目前的邮箱注册逻辑似乎存在问题

[Chaostarts]

What behaviour is observed?

如果我使用以下配置

    registration:
        # Enable registration on the server?
        enabled: true
        # Send every X seconds a message to a player to
        # remind him that he has to login/register
        messageInterval: 5
        # Only registered and logged in players can play.
        # See restrictions for exceptions
        force: true
        # Type of registration: PASSWORD or EMAIL
        # PASSWORD = account is registered with a password supplied by the user;
        # EMAIL = password is generated and sent to the email provided by the user.
        # More info at https://github.com/AuthMe/AuthMeReloaded/wiki/Registration
        type: PASSWORD 
        # Second argument the /register command should take: 
        # NONE = no 2nd argument
        # CONFIRMATION = must repeat first argument (pass or email)
        # EMAIL_OPTIONAL = for password register: 2nd argument can be empty or have email address
        # EMAIL_MANDATORY = for password register: 2nd argument MUST be an email address
        secondArg: EMAIL_MANDATORY 

两步验证将不会验证后面的email是否为真实的邮箱地址 而是直接给玩家注册
这是不安全的

所以我现在只能使用以下配置

    registration:
        # Enable registration on the server?
        enabled: true
        # Send every X seconds a message to a player to
        # remind him that he has to login/register
        messageInterval: 5
        # Only registered and logged in players can play.
        # See restrictions for exceptions
        force: true
        # Type of registration: PASSWORD or EMAIL
        # PASSWORD = account is registered with a password supplied by the user;
        # EMAIL = password is generated and sent to the email provided by the user.
        # More info at https://github.com/AuthMe/AuthMeReloaded/wiki/Registration
        type: EMAIL 
        # Second argument the /register command should take: 
        # NONE = no 2nd argument
        # CONFIRMATION = must repeat first argument (pass or email)
        # EMAIL_OPTIONAL = for password register: 2nd argument can be empty or have email address
        # EMAIL_MANDATORY = for password register: 2nd argument MUST be an email address
        secondArg: NONE 

但是正版玩家在输入email之后退出游戏再重进将可以Fastlogin直接登录而绕过邮箱验证 所以我希望可以改改邮箱2fa的规则

Expected behaviour

To Reproduce

希望可以添加一个验证两步验证邮箱之后再给玩家注册的功能

Plugin list

AuthMe, AuthMeVelocity, Fastlogin , PlugManX, PowerBoard, ProtocolLib, tpLogin, UTitleAuth, Vault, ViaBackwards, ViaRewind, ViaVersion

Server Implementation

BungeeCord

Database Implementation

MySQL

AuthMe Version

13:19:22 INFO]: ==========[ AuthMeReloaded ABOUT ]========== [13:19:22 INFO]: Version: AuthMeReloaded v5.7.0-FORK (build: 52) [13:19:22 INFO]: Database Implementation: MYSQL [13:19:22 INFO]: Authors: [13:19:22 INFO]: Gabriele C. // sgdc3 (Project manager, Contributor) [13:19:22 INFO]: Lucas J. // ljacqu (Main Developer) [13:19:22 INFO]: games647 // games647 (Developer) [13:19:22 INFO]: Hex3l // Hex3l (Developer) [13:19:22 INFO]: krusic22 // krusic22 (Support) [13:19:22 INFO]: Retired authors: [13:19:22 INFO]: Alexandre Vanhecke // xephi59 (Original Author) [13:19:22 INFO]: Gnat008 // gnat008 (Developer, Retired) [13:19:22 INFO]: DNx5 // DNx5 (Developer, Retired) [13:19:22 INFO]: Tim Visee // timvisee (Developer, Retired) [13:19:22 INFO]: Website: https://github.com/AuthMe/AuthMeReloaded [13:19:22 INFO]: License: GNU GPL v3.0 (See LICENSE file) [13:19:22 INFO]: Copyright: Copyright (c) AuthMe-Team 2024. Released under GPL v3 License.

Error log (if applicable)

No response

Configuration

[HaHaWTH]

更新至b53, AuthMe暴露的api比较少，FastLogin只能做到这样了