mirror of
https://github.com/AuthMe/AuthMeReloaded.git
synced 2024-11-14 06:16:53 +01:00
The best authentication plugin for the Bukkit/Spigot API!
authenticationauthmebukkitbukkit-pluginbukkitdevcraftbukkitcurseforgedatabasejavaminecraftminecraft-adminminecraft-pluginsecurityspigotspigot-plugin
32d92e13c5
If Spigot is running without a proxy, an incoming BungeeCord can also originate from a malicious player. This happens, because there is no proxy preventing this message. There appears to be no method to check if this message comes from a trusted source from the Bukkit side. This implementation checks if BungeeCord support is enabled in Spigot. This means that we notify them that we actually expect a proxy enabled configuration for this feature. This solves the issue, where the hook was enabled, because the server was earlier configured with proxies in mind, but they are no longer used. **Nevertheless** this doesn't fully solve the issue, because in misconfigured setups, where the Spigot server is publicly accessible, it's still possible. However this is always a recommended configuration step. Alternative solutions were rejected like: 1) Check on incoming BungeeCord message, if we received BungeeCord forwarding data during login This data can be fully faked by the player too. 2) Check the connection properties if the appearing proxy is local. While this is possible, there instance that the proxy is not on the same network although it's legitimate. Although it could be possible to introduce this with a configuration option, but it would increase the complexity for users. Related #2559 Related #2571 |
||
|---|---|---|
| .github | ||
| .idea | ||
| docs | ||
| samples | ||
| src | ||
| .checkstyle.xml | ||
| .codeclimate.yml | ||
| .editorconfig | ||
| .gitignore | ||
| .travis.yml | ||
| LICENSE | ||
| pom.xml | ||
| README.md | ||
| wallpaper.png | ||
AuthMeReloaded
"The best authentication plugin for the Bukkit modding API!"
| Type | Badges |
|---|---|
| General: | |
| Code quality: |   |
| Jenkins CI: |   |
| Other CIs: |  |
Description
Prevent username stealing on your server!
Use it to secure your Offline mode server or to increase your Online mode server's protection!
AuthMeReloaded disallows players who aren't authenticated to do actions like placing blocks, moving,
typing commands or using the inventory. It can also kick players with uncommonly long or short player names or kick players from banned countries.
With the Session Login feature you don't have to execute the authentication command every time you connect to the server! Each command and every feature can be enabled or disabled from our well structured configuration file.
You can also create your own translation file and, if you want, you can share it with us! :)
Features:
- E-Mail Recovery System!
- Username spoofing protection.
- Countries Whitelist/Blacklist! (country codes)
- Built-in AntiBot System!
- ForceLogin Feature: Admins can login with all account via console command!
- Avoid the "Logged in from another location" message!
- Two-factor (2FA) support!
- Session Login!
- Editable translations and messages!
- MySQL and SQLite Backend support!
- Supported password encryption algorithms: SHA256, ARGON2, BCRYPT, PBKDF2, xAuth
- Supported alternative registration methods:
- PHPBB, VBulletin: PHPBB - MD5VB
- Xenforo: XFBCRYPT
- MyBB: MYBB
- IPB3: IPB3
- IPB4: IPB4
- PhpFusion: PHPFUSION
- Joomla: JOOMLA
- WBB3: WBB3*
- SHA512: SALTEDSHA512
- DoubleSaltedMD5: SALTED2MD5
- WordPress: WORDPRESS
- List of all supported hashes
- Custom MySQL tables/columns names (useful with forum databases)
- Cached database queries!
- Fully compatible with Citizens2, CombatTag, CombatTagPlus!
- Compatible with Minecraft mods like BuildCraft or RedstoneCraft
- Restricted users (associate a username with an IP)
- Protect player's inventory until correct authentication (requires ProtocolLib)
- Saves the quit location of the player
- Automatic database backup
- Available languages: translations
- Built-in Deprecated FlatFile (auths.db) to SQL (authme.sql) converter!
- Import your old database from other plugins like Rakamak, xAuth, CrazyLogin, RoyalAuth and vAuth!
Configuration
Commands
Permissions
- authme.player.* - for all user commands
- authme.admin.* - for all admin commands
- List of all permission nodes
How To
- How to use the converter
- How to import database from xAuth
- Website integration
- How to convert from Rakamak
- Convert between database types (e.g. SQLite to MySQL): /authme converter
Links and Contacts
-
Support:
-
Dev resources:
<repositories> <repository> <id>codemc-repo</id> <url>https://repo.codemc.org/repository/maven-public/</url> </repository> </repositories> <dependencies> <dependency> <groupId>fr.xephi</groupId> <artifactId>authme</artifactId> <version>5.6.0-SNAPSHOT</version> <scope>provided</scope> </dependency> </dependencies> -
Statistics:
Requirements
Compiling requirements:
- JDK 8 (JDK 17 is recommended)
- Maven
- Git/Github (Optional)
How to compile the project:
- Clone the project with Git/Github
- Execute command "mvn clean package"
Running requirements:
- Java 8 (Java 11 is recommended)
- Paper or Spigot (1.8.X and up)
(In case you use Thermos, Cauldron or similar, you have to update the SpecialSource library to support Java 8 plugins. HowTo: https://github.com/games647/FastLogin/issues/111#issuecomment-272331347)- ProtocolLib (optional, required by some features)
Credits
Contributors:
Team members: developers, translators
Credits for the old version of the plugin: d4rkwarriors, fabe1337, Whoami2 and pomo4ka
Thanks also to: AS1LV3RN1NJA, Hoeze and eprimex
GeoIP License:
This product uses data from the GeoLite API created by MaxMind, available at https://www.maxmind.com