-
Notifications
You must be signed in to change notification settings - Fork 21
Dev
- Create a class that implements the
HereAuth\User\Registration\RegistrationStepinterface. - Create a constructor that accepts a
HereAuth\User\Useras argument and stores it in a class property. - Implement the
getMessage()method, which returns a string containing the message to send to the player when the player: - Implement the
onSubmit()method. It accepts a string argument that is exactly what the player inputted, and returns a boolean (true/false) to indicate whether the value is accepted by you. If false is returned, the player will have to type the value again. If you returnnull(or if you return nothing), it will be casted to boolean to becomefalse. Therefore, always return a value, true or false. You can know which player this is about using theUseryou stored in the constructor. - Create an event handler for
HereAuth\Event\HereAuthRegistrationCreationEvent. - In the event, use the
$event->getRegistration()->addStep()method to add anewinstance of the class you just created above. Developers SHOULD use a different instance for every time the event is triggered. You can get theUserrequired from the$event->getUser()function.
Example:
use pocketmine\event\Listener;
use HereAuth\Event\HereAuthRegistrationCreationEvent;
use HereAuth\User\User;
use HereAuth\User\Registration\RegistrationStep;
class MyRegStep implements RegistrationStep{
private $user;
public function __construct(User $user){
$this->user = $user;
}
public function getMessage(){
return "Please enter your email.";
}
public function onSubmit($addr){
if(!preg_match('/^[A-z0-9_\-]+[@][A-z0-9_\-]+([.][A-z0-9_\-]+)+[A-z.]{2,4}$/', $addr)){
$this->user->getPlayer()->sendMessage("Invalid email!");
return false;
}
mail($addr, "You have been registered!", "Hello " . $this->user->getPlayer->getName() . ",\r\n" .
"You have been registered with HereAuth on the following server:\r\n" .
Utils::getIP() . ":" . $this->user->getMain()->getServer()->getPort() . "\r\nHave fun!");
return true;
}
}
class MyEventListener implements Listener{
public function onRegistrationCreate(HereAuthRegistrationCreationEvent $event){
$event->getRegistration()->addStep(new MyRegStep($event->getUser()));
}
}You can adjust the order of this field from other plugins, through adjusting the event handler priority in the documentation comment before the event handler (PocketMine built-in feature):
class MyEventListener implements Listener{
/**
* @priority LOW
*/
public function onRegistrationCreate(HereAuthRegistrationCreationEvent $event){As you might already know, there are 6 event priorities, being dispatched in this subsequent order: LOWEST -> LOW -> NORMAL -> HIGH -> HIGHEST -> MONITOR. However, you SHOULD NOT handle it at the MONITOR level so that event handlers after your one can see the step you added! As the PocketMine documentation says:
Event is listened to purely for monitoring the outcome of an event.
No modifications to the event should be made under this priority
Another point to note is that password input (and password confirm) as well as the custom registration steps defined in config.yml must come before steps added in events.
HereAuthMultiFactorAuthEvent when MFA takes place for a player.
Plugins can carry out MFA when HereAuthMultiFactorAuthEvent is fired. Use the HereAuthMultiFactorAuthEvent::addFailureEntry method if the custom MFA failed.
Example:
class MyEventListener implements Listener{
/**
* @param HereAuthMultiFactorAuthEvent $event
*
* @ignoreCancelled true
*/
public function handleMFA(HereAuthMultiFactorAuthEvent $event){
$user = $event->getUser();
$player = $event->getPlayer();
if($this->myOwnMFAFailsFor($player, $data)){
$event->addFailureEntry("my-mfa-type-name", "Invalid MyMFA check", $data);
}
}
public function myOwnMFAFailsFor(Player $player, &$data){
$data = SOME_PRINTABLE_STRING;
return A_BOOLEAN_VALUE;
}
}A certain type of MFA can be cancelled using the HereAuthMultiFactorAuthEvent::removeFailure method.
For example, to cancel skin MFA, an event handler of HereAuthMultiFactorAuthEvent can run $event->removeFailure("skin");. This returns true if skin MFA actually failed for that user, or false if skin MFA didn't run or the user passed it.
There are infinite types of MFA, as other plugins can add new types anytime. However, these are the current types by HereAuth:
-
skin- skin MFA -
ip- IP MFA
Event name (**** in HereAuth\Event\ HereAuth****Event) |
Description | Can be cancelled? |
|---|---|---|
Authentication |
When a player auto-authed, registered or logged in with password, or when the player joined without registering (only for servers where ForceRegister is false) | ❌ |
RegistrationCreation |
When a user starts registering, this event is triggered so that other plugins can add registration steps to it | ❌ |
Login |
When a user had registered before and AutoAuth or password auth matched | ✓ |
Registration |
When a user has registered | ❌ |
MultiFactorAuth |
When a user undergoes MFA | ✓ |
In order to support database importing, "imported hash" will be implemented in a "register-and-get" style.
While importing a specific database, the importer would identify the passwords in the database as encoded by a specific algorithm, then store it in the multiHash property of the account info with a type of the algorithm. It will be deleted and converted into normal hash when player logins.
This is also used by account renaming. When an account is renamed, the hash no longer works as the salt has been changed, and the player has to type the password again. In the meantime, the hash will be stored in the multiHash property, with the type being "rename".
In order to provide store extra data other than merely the broad type of algorithm, for example, storing the salt too, types can be appended with a suffix, separated by a ;.