3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-12-23 03:02:48 +01:00

Initial ACC update to match the new spec

This commit is contained in:
Daniel Oaks 2019-04-08 10:40:19 +10:00
parent c5dd87a64d
commit 4df71df454
7 changed files with 283 additions and 247 deletions

View File

@ -15,6 +15,12 @@ from collections import namedtuple
CapDef = namedtuple("CapDef", ['identifier', 'name', 'url', 'standard']) CapDef = namedtuple("CapDef", ['identifier', 'name', 'url', 'standard'])
CAPDEFS = [ CAPDEFS = [
CapDef(
identifier="Acc",
name="draft/acc",
url="https://github.com/ircv3/ircv3-specifications/pull/276",
standard="proposed IRCv3",
),
CapDef( CapDef(
identifier="AccountNotify", identifier="AccountNotify",
name="account-notify", name="account-notify",

View File

@ -7,12 +7,16 @@ package caps
const ( const (
// number of recognized capabilities: // number of recognized capabilities:
numCapabs = 21 numCapabs = 22
// length of the uint64 array that represents the bitset: // length of the uint64 array that represents the bitset:
bitsetLen = 1 bitsetLen = 1
) )
const ( const (
// Acc is the proposed IRCv3 capability named "draft/acc":
// https://github.com/ircv3/ircv3-specifications/pull/276
Acc Capability = iota
// AccountNotify is the IRCv3 capability named "account-notify": // AccountNotify is the IRCv3 capability named "account-notify":
// https://ircv3.net/specs/extensions/account-notify-3.1.html // https://ircv3.net/specs/extensions/account-notify-3.1.html
AccountNotify Capability = iota AccountNotify Capability = iota
@ -101,6 +105,7 @@ const (
// `capabilityNames[capab]` is the string name of the capability `capab` // `capabilityNames[capab]` is the string name of the capability `capab`
var ( var (
capabilityNames = [numCapabs]string{ capabilityNames = [numCapabs]string{
"draft/acc",
"account-notify", "account-notify",
"account-tag", "account-tag",
"away-notify", "away-notify",

View File

@ -72,7 +72,8 @@ func init() {
Commands = map[string]Command{ Commands = map[string]Command{
"ACC": { "ACC": {
handler: accHandler, handler: accHandler,
minParams: 3, usablePreReg: true,
minParams: 1,
}, },
"AMBIANCE": { "AMBIANCE": {
handler: sceneHandler, handler: sceneHandler,

View File

@ -31,15 +31,41 @@ import (
"golang.org/x/crypto/bcrypt" "golang.org/x/crypto/bcrypt"
) )
// ACC [REGISTER|VERIFY] ... // ACC [LS|REGISTER|VERIFY] ...
func accHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *ResponseBuffer) bool { func accHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *ResponseBuffer) bool {
// make sure reg is enabled subcommand := strings.ToLower(msg.Params[0])
if !server.AccountConfig().Registration.Enabled {
rb.Add(nil, server.name, ERR_REG_UNSPECIFIED_ERROR, client.nick, "*", client.t("Account registration is disabled")) if subcommand == "ls" {
config := server.Config().Accounts
rb.Add(nil, server.name, "ACC", "LS", "SUBCOMMANDS", "LS REGISTER VERIFY")
var enabledCallbacks []string
for _, name := range config.Registration.EnabledCallbacks {
enabledCallbacks = append(enabledCallbacks, name)
}
sort.Strings(enabledCallbacks)
rb.Add(nil, server.name, "ACC", "LS", "CALLBACKS", strings.Join(enabledCallbacks, " "))
rb.Add(nil, server.name, "ACC", "LS", "CREDTYPES", "passphrase certfp")
if config.NickReservation.Enabled {
rb.Add(nil, server.name, "ACC", "LS", "FLAGS", "regnick")
}
return false return false
} }
subcommand := strings.ToLower(msg.Params[0]) // disallow account stuff before connection registration has completed, for now
if !client.Registered() {
client.Send(nil, server.name, ERR_NOTREGISTERED, "*", client.t("You need to register before you can use that command"))
return false
}
// make sure reg is enabled
if !server.AccountConfig().Registration.Enabled {
rb.Add(nil, server.name, "FAIL", "ACC", "REG_UNAVAILABLE", client.t("Account registration is disabled"))
return false
}
if subcommand == "register" { if subcommand == "register" {
return accRegisterHandler(server, client, msg, rb) return accRegisterHandler(server, client, msg, rb)
@ -61,7 +87,7 @@ func parseCallback(spec string, config *AccountConfig) (callbackNamespace string
callbackValues := strings.SplitN(callback, ":", 2) callbackValues := strings.SplitN(callback, ":", 2)
callbackNamespace, callbackValue = callbackValues[0], callbackValues[1] callbackNamespace, callbackValue = callbackValues[0], callbackValues[1]
} else { } else {
// "the IRC server MAY choose to use mailto as a default" // "If a callback namespace is not ... provided, the IRC server MUST use mailto""
callbackNamespace = "mailto" callbackNamespace = "mailto"
callbackValue = callback callbackValue = callback
} }
@ -81,31 +107,43 @@ func parseCallback(spec string, config *AccountConfig) (callbackNamespace string
// ACC REGISTER <accountname> [callback_namespace:]<callback> [cred_type] :<credential> // ACC REGISTER <accountname> [callback_namespace:]<callback> [cred_type] :<credential>
func accRegisterHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *ResponseBuffer) bool { func accRegisterHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *ResponseBuffer) bool {
nick := client.Nick() nick := client.Nick()
// clients can't reg new accounts if they're already logged in
if client.LoggedIntoAccount() {
rb.Add(nil, server.name, ERR_REG_UNSPECIFIED_ERROR, nick, "*", client.t("You're already logged into an account"))
return false
}
// get and sanitise account name
account := strings.TrimSpace(msg.Params[1])
casefoldedAccount, err := CasefoldName(account)
// probably don't need explicit check for "*" here... but let's do it anyway just to make sure
if err != nil || msg.Params[1] == "*" {
rb.Add(nil, server.name, ERR_REG_UNSPECIFIED_ERROR, nick, account, client.t("Account name is not valid"))
return false
}
if len(msg.Params) < 4 { if len(msg.Params) < 4 {
rb.Add(nil, server.name, ERR_NEEDMOREPARAMS, nick, msg.Command, client.t("Not enough parameters")) rb.Add(nil, server.name, ERR_NEEDMOREPARAMS, nick, msg.Command, client.t("Not enough parameters"))
return false return false
} }
account := strings.TrimSpace(msg.Params[1])
// check for account name of *
if account == "*" {
account = nick
} else {
if server.Config().Accounts.NickReservation.Enabled {
rb.Add(nil, server.name, "FAIL", "ACC", "REG_MUST_USE_REGNICK", account, client.t("Must register with current nickname instead of separate account name"))
return false
}
}
// clients can't reg new accounts if they're already logged in
if client.LoggedIntoAccount() {
rb.Add(nil, server.name, "FAIL", "ACC", "REG_UNSPECIFIED_ERROR", account, client.t("You're already logged into an account"))
return false
}
// sanitise account name
casefoldedAccount, err := CasefoldName(account)
// probably don't need explicit check for "*" here... but let's do it anyway just to make sure
if err != nil || msg.Params[1] == "*" {
rb.Add(nil, server.name, "FAIL", "ACC", "REG_INVALID_ACCOUNT_NAME", account, client.t("Account name is not valid"))
return false
}
callbackSpec := msg.Params[2] callbackSpec := msg.Params[2]
callbackNamespace, callbackValue := parseCallback(callbackSpec, server.AccountConfig()) callbackNamespace, callbackValue := parseCallback(callbackSpec, server.AccountConfig())
if callbackNamespace == "" { if callbackNamespace == "" {
rb.Add(nil, server.name, ERR_REG_INVALID_CALLBACK, nick, account, callbackSpec, client.t("Callback namespace is not supported")) rb.Add(nil, server.name, "FAIL", "ACC", "REG_INVALID_CALLBACK", account, callbackSpec, client.t("Cannot send verification code there"))
return false return false
} }
@ -129,12 +167,12 @@ func accRegisterHandler(server *Server, client *Client, msg ircmsg.IrcMessage, r
} }
} }
if credentialType == "certfp" && client.certfp == "" { if credentialType == "certfp" && client.certfp == "" {
rb.Add(nil, server.name, ERR_REG_INVALID_CRED_TYPE, nick, credentialType, callbackNamespace, client.t("You are not using a TLS certificate")) rb.Add(nil, server.name, "FAIL", "ACC", "REG_INVALID_CRED_TYPE", account, credentialType, client.t("You are not using a TLS certificate"))
return false return false
} }
if !credentialValid { if !credentialValid {
rb.Add(nil, server.name, ERR_REG_INVALID_CRED_TYPE, nick, credentialType, callbackNamespace, client.t("Credential type is not supported")) rb.Add(nil, server.name, "FAIL", "ACC", "REG_INVALID_CRED_TYPE", account, credentialType, client.t("Credential type is not supported"))
return false return false
} }
@ -147,14 +185,14 @@ func accRegisterHandler(server *Server, client *Client, msg ircmsg.IrcMessage, r
throttled, remainingTime := client.loginThrottle.Touch() throttled, remainingTime := client.loginThrottle.Touch()
if throttled { if throttled {
rb.Add(nil, server.name, ERR_REG_UNSPECIFIED_ERROR, nick, fmt.Sprintf(client.t("Please wait at least %v and try again"), remainingTime)) rb.Add(nil, server.name, "FAIL", "ACC", "REG_UNSPECIFIED_ERROR", account, fmt.Sprintf(client.t("Please wait at least %v and try again"), remainingTime))
return false return false
} }
err = server.accounts.Register(client, account, callbackNamespace, callbackValue, passphrase, certfp) err = server.accounts.Register(client, account, callbackNamespace, callbackValue, passphrase, certfp)
if err != nil { if err != nil {
msg, code := registrationErrorToMessageAndCode(err) msg := registrationErrorToMessageAndCode(err)
rb.Add(nil, server.name, code, nick, "ACC", "REGISTER", client.t(msg)) rb.Add(nil, server.name, "FAIL", "ACC", "REG_UNSPECIFIED_ERROR", account, client.t(msg))
return false return false
} }
@ -174,15 +212,13 @@ func accRegisterHandler(server *Server, client *Client, msg ircmsg.IrcMessage, r
return false return false
} }
func registrationErrorToMessageAndCode(err error) (message, numeric string) { func registrationErrorToMessageAndCode(err error) (message string) {
// default responses: let's be risk-averse about displaying internal errors // default responses: let's be risk-averse about displaying internal errors
// to the clients, especially for something as sensitive as accounts // to the clients, especially for something as sensitive as accounts
message = `Could not register` message = `Could not register`
numeric = ERR_UNKNOWNERROR
switch err { switch err {
case errAccountAlreadyRegistered, errAccountAlreadyVerified: case errAccountAlreadyRegistered, errAccountAlreadyVerified:
message = err.Error() message = err.Error()
numeric = ERR_ACCOUNT_ALREADY_EXISTS
case errAccountCreation, errAccountMustHoldNick, errAccountBadPassphrase, errCertfpAlreadyExists, errFeatureDisabled: case errAccountCreation, errAccountMustHoldNick, errAccountBadPassphrase, errCertfpAlreadyExists, errFeatureDisabled:
message = err.Error() message = err.Error()
} }
@ -194,21 +230,24 @@ func sendSuccessfulRegResponse(client *Client, rb *ResponseBuffer, forNS bool) {
if forNS { if forNS {
rb.Notice(client.t("Account created")) rb.Notice(client.t("Account created"))
} else { } else {
rb.Add(nil, client.server.name, RPL_REGISTRATION_SUCCESS, client.nick, client.AccountName(), client.t("Account created")) rb.Add(nil, client.server.name, RPL_REG_SUCCESS, client.nick, client.AccountName(), client.t("Account created"))
} }
sendSuccessfulSaslAuth(client, rb, forNS) sendSuccessfulAccountAuth(client, rb, forNS, false)
} }
// sendSuccessfulSaslAuth means that a SASL auth attempt completed successfully, and is used to dispatch messages. // sendSuccessfulAccountAuth means that an account auth attempt completed successfully, and is used to dispatch messages.
func sendSuccessfulSaslAuth(client *Client, rb *ResponseBuffer, forNS bool) { func sendSuccessfulAccountAuth(client *Client, rb *ResponseBuffer, forNS, forSASL bool) {
details := client.Details() details := client.Details()
if forNS { if forNS {
rb.Notice(fmt.Sprintf(client.t("You're now logged in as %s"), details.accountName)) rb.Notice(fmt.Sprintf(client.t("You're now logged in as %s"), details.accountName))
} else { } else {
//TODO(dan): some servers send this numeric even for NickServ logins iirc? to confirm and maybe do too
rb.Add(nil, client.server.name, RPL_LOGGEDIN, details.nick, details.nickMask, details.accountName, fmt.Sprintf(client.t("You are now logged in as %s"), details.accountName)) rb.Add(nil, client.server.name, RPL_LOGGEDIN, details.nick, details.nickMask, details.accountName, fmt.Sprintf(client.t("You are now logged in as %s"), details.accountName))
if forSASL {
rb.Add(nil, client.server.name, RPL_SASLSUCCESS, details.nick, client.t("Authentication successful")) rb.Add(nil, client.server.name, RPL_SASLSUCCESS, details.nick, client.t("Authentication successful"))
} }
}
// dispatch account-notify // dispatch account-notify
for friend := range client.Friends(caps.AccountNotify) { for friend := range client.Friends(caps.AccountNotify) {
@ -223,26 +262,33 @@ func sendSuccessfulSaslAuth(client *Client, rb *ResponseBuffer, forNS bool) {
// ACC VERIFY <accountname> <auth_code> // ACC VERIFY <accountname> <auth_code>
func accVerifyHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *ResponseBuffer) bool { func accVerifyHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *ResponseBuffer) bool {
account := strings.TrimSpace(msg.Params[1]) account := strings.TrimSpace(msg.Params[1])
if len(msg.Params) < 3 {
rb.Add(nil, server.name, ERR_NEEDMOREPARAMS, client.Nick(), msg.Command, client.t("Not enough parameters"))
return false
}
err := server.accounts.Verify(client, account, msg.Params[2]) err := server.accounts.Verify(client, account, msg.Params[2])
var code string var code string
var message string var message string
if err == errAccountVerificationInvalidCode { if err == errAccountVerificationInvalidCode {
code = ERR_ACCOUNT_INVALID_VERIFY_CODE code = "ACCOUNT_INVALID_VERIFY_CODE"
message = err.Error() message = err.Error()
} else if err == errAccountAlreadyVerified { } else if err == errAccountAlreadyVerified {
code = ERR_ACCOUNT_ALREADY_VERIFIED code = "ACCOUNT_ALREADY_VERIFIED"
message = err.Error() message = err.Error()
} else if err != nil { } else if err != nil {
code = ERR_UNKNOWNERROR code = "VERIFY_UNSPECIFIED_ERROR"
message = errAccountVerificationFailed.Error() message = errAccountVerificationFailed.Error()
} }
if err == nil { if err == nil {
sendSuccessfulRegResponse(client, rb, false) rb.Add(nil, server.name, RPL_VERIFY_SUCCESS, client.Nick(), account, client.t("Account verification successful"))
sendSuccessfulAccountAuth(client, rb, false, false)
} else { } else {
rb.Add(nil, server.name, code, client.Nick(), account, client.t(message)) rb.Add(nil, server.name, "FAIL", "ACC", code, account, client.t(message))
} }
return false return false
@ -373,7 +419,7 @@ func authPlainHandler(server *Server, client *Client, mechanism string, value []
return false return false
} }
sendSuccessfulSaslAuth(client, rb, false) sendSuccessfulAccountAuth(client, rb, false, true)
return false return false
} }
@ -401,7 +447,7 @@ func authExternalHandler(server *Server, client *Client, mechanism string, value
return false return false
} }
sendSuccessfulSaslAuth(client, rb, false) sendSuccessfulAccountAuth(client, rb, false, true)
return false return false
} }

View File

@ -295,7 +295,7 @@ func nsIdentifyHandler(server *Server, client *Client, command string, params []
} }
if loginSuccessful { if loginSuccessful {
sendSuccessfulSaslAuth(client, rb, true) sendSuccessfulAccountAuth(client, rb, true, true)
} else { } else {
nsNotice(rb, client.t("Could not login with your TLS certificate or supplied username/password")) nsNotice(rb, client.t("Could not login with your TLS certificate or supplied username/password"))
} }
@ -407,8 +407,7 @@ func nsRegisterHandler(server *Server, client *Client, command string, params []
// details could not be stored and relevant numerics have been dispatched, abort // details could not be stored and relevant numerics have been dispatched, abort
if err != nil { if err != nil {
errMsg, _ := registrationErrorToMessageAndCode(err) nsNotice(rb, client.t(registrationErrorToMessageAndCode(err)))
nsNotice(rb, errMsg)
return return
} }
} }

View File

@ -186,15 +186,9 @@ const (
ERR_SASLABORTED = "906" ERR_SASLABORTED = "906"
ERR_SASLALREADY = "907" ERR_SASLALREADY = "907"
RPL_SASLMECHS = "908" RPL_SASLMECHS = "908"
RPL_REGISTRATION_SUCCESS = "920" RPL_REG_SUCCESS = "920"
ERR_ACCOUNT_ALREADY_EXISTS = "921" RPL_VERIFY_SUCCESS = "923"
ERR_REG_UNSPECIFIED_ERROR = "922"
RPL_VERIFYSUCCESS = "923"
ERR_ACCOUNT_ALREADY_VERIFIED = "924"
ERR_ACCOUNT_INVALID_VERIFY_CODE = "925"
RPL_REG_VERIFICATION_REQUIRED = "927" RPL_REG_VERIFICATION_REQUIRED = "927"
ERR_REG_INVALID_CRED_TYPE = "928"
ERR_REG_INVALID_CALLBACK = "929"
ERR_TOOMANYLANGUAGES = "981" ERR_TOOMANYLANGUAGES = "981"
ERR_NOLANGUAGE = "982" ERR_NOLANGUAGE = "982"

View File

@ -173,21 +173,6 @@ func (server *Server) setISupport() (err error) {
isupport.Add("TOPICLEN", strconv.Itoa(config.Limits.TopicLen)) isupport.Add("TOPICLEN", strconv.Itoa(config.Limits.TopicLen))
isupport.Add("UTF8MAPPING", casemappingName) isupport.Add("UTF8MAPPING", casemappingName)
// account registration
if config.Accounts.Registration.Enabled {
// 'none' isn't shown in the REGCALLBACKS vars
var enabledCallbacks []string
for _, name := range server.config.Accounts.Registration.EnabledCallbacks {
if name != "*" {
enabledCallbacks = append(enabledCallbacks, name)
}
}
isupport.Add("ACCCOMMANDS", "CREATE,VERIFY")
isupport.Add("REGCALLBACKS", strings.Join(enabledCallbacks, ","))
isupport.Add("REGCREDTYPES", "passphrase,certfp")
}
err = isupport.RegenerateCachedReply() err = isupport.RegenerateCachedReply()
if err != nil { if err != nil {
return return