Require player re-join to confirm auto-login request

Fixes #159
Fixes #242
Fixes #256
Fixes #286

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,6 +1,14 @@
+---
+name: Bug report
+about: Something isn't working
+title: ''
+labels: 'bug'
+assignees: ''
+
+---
+
 [//]: # (Lines in this format are considered as comments and will not be displayed.)
-[//]: #
-[//]: # (Before reporting make sure you're running the **latest build** of the plugin and checked for duplicate issues!)
+[//]: # (Before reporting make sure you're running the **latest build** of the plugin and checked for existing issues!)
 
 ### What behaviour is observed:
 [//]: # (What happened?)
@@ -11,18 +19,23 @@
 ### Steps/models to reproduce:
 [//]: # (The actions that cause the issue. Please explain it in detail)
 
+### Screenshots (if applicable)
+[//]: # (You can drop the files here directly)
+
 ### Plugin list:
 [//]: # (This can be found by running `/pl`)
 
 ### Environment description
-[//]: # (Server software with exact version number, Minecraft version, SQLite/MySQL, ...)
+[//]: # (Server software with exact version number, Minecraft version, SQLite/MySQL/MariaDB, ...)
 
 ### Plugin version or build number (don't write latest):
 [//]: # (This can be found by running `/version plugin-name`.)
 
-### Error Log:
-[Hastebin](https://hastebin.com/) / [Gist](https://gist.github.com/) link of the error or stacktrace (if any)
+### Server Log:
+[//]: # (No images please - only the textual representation)
+[Hastebin](https://hastebin.com/) / [Gist](https://gist.github.com/) link of the error, stacktrace or the complete log (if any)
 
 ### Configuration:
+[//]: # (No images please - only the textual representation)
 [//]: # (remember to delete any sensitive data)
 [Hastebin](https://hastebin.com/) / [Gist](https://gist.github.com/) link of your config.yml file 

.github/ISSUE_TEMPLATE/enhancement_request.md

@@ -0,0 +1,22 @@
+---
+name: Enhancement request
+about: New feature or change request
+title: ''
+labels: 'enhancement'
+assignees: ''
+
+---
+
+[//]: # (Lines in this format are considered as comments and will not be displayed.)
+
+### Is your feature request related to a problem? Please describe.
+[//]: # (A clear and concise description of what the problem is. Ex. I'm always frustrated when [...])
+
+### Describe the solution you'd like
+[//]: # (A clear and concise description of what you want to happen.)
+
+### Describe alternatives you've considered
+[//]: # (A clear and concise description of any alternative solutions or features you've considered.)
+
+### Additional context
+[//]: # (Add any other context or screenshots about the feature request here.)

.github/ISSUE_TEMPLATE/question.md

@@ -0,0 +1,10 @@
+---
+name: Question
+about: You want to ask something
+title: ''
+labels: 'question'
+assignees: ''
+
+---
+
+

.github/pull_request_template.md

@@ -0,0 +1,8 @@
+[//]: # (Lines in this format are considered as comments and will not be displayed.)
+[//]: # (If your work is in progress, please consider making a draft pull request.)
+
+### Summary of your change
+[//]: # (Example: motiviation, enhancement)
+
+### Related issue
+[//]: # (Reference it using '#NUMBER'. Ex: Fixes/Related #...)

.github/workflows/maven.yml

@@ -0,0 +1,42 @@
+# Human readable name
+name: Java CI
+
+# Build on every push and pull request regardless of the branch
+# Wiki: https://help.github.com/en/actions/reference/events-that-trigger-workflows
+on:
+    - push
+    - pull_request
+
+jobs:
+  # job id
+  build_and_test:
+
+    # Environment image - always newest OS
+    runs-on: ubuntu-latest
+
+    # Run steps
+    steps:
+    # Pull changes
+    - uses: actions/checkout@v2
+    # Cache artifacts - however this has the downside that we don't get notified of
+    # artifact resolution failures like invalid repository
+    # Nevertheless the repositories should be more stable and it makes no sense to pull
+    # a same version every time
+    # A dry run would make more sense
+    - uses: actions/cache@v1
+      with:
+        path: ~/.m2/repository
+        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-maven-
+    # Setup Java
+    - name: Set up JDK
+      uses: actions/setup-java@v1.3.0
+      with:
+        # Use Java 8, because it's minimum required version
+        java-version: 8
+    # Build and test (included in package)
+    - name: Build with Maven and test
+    # Run non-interactive, package (with compile+test),
+    # ignore snapshot updates, because they are likely to have breaking changes, enforce checksums to validate posssible errors in depdendencies
+      run: mvn --batch-mode package --no-snapshot-updates --strict-checksums --file pom.xml

.travis.yml

@@ -1,13 +0,0 @@
-# Use https://travis-ci.org/ for automatic testing
-
-# speed up testing https://blog.travis-ci.com/2014-12-17-faster-builds-with-container-based-infrastructure/
-sudo: false
-
-# This is a java project
-language: java
-
-script: mvn test -B
-
-jdk:
-  - oraclejdk8
-  - oraclejdk9

README.md

@@ -51,7 +51,7 @@ https://ci.codemc.org/job/Games647/job/FastLogin/changes
 * Plugin: 
     * [ProtocolLib](https://www.spigotmc.org/resources/protocollib.1997/) or 
     * [ProtocolSupport](https://www.spigotmc.org/resources/protocolsupport.7201/)
-* [Spigot](https://www.spigotmc.org) 1.7.10+
+* [Spigot](https://www.spigotmc.org) 1.8.8+
 * Java 8+
 * Run Spigot and/or BungeeCord/Waterfall in offline mode (see server.properties or config.yml)
 * An auth plugin. Supported plugins
@@ -70,6 +70,13 @@ https://ci.codemc.org/job/Games647/job/FastLogin/changes
 
 * [BungeeAuth](https://www.spigotmc.org/resources/bungeeauth.493/)
 
+## Network requests
+
+This plugin performs network requests to:
+
+* https://api.mojang.com - retrieving uuid data to decide if we should activate premium login
+* https://sessionserver.mojang.com - verify if the player is the owner of that account
+
 ***
 
 ## How to install

bukkit/pom.xml

@@ -1,5 +1,5 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <parent>
@@ -20,7 +20,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-shade-plugin</artifactId>
-                <version>3.1.0</version>
+                <version>3.2.2</version>
                 <configuration>
                     <createDependencyReducedPom>false</createDependencyReducedPom>
                     <shadedArtifactAttached>false</shadedArtifactAttached>
@@ -56,40 +56,47 @@
     </build>
 
     <repositories>
-        <!--Bukkit-Server-API -->
+        <!-- Bukkit-Server-API -->
         <repository>
             <id>spigot-repo</id>
             <url>https://hub.spigotmc.org/nexus/content/repositories/snapshots/</url>
+            <!-- Disable snapshot release policy to speed up, when finding a artifact -->
+            <releases>
+                <enabled>false</enabled>
+            </releases>
         </repository>
 
-        <!--LoginSecurity-->
-        <repository>
-            <id>lenis0012-repo</id>
-            <url>http://ci.lenis0012.com/plugin/repository/everything/</url>
-        </repository>
-
-        <!--ProtocolLib-->
+        <!-- ProtocolLib -->
         <repository>
             <id>dmulloy2-repo</id>
-            <url>http://repo.dmulloy2.net/content/groups/public/</url>
+            <url>https://repo.dmulloy2.net/nexus/repository/public/</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
         </repository>
 
-        <!--AuthMe Reloaded and xAuth -->
+        <!-- AuthMe Reloaded, xAuth and LoginSecurity -->
         <repository>
-            <id>codemc-repo</id>
-            <url>https://repo.codemc.org/repository/maven-public/</url>
+            <id>codemc-releases</id>
+            <url>https://repo.codemc.io/repository/maven-public/</url>
         </repository>
 
-        <!--GitHub automatic maven builds-->
+        <!-- GitHub automatic maven builds -->
         <repository>
             <id>jitpack.io</id>
             <url>https://jitpack.io</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
         </repository>
 
-        <!--PlaceholderAPI -->
+        <!-- PlaceholderAPI -->
         <repository>
             <id>placeholderapi</id>
-            <url>http://repo.extendedclip.com/content/repositories/placeholderapi/</url>
+            <url>https://repo.extendedclip.com/content/repositories/placeholderapi</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
         </repository>
     </repositories>
 
@@ -113,7 +120,7 @@
         <dependency>
             <groupId>com.comphenix.protocol</groupId>
             <artifactId>ProtocolLib</artifactId>
-            <version>4.3.0</version>
+            <version>4.5.0</version>
             <scope>provided</scope>
         </dependency>
 
@@ -121,8 +128,8 @@
         <dependency>
             <groupId>com.github.ProtocolSupport</groupId>
             <artifactId>ProtocolSupport</artifactId>
-            <!--4.25.dev-->
-            <version>a4f060dc46</version>
+            <!--4.29.dev after commit about API improvements-->
+            <version>3a80c661fe</version>
             <scope>provided</scope>
         </dependency>
 
@@ -130,7 +137,7 @@
         <dependency>
             <groupId>me.clip</groupId>
             <artifactId>placeholderapi</artifactId>
-            <version>2.8.5</version>
+            <version>2.10.4</version>
             <scope>provided</scope>
             <optional>true</optional>
             <exclusions>
@@ -159,7 +166,7 @@
         <dependency>
             <groupId>com.lenis0012.bukkit</groupId>
             <artifactId>loginsecurity</artifactId>
-            <version>2.1.7</version>
+            <version>3.0.1</version>
             <scope>provided</scope>
             <optional>true</optional>
             <exclusions>

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/BukkitLoginSession.java

@@ -1,13 +1,11 @@
 package com.github.games647.fastlogin.bukkit;
 
-import com.github.games647.craftapi.model.skin.Property;
+import com.github.games647.craftapi.model.skin.SkinProperty;
 import com.github.games647.fastlogin.core.StoredProfile;
 import com.github.games647.fastlogin.core.shared.LoginSession;
 
 import java.util.Optional;
 
-import org.apache.commons.lang.ArrayUtils;
-
 /**
  * Represents a client connecting to the server.
  *
@@ -15,29 +13,44 @@ import org.apache.commons.lang.ArrayUtils;
  */
 public class BukkitLoginSession extends LoginSession {
 
+    private static final byte[] EMPTY_ARRAY = {};
+
     private final String serverId;
     private final byte[] verifyToken;
 
     private boolean verified;
 
-    private Property skinProperty;
+    private SkinProperty skinProperty;
 
     public BukkitLoginSession(String username, String serverId, byte[] verifyToken, boolean registered
             , StoredProfile profile) {
         super(username, registered, profile);
 
         this.serverId = serverId;
-        this.verifyToken = ArrayUtils.clone(verifyToken);
+        this.verifyToken = verifyToken.clone();
+    }
+
+    public BukkitLoginSession(String username, String serverId, byte[] verifyToken, StoredProfile profile) {
+        // confirmation login
+        super(username, profile);
+
+        this.serverId = serverId;
+        this.verifyToken = verifyToken.clone();
     }
 
     //available for BungeeCord
     public BukkitLoginSession(String username, boolean registered) {
-        this(username, "", ArrayUtils.EMPTY_BYTE_ARRAY, registered, null);
+        this(username, "", EMPTY_ARRAY, registered, null);
     }
 
     //cracked player
     public BukkitLoginSession(String username, StoredProfile profile) {
-        this(username, "", ArrayUtils.EMPTY_BYTE_ARRAY, false, profile);
+        this(username, "", EMPTY_ARRAY, false, profile);
+    }
+
+    //ProtocolSupport
+    public BukkitLoginSession(String username, boolean registered, StoredProfile profile) {
+        this(username, "", EMPTY_ARRAY, registered, profile);
     }
 
     /**
@@ -47,14 +60,14 @@ public class BukkitLoginSession extends LoginSession {
      *
      * @return the verify token from the server
      */
-    public byte[] getVerifyToken() {
-        return ArrayUtils.clone(verifyToken);
+    public synchronized byte[] getVerifyToken() {
+        return verifyToken.clone();
     }
 
     /**
      * @return premium skin if available
      */
-    public synchronized Optional<Property> getSkin() {
+    public synchronized Optional<SkinProperty> getSkin() {
         return Optional.ofNullable(skinProperty);
     }
 
@@ -62,7 +75,7 @@ public class BukkitLoginSession extends LoginSession {
      * Sets the premium skin property which was retrieved by the session server
      * @param skinProperty premium skin
      */
-    public synchronized void setSkinProperty(Property skinProperty) {
+    public synchronized void setSkinProperty(SkinProperty skinProperty) {
         this.skinProperty = skinProperty;
     }
 

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/BukkitScheduler.java

@@ -0,0 +1,27 @@
+package com.github.games647.fastlogin.bukkit;
+
+import com.github.games647.fastlogin.core.AsyncScheduler;
+
+import java.util.concurrent.Executor;
+import java.util.concurrent.ThreadFactory;
+
+import org.bukkit.Bukkit;
+import org.bukkit.plugin.Plugin;
+import org.slf4j.Logger;
+
+public class BukkitScheduler extends AsyncScheduler {
+
+    private final Plugin plugin;
+    private final Executor syncExecutor;
+
+    public BukkitScheduler(Plugin plugin, Logger logger, ThreadFactory threadFactory) {
+        super(logger, threadFactory);
+        this.plugin = plugin;
+
+        syncExecutor = r -> Bukkit.getScheduler().runTask(plugin, r);
+    }
+
+    public Executor getSyncExecutor() {
+        return syncExecutor;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/EncryptionUtil.java

@@ -8,7 +8,6 @@ import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.util.Random;
 
@@ -83,28 +82,24 @@ public class EncryptionUtil {
     /**
      * Decrypts the content and extracts the key spec.
      *
-     * @param cipher     decryption cipher
-     * @param privateKey private key of the server
+     * @param cipher     decryption cipher initialized with the private key
      * @param sharedKey  the encrypted shared key
      * @return shared secret key
-     * @throws GeneralSecurityException
+     * @throws GeneralSecurityException if it fails to decrypt the data
      */
-    public static SecretKey decryptSharedKey(Cipher cipher, PrivateKey privateKey, byte[] sharedKey)
-            throws GeneralSecurityException {
-        return new SecretKeySpec(decrypt(cipher, privateKey, sharedKey), "AES");
+    public static SecretKey decryptSharedKey(Cipher cipher, byte[] sharedKey) throws GeneralSecurityException {
+        return new SecretKeySpec(decrypt(cipher, sharedKey), "AES");
     }
 
     /**
      * Decrypted the given data using the cipher.
      *
-     * @param cipher decryption cypher
-     * @param key    server private key
+     * @param cipher decryption cypher initialized with the private key
      * @param data   the encrypted data
      * @return clear text data
-     * @throws GeneralSecurityException if it fails to initialize and decrypt the data
+     * @throws GeneralSecurityException if it fails to decrypt the data
      */
-    public static byte[] decrypt(Cipher cipher, PrivateKey key, byte[] data) throws GeneralSecurityException {
-        cipher.init(Cipher.DECRYPT_MODE, key);
+    public static byte[] decrypt(Cipher cipher, byte[] data) throws GeneralSecurityException {
         return cipher.doFinal(data);
     }
 

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/FastLoginBukkit.java

@@ -11,6 +11,8 @@ import com.github.games647.fastlogin.bukkit.task.DelayedAuthHook;
 import com.github.games647.fastlogin.core.CommonUtil;
 import com.github.games647.fastlogin.core.PremiumStatus;
 import com.github.games647.fastlogin.core.message.ChannelMessage;
+import com.github.games647.fastlogin.core.message.LoginActionMessage;
+import com.github.games647.fastlogin.core.message.NamespaceKey;
 import com.github.games647.fastlogin.core.shared.FastLoginCore;
 import com.github.games647.fastlogin.core.shared.PlatformPlugin;
 import com.google.common.io.ByteArrayDataOutput;
@@ -29,6 +31,9 @@ import org.bukkit.plugin.java.JavaPlugin;
 import org.bukkit.plugin.messaging.PluginMessageRecipient;
 import org.slf4j.Logger;
 
+import static com.github.games647.fastlogin.core.message.ChangePremiumMessage.CHANGE_CHANNEL;
+import static com.github.games647.fastlogin.core.message.SuccessMessage.SUCCESS_CHANNEL;
+
 /**
  * This plugin checks if a player has a paid account and if so tries to skip offline mode authentication.
  */
@@ -36,17 +41,24 @@ public class FastLoginBukkit extends JavaPlugin implements PlatformPlugin<Comman
 
     //1 minutes should be enough as a timeout for bad internet connection (Server, Client and Mojang)
     private final ConcurrentMap<String, BukkitLoginSession> loginSession = CommonUtil.buildCache(1, -1);
-    private final Logger logger = CommonUtil.createLoggerFromJDK(getLogger());
     private final Map<UUID, PremiumStatus> premiumPlayers = new ConcurrentHashMap<>();
+    private final Logger logger;
 
     private boolean serverStarted;
     private boolean bungeeCord;
+    private final BukkitScheduler scheduler;
     private FastLoginCore<Player, CommandSender, FastLoginBukkit> core;
 
+    public FastLoginBukkit() {
+        this.logger = CommonUtil.createLoggerFromJDK(getLogger());
+        this.scheduler = new BukkitScheduler(this, logger, getThreadFactory());
+    }
+
     @Override
     public void onEnable() {
         core = new FastLoginCore<>(this);
         core.load();
+
         try {
             bungeeCord = Class.forName("org.spigotmc.SpigotConfig").getDeclaredField("bungee").getBoolean(null);
         } catch (ClassNotFoundException notFoundEx) {
@@ -66,9 +78,15 @@ public class FastLoginBukkit extends JavaPlugin implements PlatformPlugin<Comman
         if (bungeeCord) {
             setServerStarted();
 
-            //check for incoming messages from the bungeecord version of this plugin
-            getServer().getMessenger().registerIncomingPluginChannel(this, getName(), new BungeeListener(this));
-            getServer().getMessenger().registerOutgoingPluginChannel(this, getName());
+            // check for incoming messages from the bungeecord version of this plugin
+            String forceChannel = NamespaceKey.getCombined(getName(), LoginActionMessage.FORCE_CHANNEL);
+            getServer().getMessenger().registerIncomingPluginChannel(this, forceChannel, new BungeeListener(this));
+
+            // outgoing
+            String successChannel = new NamespaceKey(getName(), SUCCESS_CHANNEL).getCombinedName();
+            String changeChannel = new NamespaceKey(getName(), CHANGE_CHANNEL).getCombinedName();
+            getServer().getMessenger().registerOutgoingPluginChannel(this, successChannel);
+            getServer().getMessenger().registerOutgoingPluginChannel(this, changeChannel);
         } else {
             if (!core.setupDatabase()) {
                 setEnabled(false);
@@ -167,10 +185,10 @@ public class FastLoginBukkit extends JavaPlugin implements PlatformPlugin<Comman
     public void sendPluginMessage(PluginMessageRecipient player, ChannelMessage message) {
         if (player != null) {
             ByteArrayDataOutput dataOutput = ByteStreams.newDataOutput();
-            dataOutput.writeUTF(message.getChannelName());
-
             message.writeTo(dataOutput);
-            player.sendPluginMessage(this, this.getName(), dataOutput.toByteArray());
+
+            NamespaceKey channel = new NamespaceKey(getName(), message.getChannelName());
+            player.sendPluginMessage(this, channel.getCombinedName(), dataOutput.toByteArray());
         }
     }
 
@@ -184,6 +202,11 @@ public class FastLoginBukkit extends JavaPlugin implements PlatformPlugin<Comman
         return logger;
     }
 
+    @Override
+    public BukkitScheduler getScheduler() {
+        return scheduler;
+    }
+
     @Override
     public void sendMessage(CommandSender receiver, String message) {
         receiver.sendMessage(message);

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/command/CrackedCommand.java

@@ -3,7 +3,6 @@ package com.github.games647.fastlogin.bukkit.command;
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
 import com.github.games647.fastlogin.core.StoredProfile;
 
-import org.bukkit.Bukkit;
 import org.bukkit.command.Command;
 import org.bukkit.command.CommandSender;
 
@@ -44,7 +43,7 @@ public class CrackedCommand extends ToggleCommand {
 
                 profile.setPremium(false);
                 profile.setId(null);
-                Bukkit.getScheduler().runTaskAsynchronously(plugin, () -> {
+                plugin.getScheduler().runAsync(() -> {
                     plugin.getCore().getStorage().save(profile);
                 });
             } else {
@@ -76,7 +75,7 @@ public class CrackedCommand extends ToggleCommand {
             plugin.getCore().sendLocaleMessage("remove-premium", sender);
 
             profile.setPremium(false);
-            Bukkit.getScheduler().runTaskAsynchronously(plugin, () -> {
+            plugin.getScheduler().runAsync(() -> {
                 plugin.getCore().getStorage().save(profile);
             });
         }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/command/PremiumCommand.java

@@ -1,11 +1,9 @@
 package com.github.games647.fastlogin.bukkit.command;
 
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.core.ConfirmationState;
 import com.github.games647.fastlogin.core.StoredProfile;
 
-import java.util.UUID;
-
-import org.bukkit.Bukkit;
 import org.bukkit.command.Command;
 import org.bukkit.command.CommandSender;
 import org.bukkit.entity.Player;
@@ -37,31 +35,44 @@ public class PremiumCommand extends ToggleCommand {
             return;
         }
 
-        if (forwardPremiumCommand(sender, sender.getName())) {
+        Player player = (Player) sender;
+        String playerName = sender.getName();
+        if (forwardPremiumCommand(sender, playerName)) {
             return;
         }
 
-            UUID id = ((Player) sender).getUniqueId();
-            if (plugin.getConfig().getBoolean("premium-warning") && !plugin.getCore().getPendingConfirms().contains(id)) {
-                sender.sendMessage(plugin.getCore().getMessage("premium-warning"));
-                plugin.getCore().getPendingConfirms().add(id);
-                return;
+        // non-bungee mode
+        if (plugin.getConfig().getBoolean("premium-confirm")) {
+            ConfirmationState state = plugin.getCore().getPendingConfirms().get(playerName);
+            if (state == null) {
+                // no pending confirmation
+                plugin.getCore().getPendingConfirms().put(playerName, ConfirmationState.REQUIRE_RELOGIN);
+                player.kickPlayer(plugin.getCore().getMessage("premium-confirm"));
+            } else if (state == ConfirmationState.REQUIRE_AUTH_PLUGIN_LOGIN) {
+                // player logged in successful using premium authentication
+                activate(sender, playerName);
             }
+        } else {
+            activate(sender, playerName);
+        }
+    }
 
-            plugin.getCore().getPendingConfirms().remove(id);
-            //todo: load async
-            StoredProfile profile = plugin.getCore().getStorage().loadProfile(sender.getName());
-            if (profile.isPremium()) {
-                plugin.getCore().sendLocaleMessage("already-exists", sender);
-            } else {
-                //todo: resolve uuid
-                profile.setPremium(true);
-                Bukkit.getScheduler().runTaskAsynchronously(plugin, () -> {
-                    plugin.getCore().getStorage().save(profile);
-                });
+    private void activate(CommandSender sender, String playerName) {
+        plugin.getCore().getPendingConfirms().remove(playerName);
 
-                plugin.getCore().sendLocaleMessage("add-premium", sender);
-            }
+        //todo: load async
+        StoredProfile profile = plugin.getCore().getStorage().loadProfile(playerName);
+        if (profile.isPremium()) {
+            plugin.getCore().sendLocaleMessage("already-exists", sender);
+        } else {
+            //todo: resolve uuid
+            profile.setPremium(true);
+            plugin.getScheduler().runAsync(() -> {
+                plugin.getCore().getStorage().save(profile);
+            });
+
+            plugin.getCore().sendLocaleMessage("add-premium", sender);
+        }
     }
 
     private void onPremiumOther(CommandSender sender, Command command, String[] args) {
@@ -85,7 +96,7 @@ public class PremiumCommand extends ToggleCommand {
         } else {
             //todo: resolve uuid
             profile.setPremium(true);
-            Bukkit.getScheduler().runTaskAsynchronously(plugin, () -> {
+            plugin.getScheduler().runAsync(() -> {
                 plugin.getCore().getStorage().save(profile);
             });
 

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginAutoLoginEvent.java

@@ -0,0 +1,52 @@
+package com.github.games647.fastlogin.bukkit.event;
+
+import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.shared.LoginSession;
+import com.github.games647.fastlogin.core.shared.event.FastLoginAutoLoginEvent;
+import org.bukkit.event.Cancellable;
+import org.bukkit.event.Event;
+import org.bukkit.event.HandlerList;
+
+public class BukkitFastLoginAutoLoginEvent extends Event implements FastLoginAutoLoginEvent, Cancellable {
+
+    private static final HandlerList handlers = new HandlerList();
+    private final LoginSession session;
+    private final StoredProfile profile;
+    private boolean cancelled;
+
+    public BukkitFastLoginAutoLoginEvent(LoginSession session, StoredProfile profile) {
+        super(true);
+
+        this.session = session;
+        this.profile = profile;
+    }
+
+    @Override
+    public LoginSession getSession() {
+        return session;
+    }
+
+    @Override
+    public StoredProfile getProfile() {
+        return profile;
+    }
+
+    @Override
+    public boolean isCancelled() {
+        return cancelled;
+    }
+
+    @Override
+    public void setCancelled(boolean cancelled) {
+        this.cancelled = cancelled;
+    }
+
+    @Override
+    public HandlerList getHandlers() {
+        return handlers;
+    }
+
+    public static HandlerList getHandlerList() {
+        return handlers;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginPreLoginEvent.java

@@ -0,0 +1,47 @@
+package com.github.games647.fastlogin.bukkit.event;
+
+import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.shared.LoginSource;
+import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent;
+import org.bukkit.event.Event;
+import org.bukkit.event.HandlerList;
+
+public class BukkitFastLoginPreLoginEvent extends Event implements FastLoginPreLoginEvent {
+
+    private static final HandlerList handlers = new HandlerList();
+    private final String username;
+    private final LoginSource source;
+    private final StoredProfile profile;
+
+    public BukkitFastLoginPreLoginEvent(String username, LoginSource source, StoredProfile profile) {
+        super(true);
+
+        this.username = username;
+        this.source = source;
+        this.profile = profile;
+    }
+
+    @Override
+    public String getUsername() {
+        return username;
+    }
+
+    @Override
+    public LoginSource getSource() {
+        return source;
+    }
+
+    @Override
+    public StoredProfile getProfile() {
+        return profile;
+    }
+
+    @Override
+    public HandlerList getHandlers() {
+        return handlers;
+    }
+
+    public static HandlerList getHandlerList() {
+        return handlers;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/CrazyLoginHook.java

@@ -1,5 +1,6 @@
 package com.github.games647.fastlogin.bukkit.hook;
 
+import com.comphenix.protocol.reflect.FieldUtils;
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
 import com.github.games647.fastlogin.core.hooks.AuthPlugin;
 
@@ -13,7 +14,6 @@ import java.util.Optional;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Future;
 
-import org.apache.commons.lang.reflect.FieldUtils;
 import org.bukkit.Bukkit;
 import org.bukkit.entity.Player;
 

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/LoginSecurityHook.java

@@ -11,7 +11,7 @@ import com.lenis0012.bukkit.loginsecurity.session.action.RegisterAction;
 import org.bukkit.entity.Player;
 
 /**
- * GitHub: https://github.com/lenis0012/LoginSecurity-2 
+ * GitHub: https://github.com/lenis0012/LoginSecurity-2
  * <p>
  * Project page:
  * <p>
@@ -30,8 +30,8 @@ public class LoginSecurityHook implements AuthPlugin<Player> {
     @Override
     public boolean forceLogin(Player player) {
         PlayerSession session = LoginSecurity.getSessionManager().getPlayerSession(player);
-        return session.isAuthorized() || session.performAction(new LoginAction(AuthService.PLUGIN, plugin)).isSuccess();
-
+        return session.isAuthorized()
+                || session.performAction(new LoginAction(AuthService.PLUGIN, plugin)).isSuccess();
     }
 
     @Override

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/BungeeListener.java

@@ -46,16 +46,7 @@ public class BungeeListener implements PluginMessageListener {
 
     @Override
     public void onPluginMessageReceived(String channel, Player player, byte[] message) {
-        if (!channel.equals(plugin.getName())) {
-            return;
-        }
-
         ByteArrayDataInput dataInput = ByteStreams.newDataInput(message);
-        String subChannel = dataInput.readUTF();
-        if (!"LoginAction".equals(subChannel)) {
-            plugin.getLog().info("Unknown sub channel {}", subChannel);
-            return;
-        }
 
         LoginActionMessage loginMessage = new LoginActionMessage();
         loginMessage.readFrom(dataInput);
@@ -110,7 +101,7 @@ public class BungeeListener implements PluginMessageListener {
                 }
             }, 10L);
         } else if (type == Type.CRACKED) {
-            //we don't start a forcelogin task here so update it manually
+            //we don't start a force login task here so update it manually
             plugin.getPremiumPlayers().put(player.getUniqueId(), PremiumStatus.CRACKED);
         }
     }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/ConnectionListener.java

@@ -38,6 +38,7 @@ public class ConnectionListener implements Listener {
     public void onPlayerJoin(PlayerJoinEvent joinEvent) {
         Player player = joinEvent.getPlayer();
 
+        removeBlacklistStatus(player);
         if (!plugin.isBungeeEnabled()) {
             //Wait before auth plugin and we received a message from BungeeCord initializes the player
             Runnable forceLoginTask = new ForceLoginTask(plugin.getCore(), player);
@@ -48,9 +49,12 @@ public class ConnectionListener implements Listener {
     @EventHandler
     public void onPlayerQuit(PlayerQuitEvent quitEvent) {
         Player player = quitEvent.getPlayer();
-        player.removeMetadata(plugin.getName(), plugin);
+        removeBlacklistStatus(player);
 
-        plugin.getCore().getPendingConfirms().remove(player.getUniqueId());
         plugin.getPremiumPlayers().remove(player.getUniqueId());
     }
+
+    private void removeBlacklistStatus(Player player) {
+        player.removeMetadata(plugin.getName(), plugin);
+    }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/NameCheckTask.java

@@ -4,8 +4,10 @@ import com.comphenix.protocol.ProtocolLibrary;
 import com.comphenix.protocol.events.PacketEvent;
 import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.event.BukkitFastLoginPreLoginEvent;
 import com.github.games647.fastlogin.core.StoredProfile;
 import com.github.games647.fastlogin.core.shared.JoinManagement;
+import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent;
 
 import java.security.PublicKey;
 import java.util.Random;
@@ -46,6 +48,13 @@ public class NameCheckTask extends JoinManagement<Player, CommandSender, Protoco
         }
     }
 
+    @Override
+    public FastLoginPreLoginEvent callFastLoginPreLoginEvent(String username, ProtocolLibLoginSource source, StoredProfile profile) {
+        BukkitFastLoginPreLoginEvent event = new BukkitFastLoginPreLoginEvent(username, source, profile);
+        plugin.getServer().getPluginManager().callEvent(event);
+        return event;
+    }
+
     //Minecraft server implementation
     //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/LoginListener.java#L161
     @Override
@@ -72,6 +81,26 @@ public class NameCheckTask extends JoinManagement<Player, CommandSender, Protoco
         }
     }
 
+    @Override
+    public void requestConfirmationLogin(ProtocolLibLoginSource source, StoredProfile profile, String username) {
+        try {
+            source.setOnlineMode();
+        } catch (Exception ex) {
+            plugin.getLog().error("Cannot send encryption packet. Falling back to cracked login for: {}", profile, ex);
+            return;
+        }
+
+        String serverId = source.getServerId();
+        byte[] verify = source.getVerifyToken();
+
+        BukkitLoginSession playerSession = new BukkitLoginSession(username, serverId, verify, profile);
+        plugin.getLoginSessions().put(player.getAddress().toString(), playerSession);
+        //cancel only if the player has a paid account otherwise login as normal offline player
+        synchronized (packetEvent.getAsyncMarker().getProcessingLock()) {
+            packetEvent.setCancelled(true);
+        }
+    }
+
     @Override
     public void startCrackedSession(ProtocolLibLoginSource source, StoredProfile profile, String username) {
         BukkitLoginSession loginSession = new BukkitLoginSession(username, profile);

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java

@@ -11,7 +11,6 @@ import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
 import java.security.KeyPair;
 import java.security.SecureRandom;
 
-import org.bukkit.Bukkit;
 import org.bukkit.entity.Player;
 
 import static com.comphenix.protocol.PacketType.Login.Client.ENCRYPTION_BEGIN;
@@ -67,7 +66,7 @@ public class ProtocolLibListener extends PacketAdapter {
 
         packetEvent.getAsyncMarker().incrementProcessingDelay();
         Runnable verifyTask = new VerifyResponseTask(plugin, packetEvent, sender, sharedSecret, keyPair);
-        Bukkit.getScheduler().runTaskAsynchronously(plugin, verifyTask);
+        plugin.getScheduler().runAsync(verifyTask);
     }
 
     private void onLogin(PacketEvent packetEvent, Player player) {
@@ -85,6 +84,6 @@ public class ProtocolLibListener extends PacketAdapter {
 
         packetEvent.getAsyncMarker().incrementProcessingDelay();
         Runnable nameCheckTask = new NameCheckTask(plugin, packetEvent, random, player, username, keyPair.getPublic());
-        Bukkit.getScheduler().runTaskAsynchronously(plugin, nameCheckTask);
+        plugin.getScheduler().runAsync(nameCheckTask);
     }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibLoginSource.java

@@ -14,7 +14,6 @@ import java.security.PublicKey;
 import java.util.Arrays;
 import java.util.Random;
 
-import org.apache.commons.lang.ArrayUtils;
 import org.bukkit.entity.Player;
 
 import static com.comphenix.protocol.PacketType.Login.Server.DISCONNECT;
@@ -43,7 +42,7 @@ public class ProtocolLibLoginSource implements LoginSource {
         verifyToken = EncryptionUtil.generateVerifyToken(random);
 
         /*
-         * Packet Information: http://wiki.vg/Protocol#Encryption_Request
+         * Packet Information: https://wiki.vg/Protocol#Encryption_Request
          *
          * ServerID="" (String) key=public server key verifyToken=random 4 byte array
          */
@@ -85,7 +84,7 @@ public class ProtocolLibLoginSource implements LoginSource {
     }
 
     public byte[] getVerifyToken() {
-        return ArrayUtils.clone(verifyToken);
+        return verifyToken.clone();
     }
 
     @Override

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/SkinApplyListener.java

@@ -6,7 +6,7 @@ import com.comphenix.protocol.reflect.accessors.MethodAccessor;
 import com.comphenix.protocol.utility.MinecraftReflection;
 import com.comphenix.protocol.wrappers.WrappedGameProfile;
 import com.comphenix.protocol.wrappers.WrappedSignedProperty;
-import com.github.games647.craftapi.model.skin.Property;
+import com.github.games647.craftapi.model.skin.Textures;
 import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
 
@@ -54,14 +54,14 @@ public class SkinApplyListener implements Listener {
     private void applySkin(Player player, String skinData, String signature) {
         WrappedGameProfile gameProfile = WrappedGameProfile.fromPlayer(player);
 
-        WrappedSignedProperty skin = WrappedSignedProperty.fromValues(Property.TEXTURE_KEY, skinData, signature);
+        WrappedSignedProperty skin = WrappedSignedProperty.fromValues(Textures.KEY, skinData, signature);
         try {
-            gameProfile.getProperties().put(Property.TEXTURE_KEY, skin);
+            gameProfile.getProperties().put(Textures.KEY, skin);
         } catch (ClassCastException castException) {
             //Cauldron, MCPC, Thermos, ...
             Object map = GET_PROPERTIES.invoke(gameProfile.getHandle());
             try {
-                MethodUtils.invokeMethod(map, "put", new Object[]{Property.TEXTURE_KEY, skin.getHandle()});
+                MethodUtils.invokeMethod(map, "put", new Object[]{Textures.KEY, skin.getHandle()});
             } catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException ex) {
                 plugin.getLog().error("Error setting premium skin of: {}", player, ex);
             }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java

@@ -9,14 +9,13 @@ import com.comphenix.protocol.reflect.FuzzyReflection;
 import com.comphenix.protocol.wrappers.WrappedChatComponent;
 import com.comphenix.protocol.wrappers.WrappedGameProfile;
 import com.github.games647.craftapi.model.auth.Verification;
-import com.github.games647.craftapi.model.skin.Property;
+import com.github.games647.craftapi.model.skin.SkinProperty;
 import com.github.games647.craftapi.resolver.MojangResolver;
 import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
 import com.github.games647.fastlogin.bukkit.EncryptionUtil;
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
 
 import java.io.IOException;
-import java.lang.reflect.Field;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.net.InetAddress;
@@ -60,7 +59,7 @@ public class VerifyResponseTask implements Runnable {
         try {
             BukkitLoginSession session = plugin.getLoginSessions().get(player.getAddress().toString());
             if (session == null) {
-                disconnect(plugin.getCore().getMessage("invalid-request"), true
+                disconnect("invalid-request", true
                         , "GameProfile {0} tried to send encryption response at invalid state", player.getAddress());
             } else {
                 verifyResponse(session);
@@ -82,8 +81,9 @@ public class VerifyResponseTask implements Runnable {
         SecretKey loginKey;
         try {
             cipher = Cipher.getInstance(privateKey.getAlgorithm());
+            cipher.init(Cipher.DECRYPT_MODE, privateKey);
 
-            loginKey = EncryptionUtil.decryptSharedKey(cipher, privateKey, sharedSecret);
+            loginKey = EncryptionUtil.decryptSharedKey(cipher, sharedSecret);
         } catch (GeneralSecurityException securityEx) {
             disconnect("error-kick", false, "Cannot decrypt received contents", securityEx);
             return;
@@ -107,24 +107,21 @@ public class VerifyResponseTask implements Runnable {
             InetAddress address = socketAddress.getAddress();
             Optional<Verification> response = resolver.hasJoined(username, serverId, address);
             if (response.isPresent()) {
-                Verification verification = response.get();
-                UUID id = verification.getId();
+                plugin.getLog().info("GameProfile {} has a verified premium account", username);
 
-                plugin.getLog().info("GameProfile {} with {} has a verified premium account", username, id);
-
-                Property[] properties = verification.getProperties();
+                SkinProperty[] properties = response.get().getProperties();
                 if (properties.length > 0) {
                     session.setSkinProperty(properties[0]);
                 }
 
-                session.setUuid(id);
+                session.setUuid(response.get().getId());
                 session.setVerified(true);
 
                 setPremiumUUID(session.getUuid());
                 receiveFakeStartPacket(username);
             } else {
                 //user tried to fake a authentication
-                disconnect(plugin.getCore().getMessage("invalid-session"), true
+                disconnect("invalid-session", true
                         , "GameProfile {0} ({1}) tried to log in with an invalid session ServerId: {2}"
                         , session.getUsername(), socketAddress, serverId);
             }
@@ -134,19 +131,7 @@ public class VerifyResponseTask implements Runnable {
     }
 
     private void setPremiumUUID(UUID premiumUUID) {
-        boolean uuidEnabled = plugin.getConfig().getBoolean("premiumUuid");
-        plugin.getLog().info("Setting UUID {} based on config: {}", premiumUUID, uuidEnabled);
-        try {
-            Object networkManager = getNetworkManager();
-            Field uuidField = FieldUtils.getField(networkManager.getClass(), "spoofedUUID");
-            Object oldValue = uuidField.get(player);
-
-            plugin.getLog().info("spoofed UUID field exits? {} with {}", uuidField, oldValue);
-        } catch (ReflectiveOperationException e) {
-            plugin.getLog().error("Failed to query field of {}", player);
-        }
-
-        if (uuidEnabled && premiumUUID != null) {
+        if (plugin.getConfig().getBoolean("premiumUuid") && premiumUUID != null) {
             try {
                 Object networkManager = getNetworkManager();
                 //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/NetworkManager.java#L69
@@ -164,9 +149,9 @@ public class VerifyResponseTask implements Runnable {
         byte[] responseVerify = packetEvent.getPacket().getByteArrays().read(1);
 
         //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/LoginListener.java#L182
-        if (!Arrays.equals(requestVerify, EncryptionUtil.decrypt(cipher, privateKey, responseVerify))) {
+        if (!Arrays.equals(requestVerify, EncryptionUtil.decrypt(cipher, responseVerify))) {
             //check if the verify token are equal to the server sent one
-            disconnect(plugin.getCore().getMessage("invalid-verify-token"), true
+            disconnect("invalid-verify-token", true
                     , "GameProfile {0} ({1}) tried to login with an invalid verify token. Server: {2} Client: {3}"
                     , session.getUsername(), packetEvent.getPlayer().getAddress(), requestVerify, responseVerify);
             return false;
@@ -205,14 +190,14 @@ public class VerifyResponseTask implements Runnable {
         return true;
     }
 
-    private void disconnect(String kickReason, boolean debug, String logMessage, Object... arguments) {
+    private void disconnect(String reasonKey, boolean debug, String logMessage, Object... arguments) {
         if (debug) {
             plugin.getLog().debug(logMessage, arguments);
         } else {
             plugin.getLog().error(logMessage, arguments);
         }
 
-        kickPlayer(plugin.getCore().getMessage(kickReason));
+        kickPlayer(plugin.getCore().getMessage(reasonKey));
     }
 
     private void kickPlayer(String reason) {

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocolsupport/ProtocolLoginSource.java

@@ -29,10 +29,6 @@ public class ProtocolLoginSource implements LoginSource {
         return loginStartEvent.getAddress();
     }
 
-    public PlayerLoginStartEvent getLoginStartEvent() {
-        return loginStartEvent;
-    }
-
     @Override
     public String toString() {
         return this.getClass().getSimpleName() + '{' +

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocolsupport/ProtocolSupportListener.java

@@ -1,19 +1,23 @@
 package com.github.games647.fastlogin.bukkit.listener.protocolsupport;
 
+import com.github.games647.craftapi.UUIDAdapter;
 import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.event.BukkitFastLoginPreLoginEvent;
 import com.github.games647.fastlogin.core.StoredProfile;
 import com.github.games647.fastlogin.core.shared.JoinManagement;
+import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent;
 
 import java.net.InetSocketAddress;
+import java.util.Optional;
 
 import org.bukkit.command.CommandSender;
 import org.bukkit.entity.Player;
 import org.bukkit.event.EventHandler;
 import org.bukkit.event.Listener;
 import protocolsupport.api.events.ConnectionCloseEvent;
-import protocolsupport.api.events.PlayerLoginFinishEvent;
 import protocolsupport.api.events.PlayerLoginStartEvent;
+import protocolsupport.api.events.PlayerProfileCompleteEvent;
 
 public class ProtocolSupportListener extends JoinManagement<Player, CommandSender, ProtocolLoginSource>
         implements Listener {
@@ -32,7 +36,7 @@ public class ProtocolSupportListener extends JoinManagement<Player, CommandSende
             return;
         }
 
-        String username = loginStartEvent.getName();
+        String username = loginStartEvent.getConnection().getProfile().getName();
         InetSocketAddress address = loginStartEvent.getAddress();
 
         //remove old data every time on a new login in order to keep the session only for one person
@@ -48,19 +52,28 @@ public class ProtocolSupportListener extends JoinManagement<Player, CommandSende
     }
 
     @EventHandler
-    public void onPropertiesResolve(PlayerLoginFinishEvent loginFinishEvent) {
-        if (!loginFinishEvent.isOnlineMode()) {
-            return;
-        }
-
-        InetSocketAddress address = loginFinishEvent.getAddress();
+    public void onPropertiesResolve(PlayerProfileCompleteEvent profileCompleteEvent) {
+        InetSocketAddress address = profileCompleteEvent.getAddress();
         BukkitLoginSession session = plugin.getLoginSessions().get(address.toString());
 
-        if (session != null) {
+        if (session != null && profileCompleteEvent.getConnection().getProfile().isOnlineMode()) {
             session.setVerified(true);
+
+            if (!plugin.getConfig().getBoolean("premiumUuid")) {
+                String username = Optional.ofNullable(profileCompleteEvent.getForcedName())
+                        .orElse(profileCompleteEvent.getConnection().getProfile().getName());
+                profileCompleteEvent.setForcedUUID(UUIDAdapter.generateOfflineId(username));
+            }
         }
     }
 
+    @Override
+    public FastLoginPreLoginEvent callFastLoginPreLoginEvent(String username, ProtocolLoginSource source, StoredProfile profile) {
+        BukkitFastLoginPreLoginEvent event = new BukkitFastLoginPreLoginEvent(username, source, profile);
+        plugin.getServer().getPluginManager().callEvent(event);
+        return event;
+    }
+
     @Override
     public void requestPremiumLogin(ProtocolLoginSource source, StoredProfile profile, String username
             , boolean registered) {
@@ -69,12 +82,16 @@ public class ProtocolSupportListener extends JoinManagement<Player, CommandSende
         String ip = source.getAddress().getAddress().getHostAddress();
         plugin.getCore().getPendingLogin().put(ip + username, new Object());
 
-        BukkitLoginSession playerSession = new BukkitLoginSession(username, null, null
-                , registered, profile);
+        BukkitLoginSession playerSession = new BukkitLoginSession(username, registered, profile);
+        plugin.getLoginSessions().put(source.getAddress().toString(), playerSession);
+    }
+
+    @Override
+    public void requestConfirmationLogin(ProtocolLoginSource source, StoredProfile profile, String username) {
+        source.setOnlineMode();
+
+        BukkitLoginSession playerSession = new BukkitLoginSession(username, profile);
         plugin.getLoginSessions().put(source.getAddress().toString(), playerSession);
-        if (plugin.getConfig().getBoolean("premiumUuid")) {
-            source.getLoginStartEvent().setUseOnlineModeUUID(true);
-        }
     }
 
     @Override

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/task/ForceLoginTask.java

@@ -2,7 +2,9 @@ package com.github.games647.fastlogin.bukkit.task;
 
 import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.event.BukkitFastLoginAutoLoginEvent;
 import com.github.games647.fastlogin.core.PremiumStatus;
+import com.github.games647.fastlogin.core.StoredProfile;
 import com.github.games647.fastlogin.core.message.SuccessMessage;
 import com.github.games647.fastlogin.core.shared.FastLoginCore;
 import com.github.games647.fastlogin.core.shared.ForceLoginManagement;
@@ -10,6 +12,7 @@ import com.github.games647.fastlogin.core.shared.LoginSession;
 
 import java.util.concurrent.ExecutionException;
 
+import com.github.games647.fastlogin.core.shared.event.FastLoginAutoLoginEvent;
 import org.bukkit.Bukkit;
 import org.bukkit.command.CommandSender;
 import org.bukkit.entity.Player;
@@ -35,11 +38,19 @@ public class ForceLoginTask extends ForceLoginManagement<Player, CommandSender,
 
         super.run();
 
+        PremiumStatus status = PremiumStatus.CRACKED;
         if (isOnlineMode()) {
-            plugin.getPremiumPlayers().put(player.getUniqueId(), PremiumStatus.PREMIUM);
-        } else {
-            plugin.getPremiumPlayers().put(player.getUniqueId(), PremiumStatus.CRACKED);
+            status = PremiumStatus.PREMIUM;
         }
+
+        plugin.getPremiumPlayers().put(player.getUniqueId(), status);
+    }
+
+    @Override
+    public FastLoginAutoLoginEvent callFastLoginAutoLoginEvent(LoginSession session, StoredProfile profile) {
+        BukkitFastLoginAutoLoginEvent event = new BukkitFastLoginAutoLoginEvent(session, profile);
+        core.getPlugin().getServer().getPluginManager().callEvent(event);
+        return event;
     }
 
     @Override
@@ -67,6 +78,10 @@ public class ForceLoginTask extends ForceLoginManagement<Player, CommandSender,
 
     @Override
     public boolean isOnlineMode() {
+        if (session == null) {
+            return false;
+        }
+
         return session.isVerified() && player.getName().equals(session.getUsername());
     }
 }

bukkit/src/main/resources/plugin.yml

@@ -11,14 +11,21 @@ description: |
 website: ${project.url}
 dev-url: ${project.url}
 
-# Load the plugin as early as possible to inject it for all players
-load: STARTUP
+# This plugin don't have to be transformed for compatibility with Minecraft >= 1.13
+api-version: '1.13'
 
 softdepend:
     # We depend either ProtocolLib or ProtocolSupport
     - ProtocolSupport
     - ProtocolLib
     - PlaceholderAPI
+    # Auth plugins
+    - AuthMe
+    - LoginSecurity
+    - xAuth
+    - LogIt
+    - UltraAuth
+    - CrazyLogin
 
 commands:
     ${project.parent.name}:

bungee/pom.xml

@@ -1,5 +1,5 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <parent>
@@ -21,7 +21,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-shade-plugin</artifactId>
-                <version>3.1.0</version>
+                <version>3.2.2</version>
                 <configuration>
                     <createDependencyReducedPom>false</createDependencyReducedPom>
                     <shadedArtifactAttached>false</shadedArtifactAttached>
@@ -56,14 +56,9 @@
     </build>
 
     <repositories>
-        <repository>
-            <id>vik1395-repo</id>
-            <url>https://vik1395.github.io/repo.vik1395.me/repositories</url>
-        </repository>
-
         <repository>
             <id>codemc-repo</id>
-            <url>https://repo.codemc.org/repository/maven-public/</url>
+            <url>https://repo.codemc.io/repository/maven-public/</url>
         </repository>
     </repositories>
 
@@ -79,7 +74,7 @@
         <dependency>
             <groupId>net.md-5</groupId>
             <artifactId>bungeecord-proxy</artifactId>
-            <version>1.12-SNAPSHOT</version>
+            <version>1.14-SNAPSHOT</version>
             <scope>provided</scope>
         </dependency>
 
@@ -88,13 +83,8 @@
             <groupId>me.vik1395</groupId>
             <artifactId>BungeeAuth</artifactId>
             <version>1.4</version>
-            <scope>provided</scope>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
+            <scope>system</scope>
+            <systemPath>${project.basedir}/lib/BungeeAuth-1.4.jar</systemPath>
         </dependency>
     </dependencies>
 </project>

bungee/src/main/java/com/github/games647/fastlogin/bungee/BungeeLoginSession.java

@@ -12,28 +12,33 @@ public class BungeeLoginSession extends LoginSession {
         super(username, registered, profile);
     }
 
-    public void setRegistered(boolean registered) {
+    public BungeeLoginSession(String username, StoredProfile profile) {
+        super(username, profile);
+    }
+
+    public synchronized void setRegistered(boolean registered) {
         this.registered = registered;
     }
 
-    public boolean isAlreadySaved() {
+    public synchronized boolean isAlreadySaved() {
         return alreadySaved;
     }
 
-    public void setAlreadySaved(boolean alreadySaved) {
+    public synchronized void setAlreadySaved(boolean alreadySaved) {
         this.alreadySaved = alreadySaved;
+        this.confirmationLogin = false;
     }
 
-    public boolean isAlreadyLogged() {
+    public synchronized boolean isAlreadyLogged() {
         return alreadyLogged;
     }
 
-    public void setAlreadyLogged(boolean alreadyLogged) {
+    public synchronized void setAlreadyLogged(boolean alreadyLogged) {
         this.alreadyLogged = alreadyLogged;
     }
 
     @Override
-    public String toString() {
+    public synchronized String toString() {
         return this.getClass().getSimpleName() + '{' +
                 "alreadySaved=" + alreadySaved +
                 ", alreadyLogged=" + alreadyLogged +

bungee/src/main/java/com/github/games647/fastlogin/bungee/BungeeLoginSource.java

@@ -4,15 +4,20 @@ import com.github.games647.fastlogin.core.shared.LoginSource;
 
 import java.net.InetSocketAddress;
 
+import net.md_5.bungee.api.ChatColor;
+import net.md_5.bungee.api.chat.ComponentBuilder;
 import net.md_5.bungee.api.chat.TextComponent;
 import net.md_5.bungee.api.connection.PendingConnection;
+import net.md_5.bungee.api.event.PreLoginEvent;
 
 public class BungeeLoginSource implements LoginSource {
 
     private final PendingConnection connection;
+    private final PreLoginEvent preLoginEvent;
 
-    public BungeeLoginSource(PendingConnection connection) {
+    public BungeeLoginSource(PendingConnection connection, PreLoginEvent preLoginEvent) {
         this.connection = connection;
+        this.preLoginEvent = preLoginEvent;
     }
 
     @Override
@@ -22,7 +27,12 @@ public class BungeeLoginSource implements LoginSource {
 
     @Override
     public void kick(String message) {
-        connection.disconnect(TextComponent.fromLegacyText(message));
+        preLoginEvent.setCancelled(true);
+
+        if (message != null)
+            preLoginEvent.setCancelReason(TextComponent.fromLegacyText(message));
+        else
+            preLoginEvent.setCancelReason(new ComponentBuilder("Kicked").color(ChatColor.WHITE).create());
     }
 
     @Override

bungee/src/main/java/com/github/games647/fastlogin/bungee/FastLoginBungee.java

@@ -2,9 +2,13 @@ package com.github.games647.fastlogin.bungee;
 
 import com.github.games647.fastlogin.bungee.hook.BungeeAuthHook;
 import com.github.games647.fastlogin.bungee.listener.ConnectListener;
-import com.github.games647.fastlogin.bungee.listener.MessageListener;
+import com.github.games647.fastlogin.bungee.listener.PluginMessageListener;
+import com.github.games647.fastlogin.core.AsyncScheduler;
 import com.github.games647.fastlogin.core.CommonUtil;
+import com.github.games647.fastlogin.core.message.ChangePremiumMessage;
 import com.github.games647.fastlogin.core.message.ChannelMessage;
+import com.github.games647.fastlogin.core.message.NamespaceKey;
+import com.github.games647.fastlogin.core.message.SuccessMessage;
 import com.github.games647.fastlogin.core.shared.FastLoginCore;
 import com.github.games647.fastlogin.core.shared.PlatformPlugin;
 import com.google.common.collect.MapMaker;
@@ -34,11 +38,13 @@ public class FastLoginBungee extends Plugin implements PlatformPlugin<CommandSen
     private final ConcurrentMap<PendingConnection, BungeeLoginSession> session = new MapMaker().weakKeys().makeMap();
 
     private FastLoginCore<ProxiedPlayer, CommandSender, FastLoginBungee> core;
+    private AsyncScheduler scheduler;
     private Logger logger;
 
     @Override
     public void onEnable() {
         logger = CommonUtil.createLoggerFromJDK(getLogger());
+        scheduler = new AsyncScheduler(logger, getThreadFactory());
 
         core = new FastLoginCore<>(this);
         core.load();
@@ -48,10 +54,11 @@ public class FastLoginBungee extends Plugin implements PlatformPlugin<CommandSen
 
         //events
         getProxy().getPluginManager().registerListener(this, new ConnectListener(this));
-        getProxy().getPluginManager().registerListener(this, new MessageListener(this));
+        getProxy().getPluginManager().registerListener(this, new PluginMessageListener(this));
 
-        //this is required to listen to messages from the server
-        getProxy().registerChannel(getName());
+        //this is required to listen to incoming messages from the server
+        getProxy().registerChannel(NamespaceKey.getCombined(getName(), ChangePremiumMessage.CHANGE_CHANNEL));
+        getProxy().registerChannel(NamespaceKey.getCombined(getName(), SuccessMessage.SUCCESS_CHANNEL));
 
         registerHook();
     }
@@ -82,10 +89,10 @@ public class FastLoginBungee extends Plugin implements PlatformPlugin<CommandSen
     public void sendPluginMessage(Server server, ChannelMessage message) {
         if (server != null) {
             ByteArrayDataOutput dataOutput = ByteStreams.newDataOutput();
-            dataOutput.writeUTF(message.getChannelName());
-
             message.writeTo(dataOutput);
-            server.sendData(core.getPlugin().getName(), dataOutput.toByteArray());
+
+            NamespaceKey channel = new NamespaceKey(getName(), message.getChannelName());
+            server.sendData(channel.getCombinedName(), dataOutput.toByteArray());
         }
     }
 
@@ -113,10 +120,15 @@ public class FastLoginBungee extends Plugin implements PlatformPlugin<CommandSen
     @SuppressWarnings("deprecation")
     public ThreadFactory getThreadFactory() {
         return new ThreadFactoryBuilder()
-                .setNameFormat(core.getPlugin().getName() + " Database Pool Thread #%1$d")
+                .setNameFormat(getName() + " Pool Thread #%1$d")
                 //Hikari create daemons by default
                 .setDaemon(true)
                 .setThreadFactory(new GroupedThreadFactory(this, getName()))
                 .build();
     }
+
+    @Override
+    public AsyncScheduler getScheduler() {
+        return scheduler;
+    }
 }

bungee/src/main/java/com/github/games647/fastlogin/bungee/event/BungeeFastLoginAutoLoginEvent.java

@@ -0,0 +1,39 @@
+package com.github.games647.fastlogin.bungee.event;
+
+import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.shared.LoginSession;
+import com.github.games647.fastlogin.core.shared.event.FastLoginAutoLoginEvent;
+import net.md_5.bungee.api.plugin.Cancellable;
+import net.md_5.bungee.api.plugin.Event;
+
+public class BungeeFastLoginAutoLoginEvent extends Event implements FastLoginAutoLoginEvent, Cancellable {
+
+    private final LoginSession session;
+    private final StoredProfile profile;
+    private boolean cancelled;
+
+    public BungeeFastLoginAutoLoginEvent(LoginSession session, StoredProfile profile) {
+        this.session = session;
+        this.profile = profile;
+    }
+
+    @Override
+    public LoginSession getSession() {
+        return session;
+    }
+
+    @Override
+    public StoredProfile getProfile() {
+        return profile;
+    }
+
+    @Override
+    public boolean isCancelled() {
+        return cancelled;
+    }
+
+    @Override
+    public void setCancelled(boolean cancelled) {
+        this.cancelled = cancelled;
+    }
+}

bungee/src/main/java/com/github/games647/fastlogin/bungee/event/BungeeFastLoginPreLoginEvent.java

@@ -0,0 +1,34 @@
+package com.github.games647.fastlogin.bungee.event;
+
+import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.shared.LoginSource;
+import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent;
+import net.md_5.bungee.api.plugin.Event;
+
+public class BungeeFastLoginPreLoginEvent extends Event implements FastLoginPreLoginEvent {
+
+    private final String username;
+    private final LoginSource source;
+    private final StoredProfile profile;
+
+    public BungeeFastLoginPreLoginEvent(String username, LoginSource source, StoredProfile profile) {
+        this.username = username;
+        this.source = source;
+        this.profile = profile;
+    }
+
+    @Override
+    public String getUsername() {
+        return username;
+    }
+
+    @Override
+    public LoginSource getSource() {
+        return source;
+    }
+
+    @Override
+    public StoredProfile getProfile() {
+        return profile;
+    }
+}

bungee/src/main/java/com/github/games647/fastlogin/bungee/listener/ConnectListener.java

@@ -4,13 +4,13 @@ import com.github.games647.craftapi.UUIDAdapter;
 import com.github.games647.fastlogin.bungee.FastLoginBungee;
 import com.github.games647.fastlogin.bungee.task.AsyncPremiumCheck;
 import com.github.games647.fastlogin.bungee.task.ForceLoginTask;
+import com.github.games647.fastlogin.core.ConfirmationState;
 import com.github.games647.fastlogin.core.StoredProfile;
 import com.github.games647.fastlogin.core.shared.LoginSession;
 
 import java.lang.reflect.Field;
 import java.util.UUID;
 
-import net.md_5.bungee.api.ProxyServer;
 import net.md_5.bungee.api.connection.PendingConnection;
 import net.md_5.bungee.api.connection.ProxiedPlayer;
 import net.md_5.bungee.api.connection.Server;
@@ -48,7 +48,7 @@ public class ConnectListener implements Listener {
 
         PendingConnection connection = preLoginEvent.getConnection();
         Runnable asyncPremiumCheck = new AsyncPremiumCheck(plugin, preLoginEvent, connection);
-        ProxyServer.getInstance().getScheduler().runAsync(plugin, asyncPremiumCheck);
+        plugin.getScheduler().runAsync(asyncPremiumCheck);
     }
 
     @EventHandler(priority = EventPriority.LOWEST)
@@ -101,13 +101,13 @@ public class ConnectListener implements Listener {
         Server server = serverConnectedEvent.getServer();
 
         Runnable loginTask = new ForceLoginTask(plugin.getCore(), player, server);
-        ProxyServer.getInstance().getScheduler().runAsync(plugin, loginTask);
+        plugin.getScheduler().runAsync(loginTask);
     }
 
     @EventHandler
     public void onDisconnect(PlayerDisconnectEvent disconnectEvent) {
         ProxiedPlayer player = disconnectEvent.getPlayer();
         plugin.getSession().remove(player.getPendingConnection());
-        plugin.getCore().getPendingConfirms().remove(player.getUniqueId());
+        plugin.getCore().getPendingConfirms().remove(player.getName(), ConfirmationState.REQUIRE_AUTH_PLUGIN_LOGIN);
     }
 }

bungee/src/main/java/com/github/games647/fastlogin/bungee/listener/PluginMessageListener.java

@@ -3,8 +3,11 @@ package com.github.games647.fastlogin.bungee.listener;
 import com.github.games647.fastlogin.bungee.BungeeLoginSession;
 import com.github.games647.fastlogin.bungee.FastLoginBungee;
 import com.github.games647.fastlogin.bungee.task.AsyncToggleMessage;
+import com.github.games647.fastlogin.core.ConfirmationState;
 import com.github.games647.fastlogin.core.StoredProfile;
 import com.github.games647.fastlogin.core.message.ChangePremiumMessage;
+import com.github.games647.fastlogin.core.message.NamespaceKey;
+import com.github.games647.fastlogin.core.message.SuccessMessage;
 import com.github.games647.fastlogin.core.shared.FastLoginCore;
 import com.google.common.io.ByteArrayDataInput;
 import com.google.common.io.ByteStreams;
@@ -12,26 +15,30 @@ import com.google.common.io.ByteStreams;
 import java.util.Arrays;
 
 import net.md_5.bungee.api.CommandSender;
-import net.md_5.bungee.api.ProxyServer;
-import net.md_5.bungee.api.chat.TextComponent;
 import net.md_5.bungee.api.connection.ProxiedPlayer;
 import net.md_5.bungee.api.connection.Server;
 import net.md_5.bungee.api.event.PluginMessageEvent;
 import net.md_5.bungee.api.plugin.Listener;
 import net.md_5.bungee.event.EventHandler;
 
-public class MessageListener implements Listener {
+public class PluginMessageListener implements Listener {
 
     private final FastLoginBungee plugin;
 
-    public MessageListener(FastLoginBungee plugin) {
+    private final String successChannel;
+    private final String changeChannel;
+
+    public PluginMessageListener(FastLoginBungee plugin) {
         this.plugin = plugin;
+
+        this.successChannel = new NamespaceKey(plugin.getName(), SuccessMessage.SUCCESS_CHANNEL).getCombinedName();
+        this.changeChannel = new NamespaceKey(plugin.getName(), ChangePremiumMessage.CHANGE_CHANNEL).getCombinedName();
     }
 
     @EventHandler
     public void onPluginMessage(PluginMessageEvent pluginMessageEvent) {
         String channel = pluginMessageEvent.getTag();
-        if (pluginMessageEvent.isCancelled() || !plugin.getName().equals(channel)) {
+        if (pluginMessageEvent.isCancelled() || !channel.startsWith(plugin.getName().toLowerCase())) {
             return;
         }
 
@@ -48,41 +55,57 @@ public class MessageListener implements Listener {
         byte[] data = Arrays.copyOf(pluginMessageEvent.getData(), pluginMessageEvent.getData().length);
         ProxiedPlayer forPlayer = (ProxiedPlayer) pluginMessageEvent.getReceiver();
 
-        ProxyServer.getInstance().getScheduler().runAsync(plugin, () -> readMessage(forPlayer, data));
+        plugin.getScheduler().runAsync(() -> readMessage(forPlayer, channel, data));
     }
 
-    private void readMessage(ProxiedPlayer forPlayer, byte[] data) {
-        FastLoginCore<ProxiedPlayer, CommandSender, FastLoginBungee> core = plugin.getCore();
-
+    private void readMessage(ProxiedPlayer fromPlayer, String channel, byte[] data) {
         ByteArrayDataInput dataInput = ByteStreams.newDataInput(data);
-        String subChannel = dataInput.readUTF();
-        if ("Success".equals(subChannel)) {
-            onSuccessMessage(forPlayer);
-        } else if ("ChangeStatus".equals(subChannel)) {
+        if (successChannel.equals(channel)) {
+            onSuccessMessage(fromPlayer);
+        } else if (changeChannel.equals(channel)) {
             ChangePremiumMessage changeMessage = new ChangePremiumMessage();
             changeMessage.readFrom(dataInput);
 
             String playerName = changeMessage.getPlayerName();
             boolean isSourceInvoker = changeMessage.isSourceInvoker();
-            if (changeMessage.shouldEnable()) {
-                if (playerName.equals(forPlayer.getName()) && plugin.getCore().getConfig().get("premium-warning", true)
-                        && !core.getPendingConfirms().contains(forPlayer.getUniqueId())) {
-                    String message = core.getMessage("premium-warning");
-                    forPlayer.sendMessage(TextComponent.fromLegacyText(message));
-                    core.getPendingConfirms().add(forPlayer.getUniqueId());
-                    return;
-                }
-
-                core.getPendingConfirms().remove(forPlayer.getUniqueId());
-                Runnable task = new AsyncToggleMessage(core, forPlayer, playerName, true, isSourceInvoker);
-                ProxyServer.getInstance().getScheduler().runAsync(plugin, task);
-            } else {
-                Runnable task = new AsyncToggleMessage(core, forPlayer, playerName, false, isSourceInvoker);
-                ProxyServer.getInstance().getScheduler().runAsync(plugin, task);
-            }
+            onChangeMessage(fromPlayer, changeMessage.shouldEnable(), playerName, isSourceInvoker);
         }
     }
 
+    private void onChangeMessage(ProxiedPlayer fromPlayer, boolean shouldEnable, String playerName, boolean isSourceInvoker) {
+        FastLoginCore<ProxiedPlayer, CommandSender, FastLoginBungee> core = plugin.getCore();
+        if (shouldEnable) {
+            if (!isSourceInvoker) {
+                // fromPlayer is not the target player
+                activePremiumLogin(fromPlayer, playerName, false);
+                return;
+            }
+
+            if (plugin.getCore().getConfig().getBoolean("premium-confirm", true)) {
+                ConfirmationState state = plugin.getCore().getPendingConfirms().get(playerName);
+                if (state == null) {
+                    // no pending confirmation
+                    core.sendLocaleMessage("premium-confirm", fromPlayer);
+                    core.getPendingConfirms().put(playerName, ConfirmationState.REQUIRE_RELOGIN);
+                } else if (state == ConfirmationState.REQUIRE_AUTH_PLUGIN_LOGIN) {
+                    // player logged in successful using premium authentication
+                    activePremiumLogin(fromPlayer, playerName, true);
+                }
+            } else {
+                activePremiumLogin(fromPlayer, playerName, true);
+            }
+        } else {
+            Runnable task = new AsyncToggleMessage(core, fromPlayer, playerName, false, isSourceInvoker);
+            plugin.getScheduler().runAsync(task);
+        }
+    }
+
+    private void activePremiumLogin(ProxiedPlayer fromPlayer, String playerName, boolean isSourceInvoker) {
+        plugin.getCore().getPendingConfirms().remove(playerName);
+        Runnable task = new AsyncToggleMessage(plugin.getCore(), fromPlayer, playerName, true, isSourceInvoker);
+        plugin.getScheduler().runAsync(task);
+    }
+
     private void onSuccessMessage(ProxiedPlayer forPlayer) {
         if (forPlayer.getPendingConnection().isOnlineMode()) {
             //bukkit module successfully received and force logged in the user
@@ -92,9 +115,12 @@ public class MessageListener implements Listener {
             loginSession.setRegistered(true);
 
             if (!loginSession.isAlreadySaved()) {
-                playerProfile.setPremium(true);
-                plugin.getCore().getStorage().save(playerProfile);
                 loginSession.setAlreadySaved(true);
+
+                playerProfile.setId(loginSession.getUuid());
+                playerProfile.setPremium(true);
+
+                plugin.getCore().getStorage().save(playerProfile);
             }
         }
     }

bungee/src/main/java/com/github/games647/fastlogin/bungee/task/AsyncPremiumCheck.java

@@ -3,24 +3,26 @@ package com.github.games647.fastlogin.bungee.task;
 import com.github.games647.fastlogin.bungee.BungeeLoginSession;
 import com.github.games647.fastlogin.bungee.BungeeLoginSource;
 import com.github.games647.fastlogin.bungee.FastLoginBungee;
+import com.github.games647.fastlogin.bungee.event.BungeeFastLoginPreLoginEvent;
 import com.github.games647.fastlogin.core.StoredProfile;
 import com.github.games647.fastlogin.core.shared.JoinManagement;
+import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent;
 
 import net.md_5.bungee.api.CommandSender;
 import net.md_5.bungee.api.connection.PendingConnection;
 import net.md_5.bungee.api.connection.ProxiedPlayer;
-import net.md_5.bungee.api.event.AsyncEvent;
+import net.md_5.bungee.api.event.PreLoginEvent;
 import net.md_5.bungee.connection.InitialHandler;
 
 public class AsyncPremiumCheck extends JoinManagement<ProxiedPlayer, CommandSender, BungeeLoginSource>
         implements Runnable {
 
     private final FastLoginBungee plugin;
-    private final AsyncEvent<?> preLoginEvent;
+    private final PreLoginEvent preLoginEvent;
 
     private final PendingConnection connection;
 
-    public AsyncPremiumCheck(FastLoginBungee plugin, AsyncEvent<?> preLoginEvent, PendingConnection connection) {
+    public AsyncPremiumCheck(FastLoginBungee plugin, PreLoginEvent preLoginEvent, PendingConnection connection) {
         super(plugin.getCore(), plugin.getCore().getAuthPluginHook());
 
         this.plugin = plugin;
@@ -35,12 +37,19 @@ public class AsyncPremiumCheck extends JoinManagement<ProxiedPlayer, CommandSend
         InitialHandler initialHandler = (InitialHandler) connection;
         String username = initialHandler.getLoginRequest().getData();
         try {
-            super.onLogin(username, new BungeeLoginSource(connection));
+            super.onLogin(username, new BungeeLoginSource(connection, preLoginEvent));
         } finally {
             preLoginEvent.completeIntent(plugin);
         }
     }
 
+    @Override
+    public FastLoginPreLoginEvent callFastLoginPreLoginEvent(String username, BungeeLoginSource source,
+                                                             StoredProfile profile) {
+        return plugin.getProxy().getPluginManager()
+                .callEvent(new BungeeFastLoginPreLoginEvent(username, source, profile));
+    }
+
     @Override
     public void requestPremiumLogin(BungeeLoginSource source, StoredProfile profile,
                                     String username, boolean registered) {
@@ -51,6 +60,12 @@ public class AsyncPremiumCheck extends JoinManagement<ProxiedPlayer, CommandSend
         plugin.getCore().getPendingLogin().put(ip + username, new Object());
     }
 
+    @Override
+    public void requestConfirmationLogin(BungeeLoginSource source, StoredProfile profile, String username) {
+        source.setOnlineMode();
+        plugin.getSession().put(source.getConnection(), new BungeeLoginSession(username, profile));
+    }
+
     @Override
     public void startCrackedSession(BungeeLoginSource source, StoredProfile profile, String username) {
         plugin.getSession().put(source.getConnection(), new BungeeLoginSession(username, false, profile));

bungee/src/main/java/com/github/games647/fastlogin/bungee/task/ForceLoginTask.java

@@ -2,6 +2,8 @@ package com.github.games647.fastlogin.bungee.task;
 
 import com.github.games647.fastlogin.bungee.BungeeLoginSession;
 import com.github.games647.fastlogin.bungee.FastLoginBungee;
+import com.github.games647.fastlogin.bungee.event.BungeeFastLoginAutoLoginEvent;
+import com.github.games647.fastlogin.core.StoredProfile;
 import com.github.games647.fastlogin.core.message.ChannelMessage;
 import com.github.games647.fastlogin.core.message.LoginActionMessage;
 import com.github.games647.fastlogin.core.message.LoginActionMessage.Type;
@@ -11,6 +13,7 @@ import com.github.games647.fastlogin.core.shared.LoginSession;
 
 import java.util.UUID;
 
+import com.github.games647.fastlogin.core.shared.event.FastLoginAutoLoginEvent;
 import net.md_5.bungee.api.CommandSender;
 import net.md_5.bungee.api.ProxyServer;
 import net.md_5.bungee.api.connection.ProxiedPlayer;
@@ -51,6 +54,12 @@ public class ForceLoginTask
         return super.forceLogin(player);
     }
 
+    @Override
+    public FastLoginAutoLoginEvent callFastLoginAutoLoginEvent(LoginSession session, StoredProfile profile) {
+        return core.getPlugin().getProxy().getPluginManager()
+                .callEvent(new BungeeFastLoginAutoLoginEvent(session, profile));
+    }
+
     @Override
     public boolean forceRegister(ProxiedPlayer player) {
         return session.isAlreadyLogged() || super.forceRegister(player);

core/pom.xml

@@ -1,5 +1,5 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <parent>
@@ -18,11 +18,13 @@
         <repository>
             <id>luck-repo</id>
             <url>https://ci.lucko.me/plugin/repository/everything</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
         </repository>
-
         <repository>
             <id>codemc-repo</id>
-            <url>https://repo.codemc.org/repository/maven-public/</url>
+            <url>https://repo.codemc.io/repository/maven-public/</url>
         </repository>
     </repositories>
 
@@ -33,21 +35,14 @@
         <dependency>
             <groupId>com.zaxxer</groupId>
             <artifactId>HikariCP</artifactId>
-            <version>3.0.0</version>
+            <version>3.4.2</version>
         </dependency>
 
         <!--Logging framework implements slf4j which is required by hikari-->
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-jdk14</artifactId>
-            <version>1.7.25</version>
-        </dependency>
-
-        <!--GSON is not at the right position for Minecraft 1.7-->
-        <dependency>
-            <groupId>com.google.code.gson</groupId>
-            <artifactId>gson</artifactId>
-            <version>2.2.4</version>
+            <version>1.7.30</version>
         </dependency>
 
         <!-- snakeyaml is present in Bungee, Spigot, Cauldron and so we could use this independent implementation -->
@@ -67,17 +62,21 @@
         <dependency>
             <groupId>com.github.games647</groupId>
             <artifactId>craftapi</artifactId>
-            <version>0.1.3-SNAPSHOT</version>
+            <version>0.4</version>
         </dependency>
 
-        <!-- APIs we can use because they are available in all platforms (Spigot, Bungee, Cauldron) -->
+        <!-- APIs we can use because they are available in all platforms (Spigot, Bungee) -->
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <!-- The Uranium project (fork of Cauldron) uses 17.0 like Spigot 1.8 as experimental feature -->
-            <!-- Project url: https://github.com/UraniumMC/Uranium -->
-            <version>10.0.1</version>
+            <version>17.0</version>
             <scope>provided</scope>
         </dependency>
+
+        <dependency>
+            <groupId>com.google.code.gson</groupId>
+            <artifactId>gson</artifactId>
+            <version>2.2.4</version>
+        </dependency>
     </dependencies>
 </project>

core/src/main/java/com/github/games647/fastlogin/core/AsyncScheduler.java

@@ -0,0 +1,69 @@
+package com.github.games647.fastlogin.core;
+
+import com.google.common.util.concurrent.MoreExecutors;
+
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.LinkedBlockingQueue;
+import java.util.concurrent.ThreadFactory;
+import java.util.concurrent.ThreadPoolExecutor;
+import java.util.concurrent.TimeUnit;
+
+import org.slf4j.Logger;
+
+/**
+ * This limits the number of threads that are used at maximum. Thread creation can be very heavy for the CPU and
+ * context switching between threads too. However we need many threads for blocking HTTP and database calls.
+ * Nevertheless this number can be further limited, because the number of actually working database threads
+ * is limited by the size of our database pool. The goal is to separate concerns into processing and blocking only
+ * threads.
+ */
+public class AsyncScheduler {
+
+    private static final int MAX_CAPACITY = 1024;
+
+    //todo: single thread for delaying and scheduling tasks
+    private final Logger logger;
+
+    // 30 threads are still too many - the optimal solution is to separate into processing and blocking threads
+    // where processing threads could only be max number of cores while blocking threads could be minimized using
+    // non-blocking I/O and a single event executor
+    private final ExecutorService processingPool;
+
+    /*
+    private final ExecutorService databaseExecutor = new ThreadPoolExecutor(1, 10,
+            0L, TimeUnit.MILLISECONDS,
+            new LinkedBlockingQueue<>(MAX_CAPACITY));
+     */
+
+    public AsyncScheduler(Logger logger, ThreadFactory threadFactory) {
+        this.logger = logger;
+        processingPool = new ThreadPoolExecutor(6, 32,
+                60L, TimeUnit.SECONDS,
+                new LinkedBlockingQueue<>(MAX_CAPACITY), threadFactory);
+    }
+
+    /*
+    public <R> CompletableFuture<R> runDatabaseTask(Supplier<R> databaseTask) {
+        return CompletableFuture.supplyAsync(databaseTask, databaseExecutor)
+                .exceptionally(error -> {
+                    logger.warn("Error occurred on thread pool", error);
+                    return null;
+                })
+                // change context to the processing pool
+                .thenApplyAsync(r -> r, processingPool);
+    }
+     */
+
+    public CompletableFuture<Void> runAsync(Runnable task) {
+        return CompletableFuture.runAsync(task, processingPool).exceptionally(error -> {
+            logger.warn("Error occurred on thread pool", error);
+            return null;
+        });
+    }
+
+    public void shutdown() {
+        MoreExecutors.shutdownAndAwaitTermination(processingPool, 1, TimeUnit.MINUTES);
+        //MoreExecutors.shutdownAndAwaitTermination(databaseExecutor, 1, TimeUnit.MINUTES);
+    }
+}

core/src/main/java/com/github/games647/fastlogin/core/AuthStorage.java

@@ -22,40 +22,34 @@ public class AuthStorage {
 
     private static final String PREMIUM_TABLE = "premium";
 
-    private static final String LOAD_BY_NAME = "SELECT * FROM " + PREMIUM_TABLE + " WHERE Name=? LIMIT 1";
-    private static final String LOAD_BY_UUID = "SELECT * FROM " + PREMIUM_TABLE + " WHERE UUID=? LIMIT 1";
-    private static final String INSERT_PROFILE = "INSERT INTO " + PREMIUM_TABLE + " (UUID, Name, Premium, LastIp) "
-            + "VALUES (?, ?, ?, ?) ";
-    private static final String UPDATE_PROFILE = "UPDATE " + PREMIUM_TABLE
-            + " SET UUID=?, Name=?, Premium=?, LastIp=?, LastLogin=CURRENT_TIMESTAMP WHERE UserID=?";
+    private static final String LOAD_BY_NAME = "SELECT * FROM `" + PREMIUM_TABLE + "` WHERE `Name`=? LIMIT 1";
+    private static final String LOAD_BY_UUID = "SELECT * FROM `" + PREMIUM_TABLE + "` WHERE `UUID`=? LIMIT 1";
+    private static final String INSERT_PROFILE = "INSERT INTO `" + PREMIUM_TABLE
+            + "` (`UUID`, `Name`, `Premium`, `LastIp`) " + "VALUES (?, ?, ?, ?) ";
+    // limit not necessary here, because it's unique
+    private static final String UPDATE_PROFILE = "UPDATE `" + PREMIUM_TABLE
+            + "` SET `UUID`=?, `Name`=?, `Premium`=?, `LastIp`=?, `LastLogin`=CURRENT_TIMESTAMP WHERE `UserID`=?";
 
     private final FastLoginCore<?, ?, ?> core;
     private final HikariDataSource dataSource;
 
-    public AuthStorage(FastLoginCore<?, ?, ?> core, String driver, String host, int port, String databasePath
-            , String user, String pass, boolean useSSL) {
+    public AuthStorage(FastLoginCore<?, ?, ?> core, String host, int port, String databasePath,
+                       HikariConfig config, boolean useSSL) {
         this.core = core;
-
-        HikariConfig config = new HikariConfig();
         config.setPoolName(core.getPlugin().getName());
 
-        config.setUsername(user);
-        config.setPassword(pass);
-        config.setDriverClassName(driver);
-
         //a try to fix https://www.spigotmc.org/threads/fastlogin.101192/page-26#post-1874647
         Properties properties = new Properties();
         properties.setProperty("date_string_format", "yyyy-MM-dd HH:mm:ss");
         properties.setProperty("useSSL", String.valueOf(useSSL));
         config.setDataSourceProperties(properties);
-
         ThreadFactory platformThreadFactory = core.getPlugin().getThreadFactory();
         if (platformThreadFactory != null) {
             config.setThreadFactory(platformThreadFactory);
         }
 
         String jdbcUrl = "jdbc:";
-        if (driver.contains("sqlite")) {
+        if (config.getDriverClassName().contains("sqlite")) {
             String pluginFolder = core.getPlugin().getPluginFolder().toAbsolutePath().toString();
             databasePath = databasePath.replace("{pluginDir}", pluginFolder);
 
@@ -64,6 +58,13 @@ public class AuthStorage {
             config.setMaximumPoolSize(1);
         } else {
             jdbcUrl += "mysql://" + host + ':' + port + '/' + databasePath;
+            // enable MySQL specific optimizations
+            // default prepStmtCacheSize 25 - amount of cached statements - enough for us
+            // default prepStmtCacheSqlLimit 256 - length of SQL - our queries are not longer
+            // disabled by default - will return the same prepared statement instance
+            config.addDataSourceProperty("cachePrepStmts", true);
+            // default false - available in newer versions caches the statements server-side
+            config.addDataSourceProperty("useServerPrepStmts", true);
         }
 
         config.setJdbcUrl(jdbcUrl);
@@ -71,23 +72,27 @@ public class AuthStorage {
     }
 
     public void createTables() throws SQLException {
+        // choose surrogate PK(ID), because UUID can be null for offline players
+        // if UUID is always Premium UUID we would have to update offline player entries on insert
+        // name cannot be PK, because it can be changed for premium players
+        String createDataStmt = "CREATE TABLE IF NOT EXISTS `" + PREMIUM_TABLE + "` ("
+                + "`UserID` INTEGER PRIMARY KEY AUTO_INCREMENT, "
+                + "`UUID` CHAR(36), "
+                + "`Name` VARCHAR(16) NOT NULL, "
+                + "`Premium` BOOLEAN NOT NULL, "
+                + "`LastIp` VARCHAR(255) NOT NULL, "
+                + "`LastLogin` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, "
+                //the premium shouldn't steal the cracked account by changing the name
+                + "UNIQUE (`Name`) "
+                + ')';
+
+        if (dataSource.getJdbcUrl().contains("sqlite")) {
+            createDataStmt = createDataStmt.replace("AUTO_INCREMENT", "AUTOINCREMENT");
+        }
+
+        //todo: add unique uuid index usage
         try (Connection con = dataSource.getConnection();
              Statement createStmt = con.createStatement()) {
-            String createDataStmt = "CREATE TABLE IF NOT EXISTS " + PREMIUM_TABLE + " ("
-                    + "UserID INTEGER PRIMARY KEY AUTO_INCREMENT, "
-                    + "UUID CHAR(36), "
-                    + "Name VARCHAR(16) NOT NULL, "
-                    + "Premium BOOLEAN NOT NULL, "
-                    + "LastIp VARCHAR(255) NOT NULL, "
-                    + "LastLogin TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, "
-                    //the premium shouldn't steal the cracked account by changing the name
-                    + "UNIQUE (Name) "
-                    + ')';
-
-            if (dataSource.getJdbcUrl().contains("sqlite")) {
-                createDataStmt = createDataStmt.replace("AUTO_INCREMENT", "AUTOINCREMENT");
-            }
-
             createStmt.executeUpdate(createDataStmt);
         }
     }

core/src/main/java/com/github/games647/fastlogin/core/ConfirmationState.java

@@ -0,0 +1,15 @@
+package com.github.games647.fastlogin.core;
+
+public enum ConfirmationState {
+
+    /**
+     * Require server login where we request onlinemode authentication
+     */
+    REQUIRE_RELOGIN,
+
+    /**
+     * The command have to be invoked again to confirm that the player who joined through onlinemode knows
+     * the password of the cracked account
+     */
+    REQUIRE_AUTH_PLUGIN_LOGIN
+}

core/src/main/java/com/github/games647/fastlogin/core/StoredProfile.java

@@ -6,8 +6,6 @@ import java.time.Instant;
 import java.util.Optional;
 import java.util.UUID;
 
-import javax.annotation.Nullable;
-
 public class StoredProfile extends Profile {
 
     private long rowId;
@@ -45,7 +43,7 @@ public class StoredProfile extends Profile {
         this.rowId = generatedId;
     }
 
-    @Nullable
+    // can be null
     public synchronized UUID getId() {
         return id;
     }

core/src/main/java/com/github/games647/fastlogin/core/message/ChangePremiumMessage.java

@@ -5,6 +5,8 @@ import com.google.common.io.ByteArrayDataOutput;
 
 public class ChangePremiumMessage implements ChannelMessage {
 
+    public static final String CHANGE_CHANNEL = "ch-st";
+
     private String playerName;
     private boolean willEnable;
     private boolean isSourceInvoker;
@@ -27,13 +29,16 @@ public class ChangePremiumMessage implements ChannelMessage {
         return willEnable;
     }
 
+    /**
+     * @return true if the player invoker = target
+     */
     public boolean isSourceInvoker() {
         return isSourceInvoker;
     }
 
     @Override
     public String getChannelName() {
-        return "ChangeStatus";
+        return CHANGE_CHANNEL;
     }
 
     @Override

core/src/main/java/com/github/games647/fastlogin/core/message/LoginActionMessage.java

@@ -7,6 +7,8 @@ import java.util.UUID;
 
 public class LoginActionMessage implements ChannelMessage {
 
+    public static final String FORCE_CHANNEL = "force";
+
     private Type type;
 
     private String playerName;
@@ -60,7 +62,7 @@ public class LoginActionMessage implements ChannelMessage {
 
     @Override
     public String getChannelName() {
-        return "LoginAction";
+        return FORCE_CHANNEL;
     }
 
     @Override

core/src/main/java/com/github/games647/fastlogin/core/message/NamespaceKey.java

@@ -0,0 +1,26 @@
+package com.github.games647.fastlogin.core.message;
+
+public class NamespaceKey {
+
+    private static final char SEPARATOR_CHAR = ':';
+
+    private final String namespace;
+    private final String key;
+
+    private final String combined;
+
+    public NamespaceKey(String namespace, String key) {
+        this.namespace = namespace.toLowerCase();
+        this.key = key.toLowerCase();
+
+        this.combined = this.namespace + SEPARATOR_CHAR + this.key;
+    }
+
+    public String getCombinedName()  {
+        return combined;
+    }
+
+    public static String getCombined(String namespace, String key) {
+        return new NamespaceKey(namespace, key).combined;
+    }
+}

core/src/main/java/com/github/games647/fastlogin/core/message/SuccessMessage.java

@@ -5,9 +5,11 @@ import com.google.common.io.ByteArrayDataOutput;
 
 public class SuccessMessage implements ChannelMessage {
 
+    public static final String SUCCESS_CHANNEL = "succ";
+
     @Override
     public String getChannelName() {
-        return "Success";
+        return SUCCESS_CHANNEL;
     }
 
     @Override

core/src/main/java/com/github/games647/fastlogin/core/shared/FastLoginCore.java

@@ -4,10 +4,12 @@ import com.github.games647.craftapi.resolver.MojangResolver;
 import com.github.games647.craftapi.resolver.http.RotatingProxySelector;
 import com.github.games647.fastlogin.core.AuthStorage;
 import com.github.games647.fastlogin.core.CommonUtil;
+import com.github.games647.fastlogin.core.ConfirmationState;
 import com.github.games647.fastlogin.core.hooks.AuthPlugin;
 import com.github.games647.fastlogin.core.hooks.DefaultPasswordGenerator;
 import com.github.games647.fastlogin.core.hooks.PasswordGenerator;
 import com.google.common.net.HostAndPort;
+import com.zaxxer.hikari.HikariConfig;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -23,7 +25,6 @@ import java.util.Collection;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
-import java.util.UUID;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 
@@ -46,7 +47,7 @@ public class FastLoginCore<P extends C, C, T extends PlatformPlugin<C>> {
 
     private final Map<String, String> localeMessages = new ConcurrentHashMap<>();
     private final ConcurrentMap<String, Object> pendingLogin = CommonUtil.buildCache(5, -1);
-    private final Collection<UUID> pendingConfirms = new HashSet<>();
+    private final ConcurrentMap<String, ConfirmationState> pendingConfirms = CommonUtil.buildCache(1, 1024);
     private final T plugin;
 
     private final MojangResolver resolver = new MojangResolver();
@@ -141,7 +142,7 @@ public class FastLoginCore<P extends C, C, T extends PlatformPlugin<C>> {
     public void sendLocaleMessage(String key, C receiver) {
         String message = localeMessages.get(key);
         if (message != null) {
-            plugin.sendMessage(receiver, message);
+            plugin.sendMultiLineMessage(receiver, message);
         }
     }
 
@@ -150,8 +151,9 @@ public class FastLoginCore<P extends C, C, T extends PlatformPlugin<C>> {
     }
 
     public boolean setupDatabase() {
-        String driver = config.getString("driver");
-        if (!checkDriver(driver)) {
+        HikariConfig databaseConfig = new HikariConfig();
+        databaseConfig.setDriverClassName(config.getString("driver"));
+        if (!checkDriver(databaseConfig.getDriverClassName())) {
             return false;
         }
 
@@ -159,12 +161,15 @@ public class FastLoginCore<P extends C, C, T extends PlatformPlugin<C>> {
         int port = config.get("port", 3306);
         String database = config.getString("database");
 
-        String user = config.get("username", "");
-        String password = config.get("password", "");
-
         boolean useSSL = config.get("useSSL", false);
 
-        storage = new AuthStorage(this, driver, host, port, database, user, password, useSSL);
+        databaseConfig.setUsername(config.get("username", ""));
+        databaseConfig.setPassword(config.getString("password"));
+
+        databaseConfig.setConnectionTimeout(config.getInt("timeout", 30) * 1_000L);
+        databaseConfig.setMaxLifetime(config.getInt("lifetime", 30) * 1_000L);
+
+        storage = new AuthStorage(this, host, port, database, databaseConfig, useSSL);
         try {
             storage.createTables();
             return true;
@@ -187,7 +192,6 @@ public class FastLoginCore<P extends C, C, T extends PlatformPlugin<C>> {
         return false;
     }
 
-
     public Configuration getConfig() {
         return config;
     }
@@ -200,11 +204,18 @@ public class FastLoginCore<P extends C, C, T extends PlatformPlugin<C>> {
         this.passwordGenerator = passwordGenerator;
     }
 
+    /**
+     * @return list of player names that are currently during the login process and might fail and so could be used
+     * for second attempt logins
+     */
     public ConcurrentMap<String, Object> getPendingLogin() {
         return pendingLogin;
     }
 
-    public Collection<UUID> getPendingConfirms() {
+    /**
+     * @return list of player names that request onlinemode authentication but are not yet approved
+     */
+    public ConcurrentMap<String, ConfirmationState> getPendingConfirms() {
         return pendingConfirms;
     }
 
@@ -236,6 +247,9 @@ public class FastLoginCore<P extends C, C, T extends PlatformPlugin<C>> {
     }
 
     public void close() {
+        plugin.getLog().info("Safely shutting down scheduler. This could take up to one minute.");
+        plugin.getScheduler().shutdown();
+
         if (storage != null) {
             storage.close();
         }

core/src/main/java/com/github/games647/fastlogin/core/shared/ForceLoginManagement.java

@@ -3,6 +3,7 @@ package com.github.games647.fastlogin.core.shared;
 import com.github.games647.fastlogin.core.AuthStorage;
 import com.github.games647.fastlogin.core.StoredProfile;
 import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+import com.github.games647.fastlogin.core.shared.event.FastLoginAutoLoginEvent;
 
 public abstract class ForceLoginManagement<P extends C, C, L extends LoginSession, T extends PlatformPlugin<C>>
         implements Runnable {
@@ -27,10 +28,16 @@ public abstract class ForceLoginManagement<P extends C, C, L extends LoginSessio
         StoredProfile playerProfile = session.getProfile();
         try {
             if (isOnlineMode()) {
+                if (session.isConfirmationPending()) {
+                    // do not perform force actions, because this confirmation login we have to verify that it's the
+                    // owner of the account
+                    return;
+                }
+
                 //premium player
                 AuthPlugin<P> authPlugin = core.getAuthPluginHook();
                 if (authPlugin == null) {
-                    //maybe only bungeecord plugin
+                    //maybe only bungeecord plugin without any auth plugins on Bungee
                     onForceActionSuccess(session);
                 } else {
                     boolean success = true;
@@ -40,7 +47,7 @@ public abstract class ForceLoginManagement<P extends C, C, L extends LoginSessio
                                 || (core.getConfig().get("auto-register-unknown", false)
                                 && !authPlugin.isRegistered(playerName))) {
                             success = forceRegister(player);
-                        } else {
+                        } else if (!callFastLoginAutoLoginEvent(session, playerProfile).isCancelled()) {
                             success = forceLogin(player);
                         }
                     }
@@ -93,6 +100,8 @@ public abstract class ForceLoginManagement<P extends C, C, L extends LoginSessio
         return success;
     }
 
+    public abstract FastLoginAutoLoginEvent callFastLoginAutoLoginEvent(LoginSession session, StoredProfile profile);
+
     public abstract void onForceActionSuccess(LoginSession session);
 
     public abstract String getName(P player);

core/src/main/java/com/github/games647/fastlogin/core/shared/JoinManagement.java

@@ -2,8 +2,10 @@ package com.github.games647.fastlogin.core.shared;
 
 import com.github.games647.craftapi.model.Profile;
 import com.github.games647.craftapi.resolver.RateLimitException;
+import com.github.games647.fastlogin.core.ConfirmationState;
 import com.github.games647.fastlogin.core.StoredProfile;
 import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent;
 
 import java.util.Optional;
 
@@ -25,6 +27,8 @@ public abstract class JoinManagement<P extends C, C, S extends LoginSource> {
             return;
         }
 
+        callFastLoginPreLoginEvent(username, source, profile);
+
         Configuration config = core.getConfig();
 
         String ip = source.getAddress().getAddress().getHostAddress();
@@ -34,7 +38,14 @@ public abstract class JoinManagement<P extends C, C, S extends LoginSource> {
                 if (profile.isPremium()) {
                     requestPremiumLogin(source, profile, username, true);
                 } else {
-                    startCrackedSession(source, profile, username);
+                    ConfirmationState confirmationState = core.getPendingConfirms().get(username);
+                    if (confirmationState == ConfirmationState.REQUIRE_RELOGIN) {
+                        core.getPendingConfirms().put(username, ConfirmationState.REQUIRE_AUTH_PLUGIN_LOGIN);
+                        requestPremiumLogin(source, profile, username, true);
+                    } else {
+                        // cracked player, but wants to change to premium
+                        startCrackedSession(source, profile, username);
+                    }
                 }
             } else {
                 if (core.getPendingLogin().remove(ip + username) != null && config.get("secondAttemptCracked", false)) {
@@ -101,7 +112,11 @@ public abstract class JoinManagement<P extends C, C, S extends LoginSource> {
         return false;
     }
 
+    public abstract FastLoginPreLoginEvent callFastLoginPreLoginEvent(String username, S source, StoredProfile profile);
+
     public abstract void requestPremiumLogin(S source, StoredProfile profile, String username, boolean registered);
 
+    public abstract void requestConfirmationLogin(S source, StoredProfile profile, String username);
+
     public abstract void startCrackedSession(S source, StoredProfile profile, String username);
 }

core/src/main/java/com/github/games647/fastlogin/core/shared/LoginSession.java

@@ -13,12 +13,19 @@ public abstract class LoginSession {
 
     protected boolean registered;
 
+    protected boolean confirmationLogin;
+
     public LoginSession(String username, boolean registered, StoredProfile profile) {
         this.username = username;
         this.registered = registered;
         this.profile = profile;
     }
 
+    public LoginSession(String username, StoredProfile profile) {
+        this(username, true, profile);
+        this.confirmationLogin = true;
+    }
+
     public String getUsername() {
         return username;
     }
@@ -54,6 +61,10 @@ public abstract class LoginSession {
         this.uuid = uuid;
     }
 
+    public synchronized boolean isConfirmationPending() {
+        return confirmationLogin;
+    }
+
     @Override
     public synchronized String toString() {
         return this.getClass().getSimpleName() + '{' +

core/src/main/java/com/github/games647/fastlogin/core/shared/PlatformPlugin.java

@@ -1,5 +1,8 @@
 package com.github.games647.fastlogin.core.shared;
 
+import com.github.games647.fastlogin.core.AsyncScheduler;
+import com.google.common.util.concurrent.ThreadFactoryBuilder;
+
 import java.nio.file.Path;
 import java.util.concurrent.ThreadFactory;
 
@@ -15,7 +18,20 @@ public interface PlatformPlugin<C> {
 
     void sendMessage(C receiver, String message);
 
+    AsyncScheduler getScheduler();
+
+    default void sendMultiLineMessage(C receiver, String message) {
+        for (String line : message.split("%nl%")) {
+            sendMessage(receiver, line);
+        }
+    }
+
     default ThreadFactory getThreadFactory() {
-        return null;
+        return new ThreadFactoryBuilder()
+                .setNameFormat(getName() + " Pool Thread #%1$d")
+                // Hikari create daemons by default and we could daemon threads for our own scheduler too
+                // because we safely shutdown
+                .setDaemon(true)
+                .build();
     }
 }

core/src/main/java/com/github/games647/fastlogin/core/shared/event/FastLoginAutoLoginEvent.java

@@ -0,0 +1,9 @@
+package com.github.games647.fastlogin.core.shared.event;
+
+import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.shared.LoginSession;
+
+public interface FastLoginAutoLoginEvent extends FastLoginCancellableEvent {
+    LoginSession getSession();
+    StoredProfile getProfile();
+}

core/src/main/java/com/github/games647/fastlogin/core/shared/event/FastLoginCancellableEvent.java

@@ -0,0 +1,7 @@
+package com.github.games647.fastlogin.core.shared.event;
+
+public interface FastLoginCancellableEvent {
+
+    boolean isCancelled();
+    void setCancelled(boolean cancelled);
+}

core/src/main/java/com/github/games647/fastlogin/core/shared/event/FastLoginPreLoginEvent.java

@@ -0,0 +1,11 @@
+package com.github.games647.fastlogin.core.shared.event;
+
+import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.shared.LoginSource;
+
+public interface FastLoginPreLoginEvent {
+
+    String getUsername();
+    LoginSource getSource();
+    StoredProfile getProfile();
+}

core/src/main/resources/config.yml

@@ -115,11 +115,11 @@ nameChangeCheck: false
 # ChangeSkin, SkinRestorer, ...
 forwardSkin: true
 
-# Displays a warning message that this message SHOULD only be invoked by
-# users who actually are the owner of this account. So not by cracked players
-#
-# If they still want to invoke the command, they have to invoke /premium again
-premium-warning: true
+# Players have to rejoin to verify that they can join through onlinemode authentication.
+# After that they have to confirm again using the /premium command that they are also the owner of the auth plugin
+# account.
+# If the onlinemode authentication fails or the player waits to long, it will fallback to offlinemode authentication.
+premium-confirm: true
 
 # If you have autoRegister or nameChangeCheck enabled, you could be rate-limited by Mojang.
 # The requests of the both options will be only made by FastLogin if the username is unknown to the server
@@ -161,18 +161,22 @@ autoLogin: true
 # Recommended is the use of MariaDB (a better version of MySQL)
 
 # Single file SQLite database
-driver: org.sqlite.JDBC
+driver: 'org.sqlite.JDBC'
 # File location
 database: '{pluginDir}/FastLogin.db'
 
 # MySQL/MariaDB
 # If you want to enable it uncomment only the lines below this not this line.
-#driver: com.mysql.jdbc.Driver
-#host: 127.0.0.1
+#driver: 'com.mysql.jdbc.Driver'
+#host: '127.0.0.1'
 #port: 3306
-#database: fastlogin
-#username: myUser
-#password: myPassword
+#database: 'fastlogin'
+#username: 'myUser'
+#password: 'myPassword'
+
+# Advanced Connection Pool settings in seconds
+#timeout: 30
+#lifetime: 30
 
 # It's strongly recommended to enable SSL and setup a SSL certificate if the MySQL server isn't running on the same
 # machine

core/src/main/resources/messages.yml

@@ -89,9 +89,9 @@ invalid-requst: '&4Invalid request'
 # Message if the Bukkit isn't fully started to inject the packets
 not-started: '&cServer is not fully started yet. Please retry'
 
-# Warning message if a user invoked /premium command
-premium-warning: '&c&lWARNING: &6This command should &lonly&6 be invoked if you are the owner of this paid Minecraft account
-Type &a/premium&6 again to confirm'
+# Premium confirmation message if the player tries to activate the command
+premium-confirm: '&6Please relogin and type the command again to apply the changes.
+If the request fails or you wait to long, it will fallback to offlinemode.'
 
 # ========= Bungee/Waterfall only ================================
 

pom.xml

@@ -1,5 +1,5 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <groupId>com.github.games647</groupId>
@@ -21,8 +21,9 @@
         <!-- Set default for non-git clones -->
         <git.commit.id>Unknown</git.commit.id>
 
-        <maven.compiler.source>1.8</maven.compiler.source>
-        <maven.compiler.target>1.8</maven.compiler.target>
+        <java.version>1.8</java.version>
+        <maven.compiler.source>${java.version}</maven.compiler.source>
+        <maven.compiler.target>${java.version}</maven.compiler.target>
     </properties>
 
     <modules>
@@ -35,11 +36,11 @@
     <distributionManagement>
         <snapshotRepository>
             <id>codemc-snapshots</id>
-            <url>https://repo.codemc.org/repository/maven-snapshots/</url>
+            <url>https://repo.codemc.io/repository/maven-snapshots/</url>
         </snapshotRepository>
         <repository>
             <id>codemc-releases</id>
-            <url>https://repo.codemc.org/repository/maven-releases/</url>
+            <url>https://repo.codemc.io/repository/maven-releases/</url>
         </repository>
     </distributionManagement>
 
@@ -51,7 +52,7 @@
             <plugin>
                 <groupId>pl.project13.maven</groupId>
                 <artifactId>git-commit-id-plugin</artifactId>
-                <version>2.2.4</version>
+                <version>4.0.0</version>
                 <configuration>
                     <failOnNoGitDirectory>false</failOnNoGitDirectory>
                 </configuration>