mysql.host=localhost
bungeecord.mysql.port=3306
bungeecord.mysql.user=root
bungeecord.mysql.password=root
bungeecord.mysql.database=authenticator
# When to check for updates (possible values: "start" for when the server starts, "stop" for when the server stops, "both" for server start and stop, and "manual" for no update checking)
update.trigger=start
# The permission required to receive reminders that an update is available. {OP} represents op players. Set to "false" (without quotation marks) to disable
update.remind.perm={OP}
# The delay (in ticks, 1 second = 20 ticks) to wait between each update notification
# Default value: 12000 (= 10 minutes) (= 10*60*20 ticks)
update.remind.period=12000
# The source of the respective permissions sources
mode.normal.permissions.source=permissions_normal.txt
mode.secure.permissions.source=permissions_secure.txt
# The minimum and maximum length of the key used for secure mode
mode.secure.key.length.min=20
mode.secure.key.length.max=30
# The character list of the random string generator the secure mode will use
mode.secure.key.chars=abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!"'+-:.;,$%()=?
# The method used to compare the expected key to the input
# May be "exact" for exact, "levenshtein" for levenshtein, "damerau_levenshtein" for damerau levenshtein, and "hamming" for hamming comparision
mode.secure.key.compare.method=exact
# The maximum (Damerau) Levenshtein (or Hamming) distance between the expected key and the input
# Only has an affect if mode.secure.key.compare.method is levenshtein or hamming
mode.secure.key.compare.maxdist=2
# The timeout (in seconds) after which the player will fail the authentication
mode.all.timeout=60
# The punishments for failing authentication
# To read more about punishment syntax, check out the bottom of this file
# !! INVALID SYNTAX WILL FAIL SOMEWHAT SILENTLY !!
mode.normal.punish=/kick %name% §c§l[Authenticator] Authentication failed <- fail_count < 5 \\ /deop %name% <- fail_count / 5 \\ /ban %name% §c§l[Authenticator] You have failed authentication too many times and have been banned from the server to prevent any brute force attacks. Please contact an administrator. <- fail_count / 5
mode.secure.punish=/deop %name% \\ /kick %name% §c§l[Authenticator] Authentication failed <- fail_count \ 2 \\ /ban %name% §c§l[Authenticator] Authentication failed <- fail_count / 3
# The storage method used to store the player data (may be "multiple_files" and "mysql" (without quotation marks))
data.storage.method=multiple_files
# The mysql data
# Required only when data.storage.method=mysql
data.storage.mysql.host=localhost
data.storage.mysql.port=3306
data.storage.mysql.user=root
data.storage.mysql.password=root
data.storage.mysql.database=authenticator
# The prefix used in front of any message
lang.prefix=§c§l[Authenticator]
# General messages used by all authenticators
lang.auth.fail=Authentication failed
lang.auth.timeout=Timeout
# Messages used by the normal setup authenticator (which is mode: normal, when first logging in)
lang.auth.setup.loading=Loading...
lang.auth.setup.init=You have not yet set a password.\\To log in, please set a password by typing it in chat.
lang.auth.setup.success=§a§lYou have set your password to: §r%s
# Messages used by the normal authenticator
lang.auth.normal.loading=Loading...
lang.auth.normal.init=You are not logged in.\\To log in, please type your password in chat.\\If you have forgotten your password, please ask a system administrator to reset it.
lang.auth.normal.success=§a§lThe password you entered is valid. You have logged in.
# Messages used by the secure authenticator
lang.auth.secure.loading=Loading...
lang.auth.secure.init=You are not logged in.\\To log in, type the key sent to the console in chat.
lang.auth.secure.success=§a§lThe key you entered is valid. You have logged in.
lang.auth.secure.console=The player {player} ({uuid}) has requested a login key:\\ -->§r {key} §c§l<--\\!!! THIS KEY EXPIRES IN ONE MINUTE !!!
# The reminder sent to players with a specified permission that an update is available
lang.update.remind=You are running an outdated version of Authenticator\\Please upgrade to the latest version ({latest_version}) ASAP (currently running v{current_version})
# Command messages
lang.cmd.auth.noperm=Insufficient permissions
lang.cmd.auth.unknownsub=Unknown subcommand: {arg}
lang.cmd.auth.version=Running Authenticator version {plugin_version}
lang.cmd.auth.version.usage=Usage: /auth v|er|sion
lang.cmd.auth.help=§9§lShowing help page for §c§lAuthenticator§9§l...\\ §9§lhelp|? §7§l- Shows this help page\\ §9§lv|er|sion §7§l- Shows version information\\ §9§lreset <player> §7§l- Resets the password of a player\\ §9§lreload|rl [config1,config2,etc] §7§l- Reloads all or specific configurations\\ §9§lcheckForUpdates|update §7§l- Checks for updates\\ §9§lrequireAuth <player> §7§l- Requires authentication from <player>\\ §9§lsetpw <new_password> §7§l- Changes your password\\ §9§lfix §7§l- If Authenticator was not able to restore your login status, use this command to do so manually
lang.cmd.auth.help.usage=Usage: /auth help|?
lang.cmd.auth.reset.usage=Usage: /auth reset <playername|uuid>
lang.cmd.auth.reset.pnf=Player not found: {arg}
lang.cmd.auth.reset.ppw=The player {name} ({uuid}) has not set a password
lang.cmd.auth.reset.success=§a§lSuccessfully reset the password of player {name} ({uuid})
lang.cmd.auth.reload.usage=Usage: /auth reload [config1,config2,etc]
lang.cmd.auth.reload.unknowncfg= §eWarning: §cUnknown config: {arg}
lang.cmd.auth.reload.success.1=§a§lReloaded {1}
lang.cmd.auth.reload.success.2=§a§lReloaded {1} and {2}
lang.cmd.auth.reload.success.3=§a§lReloaded {1}, {2} and {3}
lang.cmd.auth.update.usage=Usage: /auth checkForUpdates
lang.cmd.auth.update.found=New version found: {latest_version} (running Authenticator v{current_version})
lang.cmd.auth.update.congrats=§a§lCongratulations! You are running the latest version of Authenticator (v{version})
lang.cmd.auth.update.fail=Failed to check for updates: {ex_name}: {ex_msg}
lang.cmd.auth.require.usage=Usage: /auth requireAuth <player>
lang.cmd.auth.require.pnf=Player not found: {arg}
lang.cmd.auth.require.success=§a§lRequiring authentication of {name}
lang.cmd.auth.require.fail=Player already authenticating
lang.cmd.auth.setpw.usage=Usage: /auth setpw <new_password>
lang.cmd.auth.setpw.nap=Only a player can change their password
lang.cmd.auth.setpw.ppw=Password change not applicable
lang.cmd.auth.setpw.success=§a§lPassword updated to: §r{new_password}
lang.cmd.auth.fix.usage=Usage: /auth fix
lang.cmd.auth.fix.nap=Only a player can execute this command
lang.cmd.auth.fix.ppw=Fix not applicable
lang.cmd.auth.fix.success=§a§lTrying to fix problems...
##################################################################################
# #
# Punishment Syntax #
# #
# The rules of punishments: #
# 1. Each punishment is separated by two backslashes (\\) #
# 2. A punishment consists of a punishment action (read more below) and #
# (optionally) a condition (also: read more below) #
# 3. If you wish to specify a condition, separate it from the action with a #
# backward arrow (<-) #
# 4. In the condition, you can use the following variables: #
# - fail_count: the number of authentication attempts (reset at server #
# restart and successful authentication) #
# - is_op: a boolean indicating whether the player is op #
# 5. For number variables in conditions, you can use the following operators: #
# - >: greater than (binary operator) #
# - <: less than (binary operator) #
# - /: greater than or equal to (binary operator) #
# - \: less than or equal to (binary operator) #
# - =: equal to (binary operator) #
# 6. If you don't use one of the above-mentioned operators on a number, the #
# condition will return true if and only if the number is not 0 #
# 7. You can "link" conditions with parentheses (()[]) and the symbols | (or), #
# & (and), and ^ (xor) #
# 8. A punishment action is just a command to be executed by the console, #
# which DOES start with a slash #
# 9. You can use the following variables inside a punishment action: #
# - %name%: the player name #
# - %uuid%: the player uuid #
# 10.Invalid syntax will result in the punishment being ignored #
# 11.Whitespace will be completely ignored #
# #
# An example explained: #
# /kick %name% <- fail_count < 3 \\ #
# /tban %name% 1d <- fail_count / 3 & fail_count \ 5 \\ #
# /ban %name% <- fail_count > 5 #
# #
# Each line is separated by two backslashes (the \\ at the end of the line), #
# which makes each line an individual punishment. #
# Every lines starts with a command to kick or temporarily or permanently ban #
# the player. The command is then followed by a backward arrow (<-), #
# marking the start of the condition. The arrow could have been omitted to #
# always execute the command. #
# Let us now explore the condition of the second line, the most complicated #
# one. It starts with the following check: fail_count / 3 #
# The "fail_count" represents the amount of attempts the player has already #
# used. The "/" then means "greater than or equal to", and the "3" is just a #
# static number. This checks that the fail count is greater than or equal #
# to 3. #
# This check is followed by an ampersand (&). This means that the condition #
# to its left as well as the condition to its right must be true. #
# Finally, there is a check similar to the one we first explored, which #
# checks whether the fail count is less than or equal to 5 ("\" = "<="). #
# #
##################################################################################
# Permissions for normal login mode can be set in here
# Empty lines or lines starting with a hash tag (#) will be ignored
# Every permission is written on a new line
# The permission "{OP}" (without quotation marks) will apply to all op players
{OP}
authenticator.normallogin
# Permissions for secure login mode can be set in here
# Empty lines or lines starting with a hash tag (#) will be ignored
# Every permission is written on a new line
# The permission "{OP}" (without quotation marks) will apply to all op players
*
'*'
authenticator.securelogin
Note: The comments may be a bit off-place, this is due to HTML not rendering all whitespace. All default resources can also be viewed atfiles.coloredcarrot.com/spigot-authenticator/v2.0.8/
Conditional Punishment System
Authenticator's Conditional Punishment System (CPS) allows you to define multiple condition-based punishments for failing authentication in either normal or secure mode.
The punishments can be configured in the config.properties file, which also contains a small description of the required syntax at the bottom of the configuration. The keys required for this are mode.normal.punish and mode.secure.punish.
Rules of the Punishment Syntax
The first punishment (/deop %name%) defines no condition and is therefore always executed when the player fails authentication. It just de-ops him.
The second punishment has a condition: fail_count \ 2. This basically says that the punishment is only to be executed if the fail count (i.e. the number of attempts the player has already used to log in) of the player is less than or equal to 2.
The third and final punishment also defines a condition: fail_count / 3. This condition is true if the fail count is greater than or equal to 3. This and the previous punishment also both use a placeholder inside their actions: %name%. This gets translated to the player's name.
A note
If you have questions about Authenticator's CPS, feel free to contact me at https://www.spigotmc.org/conversations/add?to=ColoredCarrot&title=Authenticator Support
Secure Mode Key Comparison
When authenticating in secure mode, you previously had to type the key exactly as in the console. This can now be changed in the configuration by using a string metric - a function that compares two strings and returns a number specifying the edit distance between them.
As an example, let's say that you're using the simplest of the three supported string metrics: the Hamming algorithm. Say you wanted to compare the strings "abc" and "acb": the algorithm would return 2 because the first string requires two operations to become the second string ("abc" -> "acc" -> "acb").
The Damerau Levenshtein algorithm would return 1 because it allows character transposition: "abc" -> "acb" (the b and c have been swapped). You can read more about all three supported algorithms on Wikipedia.
If you now specify a maximum edit distance (in this case 2), the key you input only has to be so close to the expected key. For example, this would allow you to type an l (lowercase L) instead of an I (uppercase i) and still pass authentication.
The string metric can be configured under mode.secure.key.compare.method and the maximum edit distance undermode.secure.key.compare.maxdist.
Installation
TO-DO
By downloading / buying this plugin, you agree to the following terms of service:
v2.0.8
Authenticator is an advanced staff authentication system.
Features
- Upon first logging in, the player will be prompted to set a password
- While logging in, the player cannot move, take damage, break or place blocks or execute commands, and they are given blindness and teleported away
- Conditional Punishment System
- BungeeCord Support: Log in once after a server restart and stay logged in when switching servers
- Timeout: If the player takes longer than a configurable amount of time to log in, they will be kicked from the server
- Two modes: Normal Mode, where the player has to input their password, and Secure Mode, where the player has to input a key sent to the console
- String metric support: (Configurable) In secure mode, the typed key only has to be so close to the expected key (the player can substitute l (lowercase L) for I (uppercase i) etc.)
- Passwords aren't stored in the plain text form; only their BCrypt salted hash gets stored as binary data, so not even the server owner knows the players' passwords
- Advanced command system for resetting passwords and reloading configuration files
- Extensive general and language configuration
- Automatic update checking
Gallery
Note: These pictures are not up-to-date; a few messages have been altered.
Commands
- /auth command - permission - description
- /auth help - authenticator.cmd.help - Displays a help page
- /auth reload [config1,config2,etc] - authenticator.cmd.reload - Reloads the specified or all configuration files
- /auth reset <player | uuid> - authenticator.cmd.reset - Resets the password of a player
- /auth [version] - authenticator.cmd.version - Displays version information
- /auth update - authenticator.cmd.update - Checks for updates
- /auth require <player> - authenticator.cmd.require - Requires authentication of <player>
- /auth setpw <new_password> - authenticator.cmd.setpw - Allows players to update their password if they have already set one
Configuration
##################################################################################
# #
# Welcome to the configuration of Authenticator! #
# #
# Here are a few rules to consider when editing this file: #
# 1. This file consists of key-value-pairs. #
# 2. There is no whitespace between the key and value separator (=) #
# 3. Empty lines or lines starting with a hash tag (#) will be ignored #
# 4. Any and all whitespace will be respected when this file is read #
# 5. If a required key-value-pair is missing, the default value will be used. #
# An example for a non-required key-value-pair is data.storage.mysql.xxx #
# if the storage method is NOT set to mysql #
# 6. To use the default value for any key, prefix the line with a hash tag (#) #
# 7. For any key that is prefixed with "lang", the value may be split onto #
# multiple lines with two backslashes (\\) #
# #
# The default configuration can always be restored by deleting this file. #
# #
##################################################################################
# Whether to enable bungeecord support (players will only have to log in once after a server restart)
bungeecord=false
# The mysql data used for bungeecord support, required only if bungeecord=true
bungeecord.mysql.host=localhost
bungeecord.mysql.port=3306
bungeecord.mysql.user=root
bungeecord.mysql.password=root
bungeecord.mysql.database=authenticator
# When to check for updates (possible values: "start" for when the server starts, "stop" for when the server stops, "both" for server start and stop, and "manual" for no update checking)
update.trigger=start
# The permission required to receive reminders that an update is available. {OP} represents op players. Set to "false" (without quotation marks) to disable
update.remind.perm={OP}
# The delay (in ticks, 1 second = 20 ticks) to wait between each update notification
# Default value: 12000 (= 10 minutes) (= 10*60*20 ticks)
update.remind.period=12000
# The source of the respective permissions sources
mode.normal.permissions.source=permissions_normal.txt
mode.secure.permissions.source=permissions_secure.txt
# The minimum and maximum length of the key used for secure mode
mode.secure.key.length.min=20
mode.secure.key.length.max=30
# The character list of the random string generator the secure mode will use
mode.secure.key.chars=abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!"'+-:.;,$%()=?
# The method used to compare the expected key to the input
# May be "exact" for exact, "levenshtein" for levenshtein, "damerau_levenshtein" for damerau levenshtein, and "hamming" for hamming comparision
mode.secure.key.compare.method=exact
# The maximum (Damerau) Levenshtein (or Hamming) distance between the expected key and the input
# Only has an affect if mode.secure.key.compare.method is levenshtein or hamming
mode.secure.key.compare.maxdist=2
# The timeout (in seconds) after which the player will fail the authentication
mode.all.timeout=60
# The punishments for failing authentication
# To read more about punishment syntax, check out the bottom of this file
# !! INVALID SYNTAX WILL FAIL SOMEWHAT SILENTLY !!
mode.normal.punish=/kick %name% §c§l[Authenticator] Authentication failed <- fail_count < 5 \\ /deop %name% <- fail_count / 5 \\ /ban %name% §c§l[Authenticator] You have failed authentication too many times and have been banned from the server to prevent any brute force attacks. Please contact an administrator. <- fail_count / 5
mode.secure.punish=/deop %name% \\ /kick %name% §c§l[Authenticator] Authentication failed <- fail_count \ 2 \\ /ban %name% §c§l[Authenticator] Authentication failed <- fail_count / 3
# The storage method used to store the player data (may be "multiple_files" and "mysql" (without quotation marks))
data.storage.method=multiple_files
# The mysql data
# Required only when data.storage.method=mysql
data.storage.mysql.host=localhost
data.storage.mysql.port=3306
data.storage.mysql.user=root
data.storage.mysql.password=root
data.storage.mysql.database=authenticator
# The prefix used in front of any message
lang.prefix=§c§l[Authenticator]
# General messages used by all authenticators
lang.auth.fail=Authentication failed
lang.auth.timeout=Timeout
# Messages used by the normal setup authenticator (which is mode: normal, when first logging in)
lang.auth.setup.loading=Loading...
lang.auth.setup.init=You have not yet set a password.\\To log in, please set a password by typing it in chat.
lang.auth.setup.success=§a§lYou have set your password to: §r%s
# Messages used by the normal authenticator
lang.auth.normal.loading=Loading...
lang.auth.normal.init=You are not logged in.\\To log in, please type your password in chat.\\If you have forgotten your password, please ask a system administrator to reset it.
lang.auth.normal.success=§a§lThe password you entered is valid. You have logged in.
# Messages used by the secure authenticator
lang.auth.secure.loading=Loading...
lang.auth.secure.init=You are not logged in.\\To log in, type the key sent to the console in chat.
lang.auth.secure.success=§a§lThe key you entered is valid. You have logged in.
lang.auth.secure.console=The player {player} ({uuid}) has requested a login key:\\ -->§r {key} §c§l<--\\!!! THIS KEY EXPIRES IN ONE MINUTE !!!
# The reminder sent to players with a specified permission that an update is available
lang.update.remind=You are running an outdated version of Authenticator\\Please upgrade to the latest version ({latest_version}) ASAP (currently running v{current_version})
# Command messages
lang.cmd.auth.noperm=Insufficient permissions
lang.cmd.auth.unknownsub=Unknown subcommand: {arg}
lang.cmd.auth.version=Running Authenticator version {plugin_version}
lang.cmd.auth.version.usage=Usage: /auth v|er|sion
lang.cmd.auth.help=§9§lShowing help page for §c§lAuthenticator§9§l...\\ §9§lhelp|? §7§l- Shows this help page\\ §9§lv|er|sion §7§l- Shows version information\\ §9§lreset <player> §7§l- Resets the password of a player\\ §9§lreload|rl [config1,config2,etc] §7§l- Reloads all or specific configurations\\ §9§lcheckForUpdates|update §7§l- Checks for updates\\ §9§lrequireAuth <player> §7§l- Requires authentication from <player>\\ §9§lsetpw <new_password> §7§l- Changes your password\\ §9§lfix §7§l- If Authenticator was not able to restore your login status, use this command to do so manually
lang.cmd.auth.help.usage=Usage: /auth help|?
lang.cmd.auth.reset.usage=Usage: /auth reset <playername|uuid>
lang.cmd.auth.reset.pnf=Player not found: {arg}
lang.cmd.auth.reset.ppw=The player {name} ({uuid}) has not set a password
lang.cmd.auth.reset.success=§a§lSuccessfully reset the password of player {name} ({uuid})
lang.cmd.auth.reload.usage=Usage: /auth reload [config1,config2,etc]
lang.cmd.auth.reload.unknowncfg= §eWarning: §cUnknown config: {arg}
lang.cmd.auth.reload.success.1=§a§lReloaded {1}
lang.cmd.auth.reload.success.2=§a§lReloaded {1} and {2}
lang.cmd.auth.reload.success.3=§a§lReloaded {1}, {2} and {3}
lang.cmd.auth.update.usage=Usage: /auth checkForUpdates
lang.cmd.auth.update.found=New version found: {latest_version} (running Authenticator v{current_version})
lang.cmd.auth.update.congrats=§a§lCongratulations! You are running the latest version of Authenticator (v{version})
lang.cmd.auth.update.fail=Failed to check for updates: {ex_name}: {ex_msg}
lang.cmd.auth.require.usage=Usage: /auth requireAuth <player>
lang.cmd.auth.require.pnf=Player not found: {arg}
lang.cmd.auth.require.success=§a§lRequiring authentication of {name}
lang.cmd.auth.require.fail=Player already authenticating
lang.cmd.auth.setpw.usage=Usage: /auth setpw <new_password>
lang.cmd.auth.setpw.nap=Only a player can change their password
lang.cmd.auth.setpw.ppw=Password change not applicable
lang.cmd.auth.setpw.success=§a§lPassword updated to: §r{new_password}
lang.cmd.auth.fix.usage=Usage: /auth fix
lang.cmd.auth.fix.nap=Only a player can execute this command
lang.cmd.auth.fix.ppw=Fix not applicable
lang.cmd.auth.fix.success=§a§lTrying to fix problems...
##################################################################################
# #
# Punishment Syntax #
# #
# The rules of punishments: #
# 1. Each punishment is separated by two backslashes (\\) #
# 2. A punishment consists of a punishment action (read more below) and #
# (optionally) a condition (also: read more below) #
# 3. If you wish to specify a condition, separate it from the action with a #
# backward arrow (<-) #
# 4. In the condition, you can use the following variables: #
# - fail_count: the number of authentication attempts (reset at server #
# restart and successful authentication) #
# - is_op: a boolean indicating whether the player is op #
# 5. For number variables in conditions, you can use the following operators: #
# - >: greater than (binary operator) #
# - <: less than (binary operator) #
# - /: greater than or equal to (binary operator) #
# - \: less than or equal to (binary operator) #
# - =: equal to (binary operator) #
# 6. If you don't use one of the above-mentioned operators on a number, the #
# condition will return true if and only if the number is not 0 #
# 7. You can "link" conditions with parentheses (()[]) and the symbols | (or), #
# & (and), and ^ (xor) #
# 8. A punishment action is just a command to be executed by the console, #
# which DOES start with a slash #
# 9. You can use the following variables inside a punishment action: #
# - %name%: the player name #
# - %uuid%: the player uuid #
# 10.Invalid syntax will result in the punishment being ignored #
# 11.Whitespace will be completely ignored #
# #
# An example explained: #
# /kick %name% <- fail_count < 3 \\ #
# /tban %name% 1d <- fail_count / 3 & fail_count \ 5 \\ #
# /ban %name% <- fail_count > 5 #
# #
# Each line is separated by two backslashes (the \\ at the end of the line), #
# which makes each line an individual punishment. #
# Every lines starts with a command to kick or temporarily or permanently ban #
# the player. The command is then followed by a backward arrow (<-), #
# marking the start of the condition. The arrow could have been omitted to #
# always execute the command. #
# Let us now explore the condition of the second line, the most complicated #
# one. It starts with the following check: fail_count / 3 #
# The "fail_count" represents the amount of attempts the player has already #
# used. The "/" then means "greater than or equal to", and the "3" is just a #
# static number. This checks that the fail count is greater than or equal #
# to 3. #
# This check is followed by an ampersand (&). This means that the condition #
# to its left as well as the condition to its right must be true. #
# Finally, there is a check similar to the one we first explored, which #
# checks whether the fail count is less than or equal to 5 ("\" = "<="). #
# #
##################################################################################
# Permissions for normal login mode can be set in here
# Empty lines or lines starting with a hash tag (#) will be ignored
# Every permission is written on a new line
# The permission "{OP}" (without quotation marks) will apply to all op players
{OP}
authenticator.normallogin
# Permissions for secure login mode can be set in here
# Empty lines or lines starting with a hash tag (#) will be ignored
# Every permission is written on a new line
# The permission "{OP}" (without quotation marks) will apply to all op players
*
'*'
authenticator.securelogin
Note: The comments may be a bit off-place, this is due to HTML not rendering all whitespace. All default resources can also be viewed atfiles.coloredcarrot.com/spigot-authenticator/v2.0.8/
Conditional Punishment System
Authenticator's Conditional Punishment System (CPS) allows you to define multiple condition-based punishments for failing authentication in either normal or secure mode.
The punishments can be configured in the config.properties file, which also contains a small description of the required syntax at the bottom of the configuration. The keys required for this are mode.normal.punish and mode.secure.punish.
Rules of the Punishment Syntax
- Each punishment is separated by two backslashes (\\)
- A punishment consists of a punishment action (read more below) and (optionally) a condition (read more below)
- If you wish to specify a condition, separate it from the action with a backwards arrow (<-)
- In the condition, you can use the following variables:
- fail_count: the number of authentication attempts (reset at server restart and successful authentication)
- is_op: a boolean indicating whether the player is op - For number variables in conditions, you can use the following operators:
- >: greater than
- <: less than
- /: greater than or equal to
- \: less than or equal to
- =: equal to - If you don't use one of the above-mentioned operators on a number, the condition will return true if and only if the number is not 0
- You can "link" conditions with parentheses (()[]) and the symbols | (or), & (and), and ^ (xor)
- A punishment action is just a command to be executed by the console, which DOES start with a slash
- You can use the following variables inside a punishment action:
- %name%: the player name
- %uuid%: the player uuid - Invalid syntax will result in the punishment being ignored
- Whitespace will be completely ignored
- /deop %name% \\ /kick %name% §c§l[Authenticator] Authentication failed <- fail_count \ 2 \\ /ban %name% §c§l[Authenticator] Authentication failed <- fail_count / 3
The first punishment (/deop %name%) defines no condition and is therefore always executed when the player fails authentication. It just de-ops him.
The second punishment has a condition: fail_count \ 2. This basically says that the punishment is only to be executed if the fail count (i.e. the number of attempts the player has already used to log in) of the player is less than or equal to 2.
The third and final punishment also defines a condition: fail_count / 3. This condition is true if the fail count is greater than or equal to 3. This and the previous punishment also both use a placeholder inside their actions: %name%. This gets translated to the player's name.
A note
If you have questions about Authenticator's CPS, feel free to contact me at https://www.spigotmc.org/conversations/add?to=ColoredCarrot&title=Authenticator Support
Secure Mode Key Comparison
When authenticating in secure mode, you previously had to type the key exactly as in the console. This can now be changed in the configuration by using a string metric - a function that compares two strings and returns a number specifying the edit distance between them.
As an example, let's say that you're using the simplest of the three supported string metrics: the Hamming algorithm. Say you wanted to compare the strings "abc" and "acb": the algorithm would return 2 because the first string requires two operations to become the second string ("abc" -> "acc" -> "acb").
The Damerau Levenshtein algorithm would return 1 because it allows character transposition: "abc" -> "acb" (the b and c have been swapped). You can read more about all three supported algorithms on Wikipedia.
If you now specify a maximum edit distance (in this case 2), the key you input only has to be so close to the expected key. For example, this would allow you to type an l (lowercase L) instead of an I (uppercase i) and still pass authentication.
The string metric can be configured under mode.secure.key.compare.method and the maximum edit distance undermode.secure.key.compare.maxdist.
Installation
- Download and drag Authenticator-v2.x.x into your plugins folder. You may wish to check the integrity:
MD5: 64A0F6E3F2EC7D3C9F96FB83EB607E95 - Restart the server
- Edit the configuration files
- Use /auth reload to reload the configurations
- Enjoy!
TO-DO
- Give player blindness and teleport him away while logging in
- Add a command system: /auth[enticator]
- Messages config
- Add a little bit of salt to the password hashes
- Add a command to require authentication
- Auto-Updater
- ... Suggest your ideas here!
By downloading / buying this plugin, you agree to the following terms of service:
- You will not reupload, resell, or in any way make this plugin available to anyone for any reason
- You will not get a refund under any circumstances
- You will only use this plugin on one server (BungeeCord networks count as one)
- You will not decompile or in any way change anything included in the plugin jar file
- I hold the right to change these TOS whenever I wish to, without any notification
![[bd] Attachment Store for XenForo 2.0](/data/resource_icons/2/2384.jpg?1553353241){kind=icon}