Add token authentication #780
Conversation
src/client/auth.js
Outdated
| || Object.values(auths.authenticationDatabase[key].profiles)[0].displayName.toLowerCase() == lowerUsername | ||
| ) | ||
| if (err) { | ||
| if (profile) { // profile is invalid, remove |
There was a problem hiding this comment.
Are we sure that the profile is invalid here ? We should check the error since a lot of kind of error can happen here
There was a problem hiding this comment.
I have thought about this, and it should be fine like this IMO. The minecraft launcher itself does the same thing I think, if your login doesn't succeed for whatever reason, it invalidates it
Co-authored-by: David Duarte <deltaduartedavid@gmail.com>
|
@DeltaEvo I think I fixed most of the stuff you mentioned, any thoughts? |
|
Yep it seems better, only
is still valid :) |
|
You should resolve things that you've already done |
|
Okay I resolved most, the remaining ones have to do with error handling. That's mainly because I'm not sure what the preferred way to go about that is in this project. If I know this I can properly implement it |
|
And transforming |
|
Ok I changed that. I still left it in an async function because I prefer the await operator over ugly .then chaining. If you ask me, this pr is ready to merge now |
|
Welp, idk why the java env setup is failling in the tests, but lmk what needs to be done to get this merged. Seems like it would be a useful feature, and it's also on the "big prismarine projects" list I think. If you don't want it just tell me and I'll close this |
|
The java env setup seems to be failling because of a recent (Oct. 1) security vulnerability fix on Github's CI. It's not really in-scope of this PR, so I've attempted a fix in #785. If that fix works, just re-run the CI (if that's possible? or just push an empty commit to trigger it). |
src/client/auth.js
Outdated
| return JSON.parse(await fs.readFile(options.profilesFolder + '/launcher_profiles.json', 'utf8')) | ||
| } catch (err) { | ||
| await fs.mkdir(options.profilesFolder, { recursive: true }) | ||
| await fs.writeFile(options.profilesFolder + '/launcher_profiles.json', '{}') |
There was a problem hiding this comment.
Will this mess with the launcher at all?
There was a problem hiding this comment.
Yes, 'mess' as in it will modify that file. It's compatible with the official launcher, which means it properly deletes and also saves new accounts to the file for the launcher to use
There was a problem hiding this comment.
Also, one could just specify a path that is not the launcher folder and it will just use its own isolated file instead
Merge in original repo again
|
Thanks a lot @Gjum, the tests are all passing now |
|
looks good.
|
|
I have a report of this error: (happens at https://github.com/ph0t0shop/node-minecraft-protocol/blob/master/src/client/auth.js#L81) |
Merge newest master
@rom1504 I was a bit hesitant to do this, firstly because then we need to find the minecraft folder on the user's system, and secondly because then how would one specify that they just don't want to save credentials? Also, it might be unexpected for the user that it suddenly uses their local minecraft folder |
|
https://github.com/PrismarineJS/node-minecraft-wrap/blob/master/lib/wrap_client.js#L11 works pretty well to find the path About it being unexpected that it would use their folder, I think it's actually what most people would expect by default. I think it's really beneficial to enable this by default, as the current behavior is to call the mojang server too many times which is actually not great. |
|
https://github.com/simonmeusel/minecraft-folder-path/blob/master/index.js
we could also just copy these few lines instead of depending on this package
…On Sat, Dec 5, 2020, 18:12 ph0t0shop ***@***.***> wrote:
why not use the home folder by default so it's enabled by default ? this
would remove hundred of opened issues and discord complaints (ie people
getting temporarily banned by mojang due to too often auth requests)
@rom1504 <https://github.com/rom1504> I was a bit hesitant to do this,
firstly because then we need to find the minecraft folder on the user's
system, and secondly because then how would one specify that they just
don't want to save credentials? Also, it might be unexpected for the user
that it suddenly uses their local minecraft folder
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#780 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAR437UTKO7SEVZZCSAEQE3STJSWRANCNFSM4UIGXIAQ>
.
|
|
What needs to be enabled by default is saving the token, not necessary the credentials. What I would do is:
|
|
Okay. I will do this in a bit, and also add some error handling for invalid launcher profile files |
|
Hmmm does the vanilla client save the credentials ? I think it doesn't |
|
Yeah and I see you also don't store the password. |
I was thinking about username + password but yeah thats probably not a good idea. |
|
Oh yeah you definitely don't wanna do that. Currently, the password can be specified, and it will be used to login only if it can't use the launcher_profiles for the account, and then saves it as well. This IMO is the most intuitive and mimics the launcher behavior pretty pragmatically |
This reverts commit 0277091. This commits introduced a bug in offline mode. We don't know yet how to fix it, so better revert first and fix later
This reverts commit 14c4886. Adds back token auth now that mineflayed is fixed
* Add token authentication * Update package.json * Update src/client/auth.js Co-authored-by: David Duarte <deltaduartedavid@gmail.com> * Remove some deps * Fix merge conflict + fix some token stuff * Fix even more stuff + testing * Change back echo example * Let -> const + bugfix * Fixed error handling * Revert client_echo again... * Fix linter errors * Profile improvements * Stupid linter errors * Update yggdrasil, remove token auth example, move to client_echo instead * Update client_echo * Linter error... Co-authored-by: David Duarte <deltaduartedavid@gmail.com>
This reverts commit 0277091. This commits introduced a bug in offline mode. We don't know yet how to fix it, so better revert first and fix later
This reverts commit 14c4886. Adds back token auth now that mineflayed is fixed
(this assumes PrismarineJS/node-yggdrasil#51)
Fixes #519. It allows the user to specify a
profilesFolderproperty. If given, alauncher_profiles.jsonfile will be read or created if it doesn't yet exist, and it will then act approximately like the minecraft launcher. The given username is searched within the launcher profiles and if found, it attempts to use this information to login. If not found, or the login fails, it can optionally use a password if it's given. If not, it will fail. On any successful login, if theprofilesFolderproperty is given, it will save it properly to the file. This works for preexisting and non-preexisting profiles and is compatible with the official launcher. It will only save it if the clientToken matches so as to not corrupt the existinglauncher_profiles.json. This will match by default, and might only mismatch if another clientToken or session with clientToken is passed as an options property.IssueHunt Summary
Referenced issues
This pull request has been submitted to: