From 117401f2937a701d28fdaee5c9f162b3a9f38739 Mon Sep 17 00:00:00 2001
From: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Date: Tue, 3 Aug 2021 11:47:00 -0400
Subject: [PATCH] fix SCRAM not supporting client IDs

reported by @Mikaela
---
 irc/accounts.go |  5 +++++
 irc/handlers.go | 15 +++++++++++----
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/irc/accounts.go b/irc/accounts.go
index 72442dca..969ef57b 100644
--- a/irc/accounts.go
+++ b/irc/accounts.go
@@ -2008,6 +2008,11 @@ func (am *AccountManager) NewScramConversation() *scram.ServerConversation {
 }
 
 func (am *AccountManager) lookupSCRAMCreds(accountName string) (creds scram.StoredCredentials, err error) {
+	// strip client ID if present:
+	if strudelIndex := strings.IndexByte(accountName, '@'); strudelIndex != -1 {
+		accountName = accountName[:strudelIndex]
+	}
+
 	acct, err := am.LoadAccount(accountName)
 	if err != nil {
 		return
diff --git a/irc/handlers.go b/irc/handlers.go
index 95935bf3..7a269647 100644
--- a/irc/handlers.go
+++ b/irc/handlers.go
@@ -354,20 +354,27 @@ func authScramHandler(server *Server, client *Client, session *Session, value []
 	if session.sasl.scramConv.Done() {
 		continueAuth = false
 		if session.sasl.scramConv.Valid() {
-			accountName := session.sasl.scramConv.Username()
+			authcid := session.sasl.scramConv.Username()
+			if strudelIndex := strings.IndexByte(authcid, '@'); strudelIndex != -1 {
+				var deviceID string
+				authcid, deviceID = authcid[:strudelIndex], authcid[strudelIndex+1:]
+				if !client.registered {
+					rb.session.deviceID = deviceID
+				}
+			}
 			authzid := session.sasl.scramConv.AuthzID()
-			if authzid != "" && authzid != accountName {
+			if authzid != "" && authzid != authcid {
 				rb.Add(nil, server.name, ERR_SASLFAIL, client.nick, client.t("SASL authentication failed: authcid and authzid should be the same"))
 				return false
 			}
-			account, err := server.accounts.LoadAccount(accountName)
+			account, err := server.accounts.LoadAccount(authcid)
 			if err == nil {
 				server.accounts.Login(client, account)
 				if fixupNickEqualsAccount(client, rb, server.Config(), "") {
 					sendSuccessfulAccountAuth(nil, client, rb, true)
 				}
 			} else {
-				server.logger.Error("internal", "SCRAM succeeded but couldn't load account", accountName, err.Error())
+				server.logger.Error("internal", "SCRAM succeeded but couldn't load account", authcid, err.Error())
 				rb.Add(nil, server.name, ERR_SASLFAIL, client.nick, client.t("SASL authentication failed"))
 			}
 		} else {