egg82 / 2faplus Goto Github PK

Tried to create a TOTP. It gave me a map which couldn't render.
2FAPlus - 2.3.15
Spigot - CraftBukkit version git-Spigot-1a3504a-84f3da3 (MC: 1.13.2) (Implementing API version 1.13.2-R0.1-SNAPSHOT)
OS - Ubuntu Server 18.04
JRE - was OpenJDK 11, now Oracle 12 (same error)

This flooded the console after creating until I destroyed the map

[19:50:46 ERROR]: Could not render map using renderer me.egg82.tfaplus.renderers.ImageRenderer
java.lang.NoClassDefFoundError: Could not initialize class java.awt.GraphicsEnvironment$LocalGE
        at java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment(GraphicsEnvironment.java:129) ~[?:?]
        at java.awt.image.BufferedImage.createGraphics(BufferedImage.java:1181) ~[?:?]
        at org.bukkit.map.MapPalette.imageToBytes(MapPalette.java:191) ~[spigot-1.13.2.jar:git-Spigot-1a3504a-84f3da3]
        at org.bukkit.craftbukkit.v1_13_R2.map.CraftMapCanvas.drawImage(CraftMapCanvas.java:65) ~[spigot-1.13.2.jar:git-Spigot-1a3504a-84f3da3]
        at me.egg82.tfaplus.renderers.ImageRenderer.render(ImageRenderer.java:39) ~[?:?]
        at org.bukkit.craftbukkit.v1_13_R2.map.CraftMapView.render(CraftMapView.java:149) [spigot-1.13.2.jar:git-Spigot-1a3504a-84f3da3]
        at net.minecraft.server.v1_13_R2.WorldMap$WorldMapHumanTracker.a(WorldMap.java:423) [spigot-1.13.2.jar:git-Spigot-1a3504a-84f3da3]
        at net.minecraft.server.v1_13_R2.WorldMap.a(WorldMap.java:317) [spigot-1.13.2.jar:git-Spigot-1a3504a-84f3da3]
        at net.minecraft.server.v1_13_R2.ItemWorldMap.a(ItemWorldMap.java:329) [spigot-1.13.2.jar:git-Spigot-1a3504a-84f3da3]
        at net.minecraft.server.v1_13_R2.EntityPlayer.playerTick(EntityPlayer.java:385) [spigot-1.13.2.jar:git-Spigot-1a3504a-84f3da3]
        at net.minecraft.server.v1_13_R2.PlayerConnection.tick(PlayerConnection.java:140) [spigot-1.13.2.jar:git-Spigot-1a3504a-84f3da3]
        at net.minecraft.server.v1_13_R2.NetworkManager.a(NetworkManager.java:230) [spigot-1.13.2.jar:git-Spigot-1a3504a-84f3da3]
        at net.minecraft.server.v1_13_R2.ServerConnection.c(ServerConnection.java:119) [spigot-1.13.2.jar:git-Spigot-1a3504a-84f3da3]
        at net.minecraft.server.v1_13_R2.MinecraftServer.b(MinecraftServer.java:994) [spigot-1.13.2.jar:git-Spigot-1a3504a-84f3da3]
        at net.minecraft.server.v1_13_R2.DedicatedServer.b(DedicatedServer.java:417) [spigot-1.13.2.jar:git-Spigot-1a3504a-84f3da3]
        at net.minecraft.server.v1_13_R2.MinecraftServer.a(MinecraftServer.java:831) [spigot-1.13.2.jar:git-Spigot-1a3504a-84f3da3]
        at net.minecraft.server.v1_13_R2.MinecraftServer.run(MinecraftServer.java:729) [spigot-1.13.2.jar:git-Spigot-1a3504a-84f3da3]
        at java.lang.Thread.run(Thread.java:834) [?:?]

In MySQL connection i'd like to register to totp, and this is in the console:

[18:19:08 ERROR]: [2FA+] �[0;31;1m{m.e.t.s.InternalAPI} Data truncation: Incorrect string value: '\xAC\xED\x00\x05sr...' for column 'uuid' at row 1
com.mysql.cj.jdbc.exceptions.MysqlDataTruncation: Data truncation: Incorrect string value: '\xAC\xED\x00\x05sr...' for column 'uuid' at row 1
at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:104)
at com.mysql.cj.jdbc.ServerPreparedStatement.serverExecute(ServerPreparedStatement.java:637)
at com.mysql.cj.jdbc.ServerPreparedStatement.executeInternal(ServerPreparedStatement.java:418)
at com.mysql.cj.jdbc.ClientPreparedStatement.execute(ClientPreparedStatement.java:370)
at com.zaxxer.hikari.pool.ProxyPreparedStatement.execute(ProxyPreparedStatement.java:44)
at com.zaxxer.hikari.pool.HikariProxyPreparedStatement.execute(HikariProxyPreparedStatement.java)
at ninja.egg82.sql.SQL.execute(SQL.java:246)
at ninja.egg82.sql.SQL.execute(SQL.java:100)
at me.egg82.tfaplus.sql.MySQL.updateTOTP(MySQL.java:558)
at me.egg82.tfaplus.services.InternalAPI.registerTOTP(InternalAPI.java:257)
at me.egg82.tfaplus.TFAAPI.registerTOTP(TFAAPI.java:86)
at me.egg82.tfaplus.commands.internal.RegisterTOTPCommand.lambda$run$1(RegisterTOTPCommand.java:67)
at me.egg82.tfaplus.commands.internal.RegisterTOTPCommand$$Lambda$669/259312469.runAsync(Unknown Source)
at co.aikar.taskchain.TaskChain$TaskHolder.run(TaskChain.java:1309)
at co.aikar.taskchain.TaskChain$TaskHolder.access$100(TaskChain.java:1266)
at co.aikar.taskchain.TaskChain.nextTask(TaskChain.java:1183)
at co.aikar.taskchain.TaskChain.access$1000(TaskChain.java:57)
at co.aikar.taskchain.TaskChain$TaskHolder.next(TaskChain.java:1357)
at co.aikar.taskchain.TaskChain$TaskHolder.run(TaskChain.java:1312)
at co.aikar.taskchain.TaskChain$TaskHolder.access$100(TaskChain.java:1266)
at co.aikar.taskchain.TaskChain.nextTask(TaskChain.java:1180)
at co.aikar.taskchain.TaskChain.access$1000(TaskChain.java:57)
at co.aikar.taskchain.TaskChain$TaskHolder.next(TaskChain.java:1357)
at co.aikar.taskchain.TaskChain$TaskHolder$$Lambda$672/916674316.accept(Unknown Source)
at me.egg82.tfaplus.commands.internal.RegisterTOTPCommand.lambda$run$0(RegisterTOTPCommand.java:52)
at me.egg82.tfaplus.commands.internal.RegisterTOTPCommand$$Lambda$666/1161595732.runAsync(Unknown Source)
at co.aikar.taskchain.TaskChain$TaskHolder.run(TaskChain.java:1309)
at co.aikar.taskchain.TaskChain$TaskHolder.access$100(TaskChain.java:1266)
at co.aikar.taskchain.TaskChain.lambda$nextTask$18(TaskChain.java:1187)
at co.aikar.taskchain.TaskChain$$Lambda$671/546418864.run(Unknown Source)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)�[m
[18:19:08 ERROR]: [2FA+] �[0;31;1m{m.e.t.c.i.RegisterTOTPCommand} com.mysql.cj.jdbc.exceptions.MysqlDataTruncation: Data truncation: Incorrect string value: '\xAC\xED\x00\x05sr...' for column 'uuid' at row 1
me.egg82.tfaplus.APIException: com.mysql.cj.jdbc.exceptions.MysqlDataTruncation: Data truncation: Incorrect string value: '\xAC\xED\x00\x05sr...' for column 'uuid' at row 1
at me.egg82.tfaplus.services.InternalAPI.registerTOTP(InternalAPI.java:263)
at me.egg82.tfaplus.TFAAPI.registerTOTP(TFAAPI.java:86)
at me.egg82.tfaplus.commands.internal.RegisterTOTPCommand.lambda$run$1(RegisterTOTPCommand.java:67)
at me.egg82.tfaplus.commands.internal.RegisterTOTPCommand$$Lambda$669/259312469.runAsync(Unknown Source)
at co.aikar.taskchain.TaskChain$TaskHolder.run(TaskChain.java:1309)
at co.aikar.taskchain.TaskChain$TaskHolder.access$100(TaskChain.java:1266)
at co.aikar.taskchain.TaskChain.nextTask(TaskChain.java:1183)
at co.aikar.taskchain.TaskChain.access$1000(TaskChain.java:57)
at co.aikar.taskchain.TaskChain$TaskHolder.next(TaskChain.java:1357)
at co.aikar.taskchain.TaskChain$TaskHolder.run(TaskChain.java:1312)
at co.aikar.taskchain.TaskChain$TaskHolder.access$100(TaskChain.java:1266)
at co.aikar.taskchain.TaskChain.nextTask(TaskChain.java:1180)
at co.aikar.taskchain.TaskChain.access$1000(TaskChain.java:57)
at co.aikar.taskchain.TaskChain$TaskHolder.next(TaskChain.java:1357)
at co.aikar.taskchain.TaskChain$TaskHolder$$Lambda$672/916674316.accept(Unknown Source)
at me.egg82.tfaplus.commands.internal.RegisterTOTPCommand.lambda$run$0(RegisterTOTPCommand.java:52)
at me.egg82.tfaplus.commands.internal.RegisterTOTPCommand$$Lambda$666/1161595732.runAsync(Unknown Source)
at co.aikar.taskchain.TaskChain$TaskHolder.run(TaskChain.java:1309)
at co.aikar.taskchain.TaskChain$TaskHolder.access$100(TaskChain.java:1266)
at co.aikar.taskchain.TaskChain.lambda$nextTask$18(TaskChain.java:1187)
at co.aikar.taskchain.TaskChain$$Lambda$671/546418864.run(Unknown Source)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: com.mysql.cj.jdbc.exceptions.MysqlDataTruncation: Data truncation: Incorrect string value: '\xAC\xED\x00\x05sr...' for column 'uuid' at row 1
at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:104)
at com.mysql.cj.jdbc.ServerPreparedStatement.serverExecute(ServerPreparedStatement.java:637)
at com.mysql.cj.jdbc.ServerPreparedStatement.executeInternal(ServerPreparedStatement.java:418)
at com.mysql.cj.jdbc.ClientPreparedStatement.execute(ClientPreparedStatement.java:370)
at com.zaxxer.hikari.pool.ProxyPreparedStatement.execute(ProxyPreparedStatement.java:44)
at com.zaxxer.hikari.pool.HikariProxyPreparedStatement.execute(HikariProxyPreparedStatement.java)
at ninja.egg82.sql.SQL.execute(SQL.java:246)
at ninja.egg82.sql.SQL.execute(SQL.java:100)
at me.egg82.tfaplus.sql.MySQL.updateTOTP(MySQL.java:558)
at me.egg82.tfaplus.services.InternalAPI.registerTOTP(InternalAPI.java:257)
... 25 more�[m

[deleted]

make sure that the plugin generates a url that leads to a page, within this page there is both the qr code and the key to copy it manually

[13:22:26 ERROR]: [2FA+] {m.e.t.s.InternalAPI} Data truncation: Data too long for column 'uuid' at row 1
com.mysql.cj.jdbc.exceptions.MysqlDataTruncation: Data truncation: Data too long for column 'uuid' at row 1
[13:22:26 ERROR]: [2FA+] {m.e.t.c.i.RegisterAuthyCommand} com.mysql.cj.jdbc.exceptions.MysqlDataTruncation: Data truncation: Data too long for column 'uuid' at row 1
me.egg82.tfaplus.APIException: com.mysql.cj.jdbc.exceptions.MysqlDataTruncation: Data truncation: Data too long for column 'uuid' at row 1
Caused by: com.mysql.cj.jdbc.exceptions.MysqlDataTruncation: Data truncation: Data too long for column 'uuid' at row 1
... 21 more

after 2fa register authy

Use Case

Background
For an upcoming project of mine, I would like to be able to force anybody in certain user groups (i.e. staff) to authenticate. Additionally, I would like staff to be able to force certain users to use authentication (i.e. players who file compromised account punishment appeals).

That said, given that the project is a moderately big public server, I do not want to require the remainder of the playerbase to authenticate; 2fa should have no impact on general gameplay.

Requirements
Therefore, my use case involves an authentication system that can:

• force anybody with a certain rank to 2fa, regardless of if they use any commands associated with that rank.
• force certain players to 2fa, regardless of if they have access to any commands that would otherwise require 2fa.
• allow 2fa-forced users to register themselves, thereafter not allowing them to remove their own 2fa without contacting an admin.
• allow staff in-game to use a command that assigns people to the list of users forced to authenticate.

Current Options

Existing Methods
To the best of my knowledge, at present, forcing users to use authentication is only possible through one of the following methods:

1. Setting force-auth: true in the config.
2. Registering all possible commands that user has access to in the config.
3. Giving the target the 2faplus.check node and using 2faplus register totp <player> while the target is online.

Limitations of Existing Methods
Unfortunately, none of the above methods work for my use case because:

1. By forcing all players to use authentication, the player experience for a significant portion of the playerbase is significantly impacted.
2. By requiring registration through certain commands, it becomes impossible to target a singular non-staff user for forced authentication.
3. To the best of my knowledge, this method requires staff be online with the player being added to the forced list. Additionally, this method is unable to target groups of players.

Possible Additions

To the best of my knowledge, my intended usage is not possible with any current proxy-side plugins. It is, however, possible through the slightly outdated proxy-side MCAuthenticator and the paid server-side MineSecure (md_5's).

MCAuthenticator
MCA's system adds an enabling admin cmd, a permission node that allows players to register themselves, and a locking admin cmd (to prevent the player from disabling their auth).

MineSecure
md_5's system adds the following nodes:

minesecure.2fa #Allow using two factor auth
minesecure.admin #Remove two factor auth from other users
minesecure.required #Force 2fa authentication
minesecure.remove #Remove own 2fa authentication

These nodes effectively allow admins to force 2fa for any player or group (through permissions).

Conclusion & Request

Conclusion
Of the two systems shown above, I believe that the permission based forcing system used in MineSecure is ideal. It allows for quite a few use cases, including mine.

Request
If it is not too much trouble, I would like to request the addition of a permission node based forcing system similar to the one implemented in MineSecure.

Thank you.

Outline of Issue

Attempted Usage

Using the plugin, it is not currently possible for me to register new users using TOTP through the /register TOTP command.

Result of Attempted Usage

On my current installation, 100% of the time, attempting to preform such a registration will result in an error explaining that the plugin could not "load player data from Mojang".
This error message suggests that I may have hit the API's rate limit.

Attempts at Troubleshooting the Issue

Rate Limit Consideration

I have confirmed that the rate limit is not the issue:

• This issue still occurs when 2fa+ is the only plugin operating on the server
• This issue still occurs when that server is the only program operating on the dedicated box
• I am able to pull information manually from the database without any problems using
  curl https://api.mojang.com/users/profiles/minecraft/InteriorCamping

Response time consideration

Previously, pulling data from the API took an abnormal amount of time on my box.

• This caused issues with aspects of several plugins, including the skull feature of EssentialsX (usage of which would cause a five second server freeze).
• After investigating this response time, I have determined that this issue was caused by a mistake in the configuration of my firewall.
  • After correcting that mistake, EssentialsX's skull function appears now functions as intended.
  • After correcting that mistake, 2fa+'s TOTP function is still unable to pull info from the API.

Additional Information

The server is running Paper 641 (1.13.2) on Waterfall 290 on Ubuntu Server 18.04 LTS

Conclusion

• As this issue is not being caused by the rate limit, and as other plugins (EssX) appear to be able to pull information from the API, I was wondering if this might be a plugin-specific issue.
• As a work-a-round, I was wondering if it would be possible to add the ability to manually pass UUIDs to the plugin through command usage such as 2fa register TOTP <UUID>.

Will this plugin updated to 1.16 or is this plugin out of development?

It appears the language string for check.no is missing by default.

https://i.imgur.com/Gr8r2PB.png

13.02 00:29:42 [Server] ERROR [2FA+] {m.e.t.s.InternalAPI} Table 'Auth.2faplus_totp_queue' doesn't exist
13.02 00:29:42 [Server] INFO java.sql.SQLSyntaxErrorException: Table 'Auth.2faplus_totp_queue' doesn't exist
13.02 00:29:42 [Server] INFO at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:120)
13.02 00:29:42 [Server] INFO at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:97)
13.02 00:29:42 [Server] INFO at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122)
13.02 00:29:42 [Server] INFO at com.mysql.cj.jdbc.ClientPreparedStatement.executeInternal(ClientPreparedStatement.java:953)
13.02 00:29:42 [Server] INFO at com.mysql.cj.jdbc.ClientPreparedStatement.execute(ClientPreparedStatement.java:370)
13.02 00:29:42 [Server] INFO at com.zaxxer.hikari.pool.ProxyPreparedStatement.execute(ProxyPreparedStatement.java:44)
13.02 00:29:42 [Server] INFO at com.zaxxer.hikari.pool.HikariProxyPreparedStatement.execute(HikariProxyPreparedStatement.java)
13.02 00:29:42 [Server] INFO at ninja.egg82.sql.SQL.execute(SQL.java:246)
13.02 00:29:42 [Server] INFO at ninja.egg82.sql.SQL.execute(SQL.java:100)
13.02 00:29:42 [Server] INFO at me.egg82.tfaplus.sql.MySQL.updateTOTP(MySQL.java:558)
13.02 00:29:42 [Server] INFO at me.egg82.tfaplus.services.InternalAPI.registerTOTP(InternalAPI.java:257)
13.02 00:29:42 [Server] INFO at me.egg82.tfaplus.TFAAPI.registerTOTP(TFAAPI.java:86)
13.02 00:29:42 [Server] INFO at me.egg82.tfaplus.commands.internal.RegisterTOTPCommand.lambda$run$1(RegisterTOTPCommand.java:67)
13.02 00:29:42 [Server] INFO at co.aikar.taskchain.TaskChain$TaskHolder.run(TaskChain.java:1309)
13.02 00:29:42 [Server] INFO at co.aikar.taskchain.TaskChain$TaskHolder.access$100(TaskChain.java:1266)
13.02 00:29:42 [Server] INFO at co.aikar.taskchain.TaskChain.nextTask(TaskChain.java:1183)
13.02 00:29:42 [Server] INFO at co.aikar.taskchain.TaskChain.access$1000(TaskChain.java:57)
13.02 00:29:42 [Server] INFO at co.aikar.taskchain.TaskChain$TaskHolder.next(TaskChain.java:1357)
13.02 00:29:42 [Server] INFO at co.aikar.taskchain.TaskChain$TaskHolder.run(TaskChain.java:1312)
13.02 00:29:42 [Server] INFO at co.aikar.taskchain.TaskChain$TaskHolder.access$100(TaskChain.java:1266)
13.02 00:29:42 [Server] INFO at co.aikar.taskchain.TaskChain.nextTask(TaskChain.java:1180)
13.02 00:29:42 [Server] INFO at co.aikar.taskchain.TaskChain.access$1000(TaskChain.java:57)
13.02 00:29:42 [Server] INFO at co.aikar.taskchain.TaskChain$TaskHolder.next(TaskChain.java:1357)
13.02 00:29:42 [Server] INFO at me.egg82.tfaplus.commands.internal.RegisterTOTPCommand.lambda$run$0(RegisterTOTPCommand.java:52)
13.02 00:29:42 [Server] INFO at co.aikar.taskchain.TaskChain$TaskHolder.run(TaskChain.java:1309)
13.02 00:29:42 [Server] INFO at co.aikar.taskchain.TaskChain$TaskHolder.access$100(TaskChain.java:1266)
13.02 00:29:42 [Server] INFO at co.aikar.taskchain.TaskChain.lambda$nextTask$18(TaskChain.java:1187)