ergo/irc/accounts.go

// Copyright (c) 2016-2017 Daniel Oaks <daniel@danieloaks.net>
// released under the MIT license

package irc

import (
	"encoding/json"
	"errors"
	"fmt"
	"strconv"
	"time"

	"github.com/goshuirc/irc-go/ircfmt"
	"github.com/oragono/oragono/irc/caps"
	"github.com/oragono/oragono/irc/sno"
	"github.com/tidwall/buntdb"
)

const (
	keyAccountExists      = "account.exists %s"
	keyAccountVerified    = "account.verified %s"
	keyAccountName        = "account.name %s" // stores the 'preferred name' of the account, not casemapped
	keyAccountRegTime     = "account.registered.time %s"
	keyAccountCredentials = "account.credentials %s"
	keyCertToAccount      = "account.creds.certfp %s"
)

var (
	// EnabledSaslMechanisms contains the SASL mechanisms that exist and that we support.
	// This can be moved to some other data structure/place if we need to load/unload mechs later.
	EnabledSaslMechanisms = map[string]func(*Server, *Client, string, []byte) bool{
		"PLAIN":    authPlainHandler,
		"EXTERNAL": authExternalHandler,
	}

	// NoAccount is a placeholder which means that the user is not logged into an account.
	NoAccount = ClientAccount{
		Name: "*", // * is used until actual account name is set
	}

	// generic sasl fail error
	errSaslFail = errors.New("SASL failed")
)

// ClientAccount represents a user account.
type ClientAccount struct {
	// Name of the account.
	Name string
	// RegisteredAt represents the time that the account was registered.
	RegisteredAt time.Time
	// Clients that are currently logged into this account (useful for notifications).
	Clients []*Client
}

// loadAccountCredentials loads an account's credentials from the store.
func loadAccountCredentials(tx *buntdb.Tx, accountKey string) (*AccountCredentials, error) {
	credText, err := tx.Get(fmt.Sprintf(keyAccountCredentials, accountKey))
	if err != nil {
		return nil, err
	}

	var creds AccountCredentials
	err = json.Unmarshal([]byte(credText), &creds)
	if err != nil {
		return nil, err
	}

	return &creds, nil
}

// loadAccount loads an account from the store, note that the account must actually exist.
func loadAccount(server *Server, tx *buntdb.Tx, accountKey string) *ClientAccount {
	name, _ := tx.Get(fmt.Sprintf(keyAccountName, accountKey))
	regTime, _ := tx.Get(fmt.Sprintf(keyAccountRegTime, accountKey))
	regTimeInt, _ := strconv.ParseInt(regTime, 10, 64)
	accountInfo := ClientAccount{
		Name:         name,
		RegisteredAt: time.Unix(regTimeInt, 0),
		Clients:      []*Client{},
	}
	server.accounts[accountKey] = &accountInfo

	return &accountInfo
}

// LoginToAccount logs the client into the given account.
func (client *Client) LoginToAccount(account *ClientAccount) {
	if client.account == account {
		// already logged into this acct, no changing necessary
		return
	} else if client.LoggedIntoAccount() {
		// logout of existing acct
		var newClientAccounts []*Client
		for _, c := range account.Clients {
			if c != client {
				newClientAccounts = append(newClientAccounts, c)
			}
		}
		account.Clients = newClientAccounts
	}

	account.Clients = append(account.Clients, client)
	client.account = account
	client.server.snomasks.Send(sno.LocalAccounts, fmt.Sprintf(ircfmt.Unescape("Client $c[grey][$r%s$c[grey]] logged into account $c[grey][$r%s$c[grey]]"), client.nickMaskString, account.Name))

	//TODO(dan): This should output the AccountNotify message instead of the sasl accepted function below.
}

// LogoutOfAccount logs the client out of their current account.
func (client *Client) LogoutOfAccount() {
	account := client.account
	if account == nil {
		// already logged out
		return
	}

	// logout of existing acct
	var newClientAccounts []*Client
	for _, c := range account.Clients {
		if c != client {
			newClientAccounts = append(newClientAccounts, c)
		}
	}
	account.Clients = newClientAccounts

	client.account = nil

	// dispatch account-notify
	for friend := range client.Friends(caps.AccountNotify) {
		friend.Send(nil, client.nickMaskString, "ACCOUNT", "*")
	}
}

// successfulSaslAuth means that a SASL auth attempt completed successfully, and is used to dispatch messages.
func (client *Client) successfulSaslAuth() {
	client.Send(nil, client.server.name, RPL_LOGGEDIN, client.nick, client.nickMaskString, client.account.Name, fmt.Sprintf("You are now logged in as %s", client.account.Name))
	client.Send(nil, client.server.name, RPL_SASLSUCCESS, client.nick, client.t("SASL authentication successful"))

	// dispatch account-notify
	for friend := range client.Friends(caps.AccountNotify) {
		friend.Send(nil, client.nickMaskString, "ACCOUNT", client.account.Name)
	}
}
Fix dates at top of source files 2017-03-27 14:15:02 +02:00			`// Copyright (c) 2016-2017 Daniel Oaks <daniel@danieloaks.net>`
accounts: Add very initial, extremely broken account work (not including config changes) 2016-09-04 11:25:33 +02:00			`// released under the MIT license`

			`package irc`

accounts: Add initial SASL handler, still need to write mechanism handlers 2016-09-06 08:31:59 +02:00			`import (`
accounts: Add SASL PLAIN handler 2016-09-07 12:46:01 +02:00			`"encoding/json"`
			`"errors"`
			`"fmt"`
			`"strconv"`
accounts: Add initial SASL handler, still need to write mechanism handlers 2016-09-06 08:31:59 +02:00			`"time"`

Rename deps 2017-06-15 18:14:19 +02:00			`"github.com/goshuirc/irc-go/ircfmt"`
Move caps to their own package to prevent conflicts 2017-09-29 04:07:52 +02:00			`"github.com/oragono/oragono/irc/caps"`
Move to new repo 2017-06-14 20:00:53 +02:00			`"github.com/oragono/oragono/irc/sno"`
accounts: Add SASL PLAIN handler 2016-09-07 12:46:01 +02:00			`"github.com/tidwall/buntdb"`
accounts: Add initial SASL handler, still need to write mechanism handlers 2016-09-06 08:31:59 +02:00			`)`
accounts: Add very initial, extremely broken account work (not including config changes) 2016-09-04 11:25:33 +02:00
Add very initial ChanServ and NickServ virtual clients As well, add channel registration and re-applying founder privs on the first client joining the channel. I'm going to re-architect our modes system to better acocunt for this sort of change. 2017-03-11 13:01:40 +01:00			`const (`
			`keyAccountExists = "account.exists %s"`
			`keyAccountVerified = "account.verified %s"`
			`keyAccountName = "account.name %s" // stores the 'preferred name' of the account, not casemapped`
			`keyAccountRegTime = "account.registered.time %s"`
			`keyAccountCredentials = "account.credentials %s"`
			`keyCertToAccount = "account.creds.certfp %s"`
			`)`

accounts: Very roughly introduce account type 2016-09-05 14:35:13 +02:00			`var (`
accounts: Add initial SASL handler, still need to write mechanism handlers 2016-09-06 08:31:59 +02:00			`// EnabledSaslMechanisms contains the SASL mechanisms that exist and that we support.`
			`// This can be moved to some other data structure/place if we need to load/unload mechs later.`
			`EnabledSaslMechanisms = map[string]func(Server, Client, string, []byte) bool{`
			`"PLAIN": authPlainHandler,`
			`"EXTERNAL": authExternalHandler,`
			`}`

			`// NoAccount is a placeholder which means that the user is not logged into an account.`
accounts: Very roughly introduce account type 2016-09-05 14:35:13 +02:00			`NoAccount = ClientAccount{`
			`Name: "", // is used until actual account name is set`
			`}`
accounts: Add SASL PLAIN handler 2016-09-07 12:46:01 +02:00
			`// generic sasl fail error`
			`errSaslFail = errors.New("SASL failed")`
accounts: Very roughly introduce account type 2016-09-05 14:35:13 +02:00			`)`

			`// ClientAccount represents a user account.`
			`type ClientAccount struct {`
accounts: Add very initial, extremely broken account work (not including config changes) 2016-09-04 11:25:33 +02:00			`// Name of the account.`
			`Name string`
			`// RegisteredAt represents the time that the account was registered.`
			`RegisteredAt time.Time`
			`// Clients that are currently logged into this account (useful for notifications).`
registration: Hook up reg to actual accounts 2016-09-05 14:54:09 +02:00			`Clients []*Client`
accounts: Add very initial, extremely broken account work (not including config changes) 2016-09-04 11:25:33 +02:00			`}`
accounts: Add initial SASL handler, still need to write mechanism handlers 2016-09-06 08:31:59 +02:00
accounts: Add SASL EXTERNAL handler 2016-09-07 13:32:58 +02:00			`// loadAccountCredentials loads an account's credentials from the store.`
			`func loadAccountCredentials(tx buntdb.Tx, accountKey string) (AccountCredentials, error) {`
			`credText, err := tx.Get(fmt.Sprintf(keyAccountCredentials, accountKey))`
			`if err != nil {`
			`return nil, err`
			`}`

			`var creds AccountCredentials`
			`err = json.Unmarshal([]byte(credText), &creds)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return &creds, nil`
			`}`

			`// loadAccount loads an account from the store, note that the account must actually exist.`
			`func loadAccount(server Server, tx buntdb.Tx, accountKey string) *ClientAccount {`
			`name, _ := tx.Get(fmt.Sprintf(keyAccountName, accountKey))`
			`regTime, _ := tx.Get(fmt.Sprintf(keyAccountRegTime, accountKey))`
			`regTimeInt, _ := strconv.ParseInt(regTime, 10, 64)`
			`accountInfo := ClientAccount{`
			`Name: name,`
			`RegisteredAt: time.Unix(regTimeInt, 0),`
			`Clients: []*Client{},`
			`}`
			`server.accounts[accountKey] = &accountInfo`

			`return &accountInfo`
			`}`

accounts: Login to accounts properly Avoids letting clients login to two accounts at once 2017-03-08 12:50:12 +01:00			`// LoginToAccount logs the client into the given account.`
			`func (client Client) LoginToAccount(account ClientAccount) {`
			`if client.account == account {`
			`// already logged into this acct, no changing necessary`
			`return`
accounts: Check for account logins correctly, fixes registration. Also fix a typo, thanks squigz! 2017-09-28 07:49:01 +02:00			`} else if client.LoggedIntoAccount() {`
accounts: Login to accounts properly Avoids letting clients login to two accounts at once 2017-03-08 12:50:12 +01:00			`// logout of existing acct`
			`var newClientAccounts []*Client`
			`for _, c := range account.Clients {`
			`if c != client {`
			`newClientAccounts = append(newClientAccounts, c)`
			`}`
			`}`
			`account.Clients = newClientAccounts`
			`}`

			`account.Clients = append(account.Clients, client)`
			`client.account = account`
Send a whole lot more snomasks 2017-05-28 20:43:09 +02:00			`client.server.snomasks.Send(sno.LocalAccounts, fmt.Sprintf(ircfmt.Unescape("Client $c[grey][$r%s$c[grey]] logged into account $c[grey][$r%s$c[grey]]"), client.nickMaskString, account.Name))`
Allow multiple account registrations for testing 2017-09-11 01:16:13 +02:00
			`//TODO(dan): This should output the AccountNotify message instead of the sasl accepted function below.`
			`}`

			`// LogoutOfAccount logs the client out of their current account.`
			`func (client *Client) LogoutOfAccount() {`
			`account := client.account`
			`if account == nil {`
			`// already logged out`
			`return`
			`}`

			`// logout of existing acct`
			`var newClientAccounts []*Client`
			`for _, c := range account.Clients {`
			`if c != client {`
			`newClientAccounts = append(newClientAccounts, c)`
			`}`
			`}`
			`account.Clients = newClientAccounts`

			`client.account = nil`

			`// dispatch account-notify`
Move caps to their own package to prevent conflicts 2017-09-29 04:07:52 +02:00			`for friend := range client.Friends(caps.AccountNotify) {`
Allow multiple account registrations for testing 2017-09-11 01:16:13 +02:00			`friend.Send(nil, client.nickMaskString, "ACCOUNT", "*")`
			`}`
accounts: Login to accounts properly Avoids letting clients login to two accounts at once 2017-03-08 12:50:12 +01:00			`}`

accounts: Support account-notify capability 2016-10-13 10:18:00 +02:00			`// successfulSaslAuth means that a SASL auth attempt completed successfully, and is used to dispatch messages.`
Fix lots of nits 2017-04-16 03:31:33 +02:00			`func (client *Client) successfulSaslAuth() {`
			`client.Send(nil, client.server.name, RPL_LOGGEDIN, client.nick, client.nickMaskString, client.account.Name, fmt.Sprintf("You are now logged in as %s", client.account.Name))`
Make like every client-facing string translatable 2018-01-22 12:26:01 +01:00			`client.Send(nil, client.server.name, RPL_SASLSUCCESS, client.nick, client.t("SASL authentication successful"))`
accounts: Support account-notify capability 2016-10-13 10:18:00 +02:00
			`// dispatch account-notify`
Move caps to their own package to prevent conflicts 2017-09-29 04:07:52 +02:00			`for friend := range client.Friends(caps.AccountNotify) {`
Fix lots of nits 2017-04-16 03:31:33 +02:00			`friend.Send(nil, client.nickMaskString, "ACCOUNT", client.account.Name)`
accounts: Support account-notify capability 2016-10-13 10:18:00 +02:00			`}`
			`}`