elyby / accounts Goto Github PK
View Code? Open in Web Editor NEWAuthentication service for the Ely.by and Minecraft
Home Page: https://account.ely.by
License: Apache License 2.0
Authentication service for the Ely.by and Minecraft
Home Page: https://account.ely.by
License: Apache License 2.0
^ the title.
Do all what writed in https://docs.ely.by/en/minecraft-auth.html#paper-paperspigot
Loading libraries, please wait...
[00:15:43 INFO]: Environment: ElyEnvironment[name=ely,authHost=https://authserver.ely.by/auth,accountsHost=https://account.ely.by/api/mojang,sessionHost=https://account.ely.by/api/minecraft/session,servicesHost=]
[00:15:43 INFO]: [STDERR]: java.lang.NoSuchMethodError: com.mojang.authlib.yggdrasil.YggdrasilMinecraftSessionService.(Lcom/mojang/authlib/yggdrasil/YggdrasilAuthenticationService;)V
[00:15:43 INFO]: [STDERR]: at com.destroystokyo.paper.profile.PaperMinecraftSessionService.(PaperMinecraftSessionService.java:14)
Made a PaperMC 1.16.5 build 470 server and applied authlib-2.0.27.5, commons-io-2.5 and commons-lang3-3.5.
Works fine with Ely.by accounts, but as soon as I try to join the server with an official MC account, the server drop a "Failed to verify username".
The console says:
Username <user> tried to join with an invalid session
Allow users to get list of authenticated applications and revoke access for some of them.
I think that there are very few such users, and it will be easier to do it all manually, but I will still describe what I mean.
According to wiki.vg, the UUID in https://authserver.ely.by/auth/authenticate
response should not contain dashes (-
).
For example, the profile id in the response below should be 5a0dcde6806b4b7cbe5d08c9d74d86c7
, not 5a0dcde6-806b-4b7c-be5d-08c9d74d86c7
.
$ http post https://authserver.ely.by/auth/authenticate [email protected] password=****** clientToken=******
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Security-Policy: default-src 'none';style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/;img-src 'self' data: www.google-analytics.com;font-src 'self' data:;connect-src 'self' https://sentry.io https://sentry.ely.by;frame-src https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/
Content-Type: application/json; charset=UTF-8
Date: Mon, 15 Feb 2021 17:07:06 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
{
"accessToken": "******",
"availableProfiles": [
{
"id": "5a0dcde6-806b-4b7c-be5d-08c9d74d86c7",
"legacy": false,
"name": "yushijinhun"
}
],
"clientToken": "******",
"selectedProfile": {
"id": "5a0dcde6-806b-4b7c-be5d-08c9d74d86c7",
"legacy": false,
"name": "yushijinhun"
}
}
https://authserver.ely.by/auth/refresh
is also affected by this problem.
For debug purposes
http://127.0.0.1:5000/ely/oauth
Very frequently requested function.
But since the project is divided into several independent services, before we will delete an account, first we must notify the main site, which in turn will have to notify the Chrly service.
It is also necessary to consider protection against accidental removal.
The title ^
Allow users to change their E-mail without confirming their current one, but send to the old E-mail a message with a link to immediately restore access to the account.
We've had a number of PollyMC users complain that skins are not visible when using an authlib-injector+Ely.by client with an online-mode=false
server: fn2006/PollyMC#107, fn2006/PollyMC#58. The authlib-injector client does attempt to load player skins from the API server even on online-mode=false
servers, but it requests them via the player's "offline UUID" (derived from the player's username), and Ely.by responds with a 204 No Content
.
What if Ely.by tried to find players by their "offline UUID" if the requested UUID can't be found? At least for the /sessionserver/session/minecraft/profile/<UUID>
route used by the client to get player skins. I implemented this behavior in my authentication server: unmojang/drasl@e8537ea, and it seems to work well. I calculate and store the player's offline UUID everytime their username is changed, and then on some API routes, I fall back to looking up by offline UUID if the requested UUID can't be found.
Another, possibly better approach to solve the problem would be to modify authlib-injector to look up skins by player name in offline mode, like Ely.by's patched authlib seems to do. I've asked the developers about it, but they haven't gotten back to me yet.
We received a lot of false-positive abuse reports for this mail service. To protect reputation of our domain I want to disallow to interact with this mailing service.
authlib-injector is a project that aims to provide an alternative to Mojang's authentication system, which is similar to ely.by. However, authlib-injector does not use a centralized authentication server. It provides specifications for implementing authentication APIs, and encourages people to create and deploy their own authentication servers. (some detailed description of this project)
I'm wondering if you can support authlib-injector.
Minecraft versions below 1.3 have no skins even though I have my own skin selected. Please help with this issue.
Sentry Issue: ACCOUNTS-2
RangeException: Base64::decode() only expects characters in the correct base64 alphabet
File "/var/www/html/vendor/paragonie/constant_time_encoding/src/Base64.php", line 206, in decode
throw new \RangeException(
File "components/Tokens/Component.php", line 111, in decryptValue
$decoded = Base64UrlSafe::decode($encryptedValue);
File "components/OAuth2/CryptTrait.php", line 23, in decrypt
return Yii::$app->tokens->decryptValue($encryptedData);
File "/var/www/html/vendor/league/oauth2-server/src/Grant/AuthCodeGrant.php", line 114, in respondToAccessTokenRequest
$authCodePayload = json_decode($this->decrypt($encryptedAuthCode));
File "/var/www/html/vendor/league/oauth2-server/src/AuthorizationServer.php", line 198, in respondToAccessTokenRequest
$this->grantTypeAccessTokenTTL[$grantType->getIdentifier()]
...
(9 additional frame(s) were not displayed)
Hello, I am sorry if this is not the right place to ask, but I figured that this can only be fixed from ely.by side.
I recently tried authlib-injector to use ely.by as authentication method. Everything works perfectly until some plugins trying to check user premium state by querying /api/users/profiles/minecraft/
I tried to open the api endpoint from browser ( authserver.ely.by/api/users/profiles/minecraft/ ), it works as intended. But when i try it with authlib-injector in the server, the plugin that checks premium state throws error, because authlib-injector has different endpoint from what i see in the log ( authserver.ely.by/api/authlib-injector/api/users/profiles/minecraft/ )
here's the error log
[01:19:24 INFO]: [FastLogin] Handling player <user name>
[01:19:24 ERROR]: [FastLogin] Failed to check premium state for <user name>
java.io.FileNotFoundException: https://authserver.ely.by/api/authlib-injector/api/users/profiles/minecraft/<user name>
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:490) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1974) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1969) ~[?:?]
at java.security.AccessController.doPrivileged(AccessController.java:738) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1968) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1536) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520) ~[?:?]
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:250) ~[?:?]
at com.github.games647.craftapi.resolver.MojangResolver.findProfile(MojangResolver.java:179) ~[?:?]
at com.github.games647.fastlogin.core.shared.JoinManagement.onLogin(JoinManagement.java:55) ~[?:?]
at com.github.games647.fastlogin.bukkit.listener.protocollib.NameCheckTask.run(NameCheckTask.java:45) ~[?:?]
at java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1736) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
at java.lang.Thread.run(Thread.java:836) [?:?]
Caused by: java.io.FileNotFoundException: https://authserver.ely.by/api/authlib-injector/api/users/profiles/minecraft/<user name>
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1920) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520) ~[?:?]
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:527) ~[?:?]
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:334) ~[?:?]
at com.github.games647.craftapi.resolver.MojangResolver.findProfile(MojangResolver.java:164) ~[?:?]
... 6 more
[01:19:24 ERROR]: [FastLogin] Failed to check premium state of <user name>
java.io.FileNotFoundException: https://authserver.ely.by/api/authlib-injector/api/users/profiles/minecraft/<user name>
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:490) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1974) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1969) ~[?:?]
at java.security.AccessController.doPrivileged(AccessController.java:738) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1968) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1536) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520) ~[?:?]
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:250) ~[?:?]
at com.github.games647.craftapi.resolver.MojangResolver.findProfile(MojangResolver.java:179) ~[?:?]
at com.github.games647.fastlogin.core.shared.JoinManagement.onLogin(JoinManagement.java:55) ~[?:?]
at com.github.games647.fastlogin.bukkit.listener.protocollib.NameCheckTask.run(NameCheckTask.java:45) ~[?:?]
at java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1736) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
at java.lang.Thread.run(Thread.java:836) [?:?]
Caused by: java.io.FileNotFoundException: https://authserver.ely.by/api/authlib-injector/api/users/profiles/minecraft/<user name>
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1920) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520) ~[?:?]
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:527) ~[?:?]
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:334) ~[?:?]
at com.github.games647.craftapi.resolver.MojangResolver.findProfile(MojangResolver.java:164) ~[?:?]
... 6 more
Possible fix : points https://authserver.ely.by/api/authlib-injector/api/
to https://authserver.ely.by/api/
Thank you !
The SSL certificate for the login server expired on Dec 17th 2022 so now it's not possible to log in via a minecraft launcher which supports ely.by login.
Can you implement https://mojang-api-docs.netlify.app/needs-auth/view-profile.html this API?
The Docker container cannot be built as-is due to an error related to Debian repositories:
I am running Windows 10 LTSC 2021 (19044). I installed PhpStorm via Toolbox, and PHP7 via the official archives. When I opened the project, PhpStorm suggested that it can download Composer and install the needed dependencies. After agreeing to that, a composer.phar
file appeared, and IDE features started working correctly.
I also had WSL2 installed with Arch
A few days later, I needed to run the backend locally to test a session server fix. I installed Docker Desktop, left the WSL2 backend as the default. Firstly, I ran the cp
commands at the top of the guide. When I tried to run docker-compose up -d
. I ran into an error shown on the screenshot above.
When retrieving a Minecraft profile using /api/minecraft/session/profile/<UUID>
, the Base64-encoded texture information will have an empty array in the textures
field if the user did not set a skin on the website and there's no Mojang account to proxy a skin from. However, the Mojang implementation always returns an empty object and launchers that explicitly check that it's an object will fail to add the profile until the user has set a skin
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.