Class AccountManager

java.lang.Object
com.haven.havenplugin.accounts.AccountManager
public class AccountManager extends Object
Manages player accounts stored under <pluginDataFolder>/data/userData/.

Directory layout

data/
  playtime/UUIDs/
    <username>.UUID        — raw 32-hex UUID, no dashes (written by Playtime module)
  userData/
    users/
      <UUID>/
        accountInfo.json   — creation timestamp, tracker, username
        secrets.json       — password hash + salt
        dynamicData.json   — lastLogin, alerts[]

Account creation / reset

  1. Client submits username + password via newAccount(String).
  2. Server hashes the password and stores a AccountManager.PendingVerification in memory along with a short random code.
  3. The player runs /onlineaccount verify <code> in-game. verifyAccount(String, String, String) matches the code, writes account files, and removes the pending entry.
  4. If the account already exists the same flow applies, but only secrets.json is overwritten (password reset).

Password hashing

262144 iterations of SHA3-512 over (previous || salt). Result is standard Base64-encoded.

  • Constructor Details

    • AccountManager

      public AccountManager(File pluginDataFolder, Logger logger)

  • Method Details

    • newAccount

      public String newAccount(String base64data) throws Exception
      Begin account creation or password reset.

      Expected base64url-encoded JSON payload: 

      { "username": "...", "pwd": "...", "tracker": "..." }

      On success the player must run /onlineaccount verify <code> in-game within 15 minutes to complete the flow.

      Returns:
      JSON with status:"pending" and the code to display
      Throws:
      Exception

    • verifyAccount

      public String verifyAccount(String uuid, String username, String code)
      Complete verification from an in-game /onlineaccount verify command.

      Called by OnlineAccountCommand on the main thread after the player submits their code.

      Parameters:
      uuid - 32-char UUID of the online player
      username - Current in-game name (stored in accountInfo.json on first creation)
      code - Code submitted by the player
      Returns:
      Human-readable result to send as a chat message

    • login

      public String login(String base64data) throws Exception
      Log in with username + password and receive a token.

      Expected base64url-encoded JSON payload: 

      { "username": "...", "pwd": "..." }
      Throws:
      Exception

    • accountStatus

      public String accountStatus(String username)
      Return the account status for a username.

      Possible values: "active", "pending", "none", "error".

    • accountInfo

      public String accountInfo(String token) throws Exception
      Return merged account data for a valid token.
      Throws:
      Exception

    • getAccountSummary

      public List<String> getAccountSummary(String uuid, String username)
      Build a human-readable account summary for an online player.
      Parameters:
      uuid - 32-char UUID
      username - In-game name
      Returns:
      Lines to send to the player as chat messages

    • addUserAlert

      public void addUserAlert(String uuid, String alertType, String message)
      Append an alert to a user's dynamicData.json. Best-effort — failures are logged but not thrown.

    • cleanupExpired

      public void cleanupExpired()
      Remove expired pending verifications. Safe to call from any thread.

    • hashPassword

      public static String hashPassword(String password, String salt)

    • generateSalt

      public static String generateSalt()