xAuth 2.0 - Discussion & Ideas

Discussion in 'WIP and Development Status' started by CypherX, May 21, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    This thread is for general discussion and ideas/suggestions for the next major release of my plugin, xAuth. Throughout the development of xAuth 2.0 I'll be posting questions regarding certain features here to get the opinion of you, the users.

    Details on a few of the major changes:
    • Completely new codebase developed from scratch
    • Data is now persisted using Bukkit Persistence or MySQL instead of flatfile
    • Sessions now save through server restarts/reloads
    xAuth Importer will also be updated to add the ability to convert from the old xAuth flatfile format into one of the new data persisting formats.

    Development Questions
    1. In one of the recent xAuth updates "location protection" was implemented. This basically protects a players location if they are not logged in by teleporting them to spawn of their current world. How would you like to see this implemented in xAuth 2.0? Keep it the same as it currently is? Add the ability to customize the location they are teleported to? Please share your opinions on this.
     
  2. Offline

    lacroserocks

    I'm starting a new server with 8 small plugins to add commands, creative building, mob control, multiworldINV, warping, etc... My suggestion is to add to the config file a way to disable the node "xauth.exclude". Even though I am the owner of the server, I still want to have to use /login every time I connect for security purposes. It is already possible to do this using permissions, but this would require making an obsolete permission group and changing admin permissions from "*" (all nodes possible) to 20-30 nodes. I just think adding an on/off feature of this to the config would make things a whole lot easier.

    As for the "location protection", a suggestion would be to give the player god mode/invisibility until they have successfully logged in, then once they have logged in, give the player a variable amount of time (able to change in config file) of god mode/invisibility like a spawn shield. This would be in case a player joined and was right next to a creeper, they would then have enough time to login, and run away before creeper could attack.

    Also, may I suggest implementing a "login timeout" feature; if the player joins, and doesn't log in after a certain amount of time, they would be kicked for "login timeout" (again, variable amount of time set in config file).

    Awesome job so far :D keep it up
     
  3. Offline

    CypherX

    Firstly, thanks for sharing your thoughts. If I'm reading your first paragraph correctly, you can achieve the same thing by doing:

    Code:
    Admins:
        default: false
        info:
            prefix: ''
            suffix: ''
            build: true
        inheritance:
        permissions:
            - '*'
            - '-xauth.exclude'
    
    (Note the hyphen before xauth.exclude, that means that permission is excluded from whatever group it's present in.)

    I do acknowledge that xauth.exclude has been a problem for many people and so it's being removed from xAuth 2.0 and replaced with a different method of selecting which groups/players will have to register. This new method will be disabling forced registration in the configuration and using the permission node xauth.register to signal which groups must register.

    Your godmode idea for location protection has previously crossed my mind and could very well be implemented as a general feature, if not more. Kicking a player that hasn't logged in for a configurable amount of time has been suggested before and will definitely be included in xAuth 2.0.
     
    lacroserocks likes this.
  4. Offline

    vander_fr

    Make a group with all the whitelisted player in.
    This groupe can build, the others can't

    No ?
     
  5. Offline

    spunkiie

    REQ: Add nickname minimum length to the 'filter' section :D
     
  6. Offline

    CypherX

    Was already planning on doing just that!
     
  7. Offline

    spunkiie

    Nice :)
    When will 2.0 come out ?

    TIA
     
  8. Offline

    piousminion

    I've posted this suggestion before in several plugins of this type, but I've yet to see it implemented.

    I would simply love to see an option (via config) to require an email address when registering.

    Not only would I be able to contact my players about changes, but I'd be able to create a forum authentication module that uses the information. It would be nice if I could disable forum registration completely and have forum accounts automatically created when a user registers in game. :D

    EDIT: Second idea.
    Option to have online-mode=true for some users. e.g. online-mode=true for everyone except names on a whitelist and those people fall back on the /login command. Maybe even an option to check logins at minecraft.net first, then fallback on /login if either minecraft.net is down or auth is invalid.
     
  9. Offline

    CypherX

    (Sorry for the late reply, I didn't receive a notification for your posts)
    A rough estimate would be a couple of weeks, but don't hold me to it. I don't really want to put an ETA on it since you never know what could happen. Although, when I do feel it's ready to be released, I'm going to do an open beta first to work out any bugs.

    An option to require an email address is in fact included in xAuth 2. As for your second idea, I'll have to think about it and see if implementing something such as that is feasible.
     
  10. Offline

    The PC Tech Guy

    I've been always looking for a time to switch from AuthMe to the more feature-filled xAuth, although it seems to do things a little differently (xAuth) that I think AuthMe does more reliably. I can't think of them right now, but I think one could be the movement protection. I believe that xAuth would do this correctly, though. I'm also waiting for a few more features to be added that will appear in this 2.0 version, such as login timeouts.

    As for other features, I'd like to customize who MUST register. For example, I require all moderators to register and to have a secure password.
     
  11. Offline

    CypherX

    Thanks for posting! As I promised in the other thread, login timeouts have been implemented. xAuth 2 does allow customizing who has to register based on Permissions. Say a server has four groups: Default, Builder, Moderator, and Administrator. If you didn't want players in the Default group to register, you would simply disable forced registration then assign the Permission node 'xauth.register' to the Builder, Moderator, and Administrator groups.

    If you remember any of the things that you think AuthMe does more reliably, let me know.
     
  12. Offline

    Sniknej


    I've been running with 1.2.5, and it seems to already move players to the spawn before logging in. What often happens to me, however, is that the player is moved into a puddle/pond/lake of water or lava, or even inside a mountain, and the continue to drown/burn until the login and are moved to where they last disconnected. If they can't /login <pswrd> quick enough, they die and lose their inventory.

    One way to solve this (and I'm no programer, you know what's possible) would be to add a god/invincible mode like lacrouserocks was saying, or maybe to bind the holding area to the nearest 3x3 flat peice of ground.

    Anyway, nice work with v1.*. Lookin forward to future versions.
     
  13. Offline

    The PC Tech Guy

    When a person logs in, a block they were on could be gone, so they would be falling, and take damage once they logged in. I believe there's something that allows the person to fall, but still not move... Of course, I'm not sure how you have it, but I don't think the spawn teleportation is necessary. What I do know is when you disconnect when you die, and reconnect, the server should still say you're dead... so I don't know what the deal is with the spawn teleportation teleporting back to the point of death.

    I'd also like the /logout command to automatically kick the person as well with a customizable message.

    Update: Yes, I do remember a feature AuthMe does reliably. When I joined another server that had xAuth, I was stuck in a falling motion, in which the server kept resetting me a block up from the block. This happens on the first time you join (it holds you a block up). Therefore, after registering, I take some damage, because the server thinks I fell from a higher height. Although one way is to give some spawn invincibility, I believe AuthMe sets the player on the landing block, then prevents them from moving... Or lets them land, then prevents moving. This can also help when a person logs in, and the block he/she was originally on has been removed (therefore in the falling/resetting animation). I was able to test this feature of AuthMe by having a block removed under me after I did /logout (in this case, with TNT). AuthMe's source should be available, so maybe you can implement this.
     
  14. Offline

    tombik

    When does this come out? Thx
     
Thread Status:
Not open for further replies.

Share This Page