Add 2fa support

src/main/java/fr/xephi/authme/command/executable/register/RegisterCommand.java

@@ -4,9 +4,11 @@ import fr.xephi.authme.command.CommandService;
 import fr.xephi.authme.command.PlayerCommand;
 import fr.xephi.authme.output.MessageKey;
 import fr.xephi.authme.process.Management;
+import fr.xephi.authme.security.HashAlgorithm;
 import fr.xephi.authme.security.RandomString;
 import fr.xephi.authme.settings.Settings;
 import fr.xephi.authme.util.Utils;
+
 import org.bukkit.entity.Player;
 
 import java.util.List;
@@ -15,6 +17,12 @@ public class RegisterCommand extends PlayerCommand {
 
     @Override
     public void runCommand(Player player, List<String> arguments, CommandService commandService) {
+        if (Settings.getPasswordHash == HashAlgorithm.TWO_FACTOR) {
+            //for two factor auth we don't need to check the usage
+            commandService.getManagement().performRegister(player, "", "");
+            return;
+        }
+
         if (arguments.isEmpty() || Settings.enablePasswordConfirmation && arguments.size() < 2) {
             commandService.send(player, MessageKey.USAGE_REGISTER);
             return;
@@ -26,19 +34,23 @@ public class RegisterCommand extends PlayerCommand {
                 commandService.send(player, MessageKey.USAGE_REGISTER);
                 return;
             }
+
             final String email = arguments.get(0);
             if (!Utils.isEmailCorrect(email, commandService.getSettings())) {
                 commandService.send(player, MessageKey.INVALID_EMAIL);
                 return;
             }
+
             final String thePass = RandomString.generate(Settings.getRecoveryPassLength);
             management.performRegister(player, thePass, email);
             return;
         }
+
         if (arguments.size() > 1 && Settings.enablePasswordConfirmation && !arguments.get(0).equals(arguments.get(1))) {
             commandService.send(player, MessageKey.PASSWORD_MATCH_ERROR);
             return;
         }
+
         management.performRegister(player, arguments.get(0), "");
     }
 

src/main/java/fr/xephi/authme/output/MessageKey.java

@@ -123,8 +123,9 @@ public enum MessageKey {
 
     ANTIBOT_AUTO_DISABLED_MESSAGE("antibot_auto_disabled", "%m"),
 
-    EMAIL_ALREADY_USED_ERROR("email_already_used");
+    EMAIL_ALREADY_USED_ERROR("email_already_used"),
 
+    TWO_FACTOR_CREATE("two_factor_create", "%code", "%url");
 
     private String key;
     private String[] tags;

src/main/java/fr/xephi/authme/process/register/AsyncRegister.java

@@ -8,9 +8,12 @@ import fr.xephi.authme.datasource.DataSource;
 import fr.xephi.authme.output.MessageKey;
 import fr.xephi.authme.output.Messages;
 import fr.xephi.authme.permission.PlayerPermission;
+import fr.xephi.authme.security.HashAlgorithm;
 import fr.xephi.authme.security.crypts.HashedPassword;
+import fr.xephi.authme.security.crypts.TwoFactor;
 import fr.xephi.authme.settings.NewSetting;
 import fr.xephi.authme.settings.Settings;
+import org.bukkit.Bukkit;
 import org.bukkit.entity.Player;
 
 /**
@@ -48,19 +51,27 @@ public class AsyncRegister {
         } else if (!Settings.isRegistrationEnabled) {
             m.send(player, MessageKey.REGISTRATION_DISABLED);
             return false;
-        } else if (!passLow.matches(Settings.getPassRegex)) {
+        }
-            m.send(player, MessageKey.PASSWORD_MATCH_ERROR);
+
-            return false;
+        //check the password safety only if it's not a automatically generated password
-        } else if (passLow.equalsIgnoreCase(player.getName())) {
+        if (Settings.getPasswordHash != HashAlgorithm.TWO_FACTOR) {
-            m.send(player, MessageKey.PASSWORD_IS_USERNAME_ERROR);
+            if (!passLow.matches(Settings.getPassRegex)) {
-            return false;
+                m.send(player, MessageKey.PASSWORD_MATCH_ERROR);
-        } else if (password.length() < Settings.getPasswordMinLen || password.length() > Settings.passwordMaxLength) {
+                return false;
-            m.send(player, MessageKey.INVALID_PASSWORD_LENGTH);
+            } else if (passLow.equalsIgnoreCase(player.getName())) {
-            return false;
+                m.send(player, MessageKey.PASSWORD_IS_USERNAME_ERROR);
-        } else if (!Settings.unsafePasswords.isEmpty() && Settings.unsafePasswords.contains(password.toLowerCase())) {
+                return false;
-            m.send(player, MessageKey.PASSWORD_UNSAFE_ERROR);
+            } else if (password.length() < Settings.getPasswordMinLen || password.length() > Settings.passwordMaxLength) {
-            return false;
+                m.send(player, MessageKey.INVALID_PASSWORD_LENGTH);
-        } else if (database.isAuthAvailable(name)) {
+                return false;
+            } else if (!Settings.unsafePasswords.isEmpty() && Settings.unsafePasswords.contains(password.toLowerCase())) {
+                m.send(player, MessageKey.PASSWORD_UNSAFE_ERROR);
+                return false;
+            }
+        }
+
+        //check this in both possiblities so don't use 'else if'
+        if (database.isAuthAvailable(name)) {
             m.send(player, MessageKey.NAME_ALREADY_REGISTERED);
             return false;
         } else if (Settings.getmaxRegPerIp > 0
@@ -133,14 +144,22 @@ public class AsyncRegister {
             m.send(player, MessageKey.ERROR);
             return;
         }
+
         if (!Settings.forceRegLogin) {
             //PlayerCache.getInstance().addPlayer(auth);
             //database.setLogged(name);
             // TODO: check this...
             plugin.getManagement().performLogin(player, "dontneed", true);
         }
+
         plugin.otherAccounts.addPlayer(player.getUniqueId());
         ProcessSyncPasswordRegister sync = new ProcessSyncPasswordRegister(player, plugin, settings);
         plugin.getServer().getScheduler().scheduleSyncDelayedTask(plugin, sync);
+
+        //give the user the secret code to setup their app code generation
+        if (Settings.getPasswordHash == HashAlgorithm.TWO_FACTOR) {
+            String qrCodeUrl = TwoFactor.getQRBarcodeURL(player.getName(), Bukkit.getIp(), hashedPassword.getHash());
+            m.send(player, MessageKey.TWO_FACTOR_CREATE, hashedPassword.getHash(), qrCodeUrl);
+        }
     }
 }

src/main/java/fr/xephi/authme/security/HashAlgorithm.java

@@ -29,6 +29,7 @@ public enum HashAlgorithm {
     SHA1(fr.xephi.authme.security.crypts.SHA1.class),
     SHA256(fr.xephi.authme.security.crypts.SHA256.class),
     SHA512(fr.xephi.authme.security.crypts.SHA512.class),
+    TWO_FACTOR(fr.xephi.authme.security.crypts.TwoFactor.class),
     SMF(fr.xephi.authme.security.crypts.SMF.class),
     WBB3(fr.xephi.authme.security.crypts.WBB3.class),
     WBB4(fr.xephi.authme.security.crypts.WBB4.class),

src/main/java/fr/xephi/authme/security/crypts/TwoFactor.java

@@ -0,0 +1,125 @@
+package fr.xephi.authme.security.crypts;
+
+import com.google.common.escape.Escaper;
+import com.google.common.io.BaseEncoding;
+import com.google.common.net.UrlEscapers;
+import com.google.common.primitives.Ints;
+
+import fr.xephi.authme.security.crypts.description.HasSalt;
+import fr.xephi.authme.security.crypts.description.Recommendation;
+import fr.xephi.authme.security.crypts.description.SaltType;
+import fr.xephi.authme.security.crypts.description.Usage;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.Arrays;
+import java.util.Calendar;
+import java.util.concurrent.TimeUnit;
+
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+
+@Recommendation(Usage.DOES_NOT_WORK)
+@HasSalt(SaltType.NONE)
+public class TwoFactor extends UnsaltedMethod {
+
+    private static final int SCRET_BYTE = 10;
+    private static final int SCRATCH_CODES = 5;
+    private static final int BYTES_PER_SCRATCH_CODE = 4;
+
+    private static final int TIME_PRECISION = 3;
+    private static final String CRYPTO_ALGO = "HmacSHA1";
+
+    public static String getQRBarcodeURL(String user, String host, String secret) {
+        String format = "https://www.google.com/chart?chs=130x130&chld=M%%7C0&cht=qr&chl="
+                + "otpauth://totp/"
+                + "%s@%s%%3Fsecret%%3D%s";
+        Escaper urlEscaper = UrlEscapers.urlFragmentEscaper();
+        return String.format(format, urlEscaper.escape(user), urlEscaper.escape(host), secret);
+    }
+
+    @Override
+    public String computeHash(String password) {
+        // Allocating the buffer
+        byte[] buffer = new byte[SCRET_BYTE + SCRATCH_CODES * BYTES_PER_SCRATCH_CODE];
+
+        // Filling the buffer with random numbers.
+        // Notice: you want to reuse the same random generator
+        // while generating larger random number sequences.
+        new SecureRandom().nextBytes(buffer);
+
+        // Getting the key and converting it to Base32
+        byte[] secretKey = Arrays.copyOf(buffer, SCRET_BYTE);
+        return BaseEncoding.base32().encode(secretKey);
+    }
+
+    @Override
+    public boolean comparePassword(String password, HashedPassword hashedPassword, String name) {
+        try {
+            return checkPassword(hashedPassword.getHash(), password);
+        } catch (NoSuchAlgorithmException | InvalidKeyException encryptionException) {
+            throw new UnsupportedOperationException("Failed to compare passwords", encryptionException);
+        }
+    }
+
+    public boolean checkPassword(String secretKey, String userInput)
+            throws NoSuchAlgorithmException, InvalidKeyException {
+        Integer code = Ints.tryParse(userInput);
+        if (code == null) {
+            //code is not an integer
+            return false;
+        }
+
+        long currentTime = Calendar.getInstance().getTimeInMillis() / TimeUnit.SECONDS.toMillis(30);
+        return check_code(secretKey, code, currentTime);
+    }
+
+    private boolean check_code(String secret, long code, long t)
+            throws NoSuchAlgorithmException, InvalidKeyException {
+        byte[] decodedKey = BaseEncoding.base32().decode(secret);
+
+        // Window is used to check codes generated in the near past.
+        // You can use this value to tune how far you're willing to go.
+        int window = TIME_PRECISION;
+        for (int i = -window; i <= window; ++i) {
+            long hash = verify_code(decodedKey, t + i);
+
+            if (hash == code) {
+                return true;
+            }
+        }
+
+        // The validation code is invalid.
+        return false;
+    }
+
+    private int verify_code(byte[] key, long t) throws NoSuchAlgorithmException, InvalidKeyException {
+        byte[] data = new byte[8];
+        long value = t;
+        for (int i = 8; i-- > 0; value >>>= 8) {
+            data[i] = (byte) value;
+        }
+
+        SecretKeySpec signKey = new SecretKeySpec(key, CRYPTO_ALGO);
+        Mac mac = Mac.getInstance(CRYPTO_ALGO);
+        mac.init(signKey);
+        byte[] hash = mac.doFinal(data);
+
+        int offset = hash[20 - 1] & 0xF;
+
+        // We're using a long because Java hasn't got unsigned int.
+        long truncatedHash = 0;
+        for (int i = 0; i < 4; ++i) {
+            truncatedHash <<= 8;
+            // We are dealing with signed bytes:
+            // we just keep the first byte.
+            truncatedHash |= (hash[offset + i] & 0xFF);
+        }
+
+        truncatedHash &= 0x7FFF_FFFF;
+        truncatedHash %= 1_000_000;
+
+        return (int) truncatedHash;
+    }
+}

src/main/java/fr/xephi/authme/settings/properties/SecuritySettings.java

@@ -9,6 +9,7 @@ import java.util.List;
 
 import static fr.xephi.authme.settings.domain.Property.newProperty;
 import static fr.xephi.authme.settings.domain.PropertyType.STRING_LIST;
+import static fr.xephi.authme.settings.domain.Property.newProperty;
 
 public class SecuritySettings implements SettingsClass {
 

src/main/resources/messages/messages_bg.yml

@@ -58,3 +58,4 @@ antibot_auto_enabled: '[AuthMe] AntiBotMod автоматично включен
 antibot_auto_disabled: '[AuthMe] AntiBotMod автоматично изключване след %m Минути.'
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
 email_exists: '&cA recovery email was already sent! You can discard it and send a new one using the command below:'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_br.yml

@@ -59,3 +59,4 @@ email_exists: '&cUm email de recuperação já foi enviado! Você pode reenviar
 country_banned: '&4Seu país foi banido do servidor! Your country is banned from this server!'
 antibot_auto_enabled: '&4[AntiBotService] AntiBot ativado devido ao grande número de conexões!'
 antibot_auto_disabled: '&2[AntiBotService] AntiBot desativado após %m minutos!'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_cz.yml

@@ -57,3 +57,4 @@ antibot_auto_enabled: '[AuthMe] AntiBotMod automaticky spusten z duvodu masivnic
 antibot_auto_disabled: '[AuthMe] AntiBotMod automaticky ukoncen po %m minutach, doufejme v konec invaze'
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
 email_exists: '&cA recovery email was already sent! You can discard it and send a new one using the command below:'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_de.yml

@@ -57,3 +57,4 @@ country_banned: '&4Dein Land ist gesperrt'
 antibot_auto_enabled: '&4[AntiBotService] AntiBotMod wurde aufgrund hoher Netzauslastung automatisch aktiviert!'
 antibot_auto_disabled: '&2[AntiBotService] AntiBotMod wurde nach %m Minuten deaktiviert, hoffentlich ist die Invasion vorbei'
 kick_antibot: 'AntiBotMod ist aktiviert! Bitte warte einige Minuten, bevor du dich mit dem Server verbindest'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_en.yml

@@ -58,3 +58,4 @@ country_banned: '&4Your country is banned from this server!'
 antibot_auto_enabled: '&4[AntiBotService] AntiBot enabled due to the huge number of connections!'
 antibot_auto_disabled: '&2[AntiBotService] AntiBot disabled disabled after %m minutes!'
 email_already_used: '&4The email address is already being used'
+two_factor_create: '&2Your secret code is %code. You can scan it from here %url'

src/main/resources/messages/messages_es.yml

@@ -58,3 +58,4 @@ antibot_auto_enabled: '[AuthMe] AntiBotMod activado automáticamente debido a co
 antibot_auto_disabled: '[AuthMe] AntiBotMod desactivado automáticamente luego de %m minutos. Esperamos que haya terminado'
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
 email_exists: '&cA recovery email was already sent! You can discard it and send a new one using the command below:'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_eu.yml

@@ -57,3 +57,4 @@ country_banned: '[AuthMe]Zure herrialdea blokeatuta dago zerbitzari honetan'
 antibot_auto_enabled: '[AuthMe] AntiBotMod automatically enabled due to massive connections!'
 antibot_auto_disabled: '[AuthMe] AntiBotMod automatically disabled after %m Minutes,hope invasion stopped'
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_fi.yml

@@ -57,3 +57,4 @@ antibot_auto_enabled: '[AuthMe] AntiBotMod automatically enabled due to massive
 antibot_auto_disabled: '[AuthMe] AntiBotMod automatically disabled after %m Minutes, hope invasion stopped'
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
 email_exists: '&cA recovery email was already sent! You can discard it and send a new one using the command below:'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_fr.yml

@@ -58,3 +58,4 @@ antibot_auto_enabled: '[AuthMe] AntiBotMod a été activé automatiquement à ca
 antibot_auto_disabled: '[AuthMe] AntiBotMod a été désactivé automatiquement après %m Minutes, espérons que l''invasion soit arrêtée!'
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
 email_exists: '&cA recovery email was already sent! You can discard it and send a new one using the command below:'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_gl.yml

@@ -59,3 +59,4 @@ antibot_auto_disabled: '[AuthMe] AntiBotMod  desactivouse automáticamente despo
   esperemos que a invasión se detivera'
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
 email_exists: '&cA recovery email was already sent! You can discard it and send a new one using the command below:'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_hu.yml

@@ -57,3 +57,4 @@ country_banned: '&4Az országod tiltólistán van ezen a szerveren!'
 antibot_auto_enabled: '&4[AntiBot] Az AntiBot védelem bekapcsolt a nagy számú hálózati kapcsolat miatt!'
 antibot_auto_disabled: '&2[AntiBot] Az AntiBot kikapcsol %m múlva!'
 kick_antibot: 'Az AntiBot védelem bekapcsolva! Kérünk várj pár másodpercet a csatlakozáshoz.'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_id.yml

@@ -57,3 +57,4 @@ country_banned: '&4Your country is banned from this server!'
 antibot_auto_enabled: '&4[AntiBotService] AntiBot diaktifkan dikarenakan banyak koneksi yg diterima!'
 antibot_auto_disabled: '&2[AntiBotService] AntiBot dimatikan setelah %m menit!'
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_it.yml

@@ -57,3 +57,4 @@ country_banned: 'Il tuo paese è bandito da questo server!'
 antibot_auto_enabled: 'Il servizio di AntiBot è stato automaticamente abilitato a seguito delle numerose connessioni!'
 antibot_auto_disabled: "Il servizio di AntiBot è stato automaticamente disabilitato dopo %m Minuti, sperando che l'attacco sia finito!"
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_ko.yml

@@ -61,3 +61,4 @@ country_banned: '당신의 국가는 이 서버에서 차단당했습니다'
 antibot_auto_enabled: '[AuthMe] 봇차단모드가 연결 개수 때문에 자동적으로 활성화됩니다!'
 antibot_auto_disabled: '[AuthMe] 봇차단모드가 %m 분 후에 자동적으로 비활성화됩니다'
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_lt.yml

@@ -57,3 +57,4 @@ antibot_auto_enabled: '[AuthMe] AntiBotMod automatically enabled due to massive
 antibot_auto_disabled: '[AuthMe] AntiBotMod automatically disabled after %m Minutes, hope invasion stopped'
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
 email_exists: '&cA recovery email was already sent! You can discard it and send a new one using the command below:'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_nl.yml

@@ -57,3 +57,4 @@ antibot_auto_disabled: '[AuthMe] AntiBotMod automatisch uitgezet na %m minuten,
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
 email_exists: '&cA recovery email was already sent! You can discard it and send a new one using the command below:'
 reg_email_msg: '&3Please, register to the server with the command "/register <email> <confirmEmail>"'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_pl.yml

@@ -57,3 +57,4 @@ antibot_auto_enabled: '[AuthMe] AntiBotMod automatically enabled due to massive
 antibot_auto_disabled: '[AuthMe] AntiBotMod automatically disabled after %m Minutes, hope invasion stopped'
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
 email_exists: '&cA recovery email was already sent! You can discard it and send a new one using the command below:'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_pt.yml

@@ -58,3 +58,4 @@ antibot_auto_enabled: '[AuthMe] AntiBotMod activado automaticamente devido a um
 antibot_auto_disabled: '[AuthMe] AntiBotMod desactivado automaticamente após %m minutos, esperamos que a invasão tenha parado'
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
 email_exists: '&cA recovery email was already sent! You can discard it and send a new one using the command below:'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_ru.yml

@@ -57,3 +57,4 @@ antibot_auto_enabled: '&a[AuthMe] AntiBot-режим автоматически
 antibot_auto_disabled: '&a[AuthMe] AntiBot-режим автоматичски отключен после %m мин. Надеюсь атака закончилась'
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
 email_exists: '&cA recovery email was already sent! You can discard it and send a new one using the command below:'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_sk.yml

@@ -61,3 +61,4 @@ antibot_auto_enabled: '[AuthMe] AntiBotMod automatically enabled due to massive
 antibot_auto_disabled: '[AuthMe] AntiBotMod automatically disabled after %m Minutes, hope invasion stopped'
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
 email_exists: '&cA recovery email was already sent! You can discard it and send a new one using the command below:'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_tr.yml

@@ -57,3 +57,4 @@ country_banned: 'Ulken bu serverdan banlandi !'
 antibot_auto_enabled: '[AuthMe] AntiBotMode otomatik olarak etkinlestirildi!'
 antibot_auto_disabled: '[AuthMe] AntiBotMode %m dakika sonra otomatik olarak isgal yuzundan devredisi birakildi'
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_uk.yml

@@ -57,3 +57,4 @@ antibot_auto_enabled: '[AuthMe] AntiBotMod автоматично увімкне
 antibot_auto_disabled: '[AuthMe] AntiBotMod автоматично вимкнувся, сподіваємось атака зупинена'
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
 email_exists: '&cA recovery email was already sent! You can discard it and send a new one using the command below:'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_vn.yml

@@ -57,3 +57,4 @@ password_error_nick: '&cYou can''t use your name as password, please choose anot
 password_error_unsafe: '&cThe chosen password isn''t safe, please choose another one...'
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
 email_exists: '&cA recovery email was already sent! You can discard it and send a new one using the command below:'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_zhcn.yml

@@ -59,3 +59,4 @@ email_send: '&8[&6用戶系統&8] 忘記密碼信件已寄出，請查收。'
 country_banned: '&8[&6用戶系統&8] 本伺服器已停止對你的國家提供遊戲服務。'
 antibot_auto_enabled: '&8[&6用戶系統&8] 防止機械人程序已因應現時大量不尋常的連線而啟用。'
 antibot_auto_disabled: '&8[&6用戶系統&8] 防止機械人程序檢查到不正常連接數已減少，並於 %m 分鐘後停止運作。'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_zhhk.yml

@@ -60,3 +60,4 @@ antibot_auto_enabled: '&8[&6用戶系統&8] 防止機械人程序已因應現時
 antibot_auto_disabled: '&8[&6用戶系統&8] 不正常連接數已減少，防止機械人程序將於 %m 分鐘後停止。'
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
 email_exists: '&cA recovery email was already sent! You can discard it and send a new one using the command below:'
+two_factor_create: '&2Your secret code is %code'

src/main/resources/messages/messages_zhtw.yml

@@ -60,3 +60,4 @@ country_banned: '&b【AuthMe】&6你所在的地區無法進入此伺服器'
 antibot_auto_enabled: '&b【AuthMe】&6AntiBotMod已自動啟用!'
 antibot_auto_disabled: '&b【AuthMe】&6AntiBotMod將會於 &c%m &6分鐘後自動關閉'
 kick_antibot: 'AntiBot protection mode is enabled! You have to wait some minutes before joining the server.'
+two_factor_create: '&2Your secret code is %code'