#1524 Drop old TWO_FACTOR hash algorithm, force new password to be input #1576
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Deprecate TWO_FACTOR - Remove two factor registration executor - Force player to set a new password if an old TWO_FACTOR password has been found
|
There could be some server that use this method for 2FA in addition to Mojang authentication, but maybe in this case it might be better to choose a dedicated 2FA plugin or what do you think? |
|
Hmm that's a good point. We could have a "mode" in the future that would specify when/how we require a password or a 2FA token, or at least configurable in the config.yml. But for now I'd like to remove the TWO_FACTOR hash method because it's not a hash method and so has various issues (can't migrate away from it as with the other hashes, /changepassword doesn't work, special case when registering, etc.) |
|
@ljacqu any news? |
|
Alright, picking this one up again and making it happen in the course of the week ;) |
…a-hash # Conflicts: # src/main/java/fr/xephi/authme/settings/SettingsMigrationService.java
|
@ljacqu just as a reminder ;) |
…o 1524-migrate-old-2fa-hash
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Deprecates TWO_FACTOR from being configured as the hash algorithm and forces players with a TWO_FACTOR password to set a new password with /register when they log in. I don't know how many servers actually use this so I went with kicking a user after successfully setting a password.
Open question: