Add option to disable authentication keys #816
Conversation
roccodev
force-pushed
the
feature/secure-chat-opt-out
branch
from
39d4cf6
to
6d0bbcb
Compare
| # - "disabled": Secure profiles are not checked, all chat messages will appear unsigned to backend | ||
| # servers. This option is not recommended as it may break compatibility with 1.19.1 | ||
| # servers, and it will cause newer clients to show a warning upon login. |
There was a problem hiding this comment.
Should this option allow cancelling signed chat messages on 1.19.1+? I tested this branch on a local server, but it still kicks me when sending any message on 1.19.1. This means that I can't convert everything to a system message (through a global chat plugin for example)
There was a problem hiding this comment.
What error are you getting? It should work if you set it to disabled.
There was a problem hiding this comment.
Same error as before where it says canceling chat messages isn't supported on 1.19.1+, and it kicks the player. Maybe this if statement needs to be modified
There was a problem hiding this comment.
When key auth is disabled, player.getIdentifiedKey() is null. I can cancel messages just fine, maybe you need to use DISABLED? (in caps)
There was a problem hiding this comment.
Works completely fine on my end. When disabled, messages can be blocked. Otherwise, the killswitch gets triggered as the Velocity devs intended.
There was a problem hiding this comment.
While I agree with the motive of this PR this will need to be implemented differently to work around all kinds of unwanted scenarios introduced with #817
Please understand that I cant pull this outright, but I will take inspiration while I work on this and I will pull parts of this to be in the final version of #817
|
Sounds good! |
|
It should be encouraged and the default setting for sure! |
|
bump |
As mentioned in #804 (which this PR is also a workaround for), Velocity's aim is to support as many setups as possible.
With the 1.19.1 update, it is no longer possible to cancel or edit the order of incoming messages, while still keeping support for signed chat and player reporting.
However, Velocity currently lacks the option to forgo message signing (e.g., to freely cancel and transform everything into a system message) for 1.19.1 clients and servers.
This PR migrates the old
force-key-authenticationoption into a three-variant enum (key-authentication-policy), with the default being the exact same behavior before this change. Additionally, ifforce-key-authenticationwas manually turned off, this falls back to the enabled state.Disabling authentication keys is something the user must do manually via a config change, and it is discouraged in the option's comment.