3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-25 13:29:27 +01:00

Merge pull request #2158 from slingamn/ircv3bearer.2

remove draft/bearer in favor of IRCV3BEARER
This commit is contained in:
Shivaram Lingamneni 2024-05-29 08:00:07 +02:00 committed by GitHub
commit 54ca659e57
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 30 additions and 35 deletions

View File

@ -219,12 +219,6 @@ CAPDEFS = [
url="https://github.com/ircv3/ircv3-specifications/pull/527",
standard="proposed IRCv3",
),
CapDef(
identifier="Bearer",
name="draft/bearer",
url="https://gist.github.com/slingamn/4fabc7a3d5f335da7bb313a7f0648f37",
standard="proposed IRCv3",
),
]
def validate_defs():

View File

@ -20,7 +20,6 @@ import (
"github.com/tidwall/buntdb"
"github.com/xdg-go/scram"
"github.com/ergochat/ergo/irc/caps"
"github.com/ergochat/ergo/irc/connection_limits"
"github.com/ergochat/ergo/irc/email"
"github.com/ergochat/ergo/irc/migrations"
@ -1398,10 +1397,6 @@ func (am *AccountManager) AuthenticateByPassphrase(client *Client, accountName s
}
}
if strings.HasPrefix(accountName, caps.BearerTokenPrefix) {
return am.AuthenticateByBearerToken(client, strings.TrimPrefix(accountName, caps.BearerTokenPrefix), passphrase)
}
if throttled, remainingTime := client.checkLoginThrottle(); throttled {
return &ThrottleError{remainingTime}
}
@ -1448,11 +1443,14 @@ func (am *AccountManager) AuthenticateByBearerToken(client *Client, tokenType, t
func (am *AccountManager) AuthenticateByOAuthBearer(client *Client, opts oauth2.OAuthBearerOptions) (err error) {
config := am.server.Config()
// we need to check this here since we can get here via SASL PLAIN:
if !config.Accounts.OAuth2.Enabled {
return errFeatureDisabled
}
if throttled, remainingTime := client.checkLoginThrottle(); throttled {
return &ThrottleError{remainingTime}
}
var username string
if config.Accounts.AuthScript.Enabled && config.Accounts.OAuth2.AuthScript {
username, err = am.authenticateByOAuthBearerScript(client, config, opts)
@ -2220,6 +2218,7 @@ var (
"EXTERNAL": authExternalHandler,
"SCRAM-SHA-256": authScramHandler,
"OAUTHBEARER": authOauthBearerHandler,
"IRCV3BEARER": authIRCv3BearerHandler,
}
)

View File

@ -64,10 +64,6 @@ const (
BotTagName = "bot"
// https://ircv3.net/specs/extensions/chathistory
ChathistoryTargetsBatchType = "draft/chathistory-targets"
// draft/bearer defines this prefix namespace for authcids, enabling tunneling bearer tokens
// in SASL PLAIN:
BearerTokenPrefix = "*bearer*"
)
func init() {

View File

@ -7,7 +7,7 @@ package caps
const (
// number of recognized capabilities:
numCapabs = 35
numCapabs = 34
// length of the uint32 array that represents the bitset:
bitsetLen = 2
)
@ -41,10 +41,6 @@ const (
// https://github.com/ircv3/ircv3-specifications/pull/435
AccountRegistration Capability = iota
// Bearer is the proposed IRCv3 capability named "draft/bearer":
// https://gist.github.com/slingamn/4fabc7a3d5f335da7bb313a7f0648f37
Bearer Capability = iota
// ChannelRename is the draft IRCv3 capability named "draft/channel-rename":
// https://ircv3.net/specs/extensions/channel-rename
ChannelRename Capability = iota
@ -164,7 +160,6 @@ var (
"cap-notify",
"chghost",
"draft/account-registration",
"draft/bearer",
"draft/channel-rename",
"draft/chathistory",
"draft/event-playback",

View File

@ -1402,6 +1402,9 @@ func LoadConfig(filename string) (config *Config, err error) {
if config.Accounts.OAuth2.Enabled {
saslCapValues = append(saslCapValues, "OAUTHBEARER")
}
if config.Accounts.OAuth2.Enabled || config.Accounts.JWTAuth.Enabled {
saslCapValues = append(saslCapValues, "IRCV3BEARER")
}
config.Server.capValues[caps.SASL] = strings.Join(saslCapValues, ",")
} else {
config.Server.supportedCaps.Disable(caps.SASL)
@ -1419,19 +1422,6 @@ func LoadConfig(filename string) (config *Config, err error) {
return nil, fmt.Errorf("oauth2 is enabled with auth-script, but no auth-script is enabled")
}
var bearerCapValues []string
if config.Accounts.OAuth2.Enabled {
bearerCapValues = append(bearerCapValues, "oauth2")
}
if config.Accounts.JWTAuth.Enabled {
bearerCapValues = append(bearerCapValues, "jwt")
}
if len(bearerCapValues) != 0 {
config.Server.capValues[caps.Bearer] = strings.Join(bearerCapValues, ",")
} else {
config.Server.supportedCaps.Disable(caps.Bearer)
}
if !config.Accounts.Registration.Enabled {
config.Server.supportedCaps.Disable(caps.AccountRegistration)
} else {

View File

@ -306,6 +306,27 @@ func authPlainHandler(server *Server, client *Client, session *Session, value []
return false
}
// AUTHENTICATE IRCV3BEARER
func authIRCv3BearerHandler(server *Server, client *Client, session *Session, value []byte, rb *ResponseBuffer) bool {
defer session.sasl.Clear()
// <authzid> \x00 <type> \x00 <token>
splitValue := bytes.SplitN(value, []byte{'\000'}, 3)
if len(splitValue) != 3 {
rb.Add(nil, server.name, ERR_SASLFAIL, client.Nick(), client.t("SASL authentication failed: Invalid auth blob"))
return false
}
err := server.accounts.AuthenticateByBearerToken(client, string(splitValue[1]), string(splitValue[2]))
if err != nil {
sendAuthErrorResponse(client, rb, err)
return false
}
sendSuccessfulAccountAuth(nil, client, rb, true)
return false
}
func sendAuthErrorResponse(client *Client, rb *ResponseBuffer, err error) {
msg := authErrorToMessage(client.server, err)
rb.Add(nil, client.server.name, ERR_SASLFAIL, client.nick, fmt.Sprintf("%s: %s", client.t("SASL authentication failed"), client.t(msg)))