ExtraAuth
ExtraAuth
Description
ExtraAuth is an extra security plugin.
For example:
You can use it for blocking so other user can't play on your account without authentication.
Or if want to block access to some command if the user hasn't authenticated. (This currently requires the plugin to use my API)
There's an API that other developers can use to get events, for example when a authentication was successful.
TOTP requires Google Authenticator:
The authentication system is all optional, if a player wants is he/she can enable it via /auth enable, and disable it with /auth disable. Provided that the player has the permissions.
Features
- TOTP authentication
- Password authentication
- OneTimeKey authentication
- Timeout of the reauthentication, so if got disconnect you don't need to reauthenticate, if you connect again within the the timeout.
Authentication methods
- TOTP (Time-based One-time Password Algorithm) - This is a really secure technology, you just need Google Authenticator.
- And when you want to authenticate you just need to use the key that Google Authenticator gave you.
- When you enable TOTP you will get a link to an QR code which you need to scan with Google Authenticator, so it can set up you profile correctly.
- Key (Password) - This isn't a really secure method, but I added it because easier to use.
- OneTimeKey - Like Key authentication but only for one login.
Configuration
Configuring the plugin is really simple:
Servername: Unknown Server #The name for the server, this will be shown in Google Authenticator SettingsVersion: 1 #The version of the settings file, You should never change this value! ReauthenticateTimeout: 5 #How long the reauthentication timeout should be in minutes Language: en-US #The language file ExtraAuth should use BlockChat: true #If a player that isn't authenticated should be able to chat FreezePlayer: true #If a player that isn't authenticated should be able to move
Commands
The commands can either start with /auth or /extraauth, I will use /auth in this example.
- /auth help (pagenumber) - This will show the help page. The <number> will specify what page to show.
- /auth reload - Reloads ExtraAuth.
- /auth <KEY> - Authenticates with the key to your account.
- /auth enable <Method> [Arg] - Enabling the Method on your account. Some example of some methods
- /auth enable totp - Enabling a TOTP authentication on you account. (Uses the Google Authenticator app)
- /auth enable key <KEY> - Enabling a key based authentication on you account.
- /auth enable onetimekey <KEY> - Enabling the one time key based authentication on you account
- /auth enableother <Player> <Method> [Arg] - Enabling the Method on <Player> account. Like /auth enable, TOTP won't work
- /auth disable - Disabling ExtraAuth on your account.
- /auth disableother <Player> - Disabling ExtraAuth on the <Player>s account.
Permissions
- auth.all - Gives all of the permissions.
- auth.reload - Allows the players to reload ExtraAuth.
- auth.enable.onetimekey - Allows the player to use onetimekey authentication.
- auth.enable.key - Allows the player to use key authentication.
- auth.enable.totp - Allows the player to use TOTP authentication.
- auth.enableother.onetimekey - Allows the player to enable onetimekey authentication on other players..
- auth.enableother.key - Allows the player to enable key authentication on other players.
- auth.disable - Allows the player to disable ExtraAuth on their account.
- auth.disableother - Allows the player to disable ExtraAuth on other players.
Dependencies
This plugin requires Vault
MCStats
This plugin utilises Hidendra's plugin metrics system, which means that the following information is collected and sent to mcstats.org:
- A unique identifier
- The server's version of Java
- Whether the server is in offline or online mode
- The plugin's version
- The server's version
- The OS version/name and architecture
- The core count for the CPU
- The number of players online
- The Metrics version
You are free to opt-out of submitting data whenever you wish. This will immediately stop sending data for any plugins that supports MCStats / Plugin Metrics. Simply edit plugins/PluginMetrics/config.yml and change opt-out: false to true.
Github
The code is licensed under GPLv2 and ApacheV2.
Donate
If you want to support me, you can donate.
@graywolf336
It it's programmed to block all commands. But I can't guarantee it. Just test and see. :)
Quick question, does this block all commands from being accessed if they aren't authenticated? Or does it just prevent sending chat and moving?