New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add on_auth_fail
callback
#7039
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
okay for me
doc/lua_api.txt
Outdated
@@ -2615,6 +2615,10 @@ Call these functions only at load time! | |||
* `minetest.register_on_leaveplayer(func(ObjectRef, timed_out))` | |||
* Called when a player leaves the game | |||
* `timed_out`: True for timeout, false for other reasons. | |||
* `minetest.register_on_auth_fail(func(ip, name))` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use name, ip
as in minetest.register_on_prejoinplayer(func(name, ip))
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
What are the use cases of this callback? Network delays make it quite hard to crack a password of users, if that's what you would like to prevent. |
Yes please i'd like to know why this is needed. |
Possible use: Telling useRs that someone from another IP address was attempting to log in the account, which helps in maintaining legitimate bans for IP addresses. |
Like sofar said it allows informing users that someone was trying to access their account and while cracking even a mediocre password should be next to impossible over the network, a lot of users do use weak passwords. Plus if someone did just forget their password it allows informing them of any password reset system the server might have. |
I am the author of |
37183b3
to
95fd78a
Compare
Called when a client fails to supply the correct password for the account it's attempting to login as.
95fd78a
to
1b6f023
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Called when a client fails to supply the correct password for the account it's attempting to login as.
Called when a client fails to supply the correct password for the account it's attempting to login as.
Called when a client fails to supply the correct password for the account it's attempting to login as.
Called when a client fails to supply the correct password for the account it's attempting to login as.
* Called when client fails to supply correct password it's attempting to login as. * the patch from sorceredkid * backported minetest#7039 * based on https://forum.minetest.net/viewtopic.php?p=329245#p329245 * USAGE: Telling useRs that someone from another IP address was attempting to log in * HELPS: which helps in maintaining legitimate bans for IP addresses * IMPROVEMENTS: * if someone did just forget their password it allows informing them of any password reset system the server might have. * having this callback could enable the very same thing, and solutions like this are reasonable. * this improvement is backported from 5.0.0 (it seems removed in 5.3)
Called when a client fails to supply the correct password for the account it's attempting to login as.