review fix

2024-11-22 03:49:27 +01:00 · 2020-06-04 02:03:15 -04:00 · 2020-06-04 02:03:15 -04:00 · 75e9476026
commit 75e9476026
parent 61738782c0
3 changed files with 20 additions and 17 deletions
--- a/docs/MANUAL.md
+++ b/docs/MANUAL.md
@ -851,15 +851,16 @@ Oragono can emulate certain capabilities of the ZNC bouncer for the benefit of c

 Oragono can be configured to call arbitrary scripts to authenticate users; see the `auth-script` section of the config. The API for these scripts is as follows: Oragono will invoke the script with a configurable set of arguments, then send it the authentication data as JSON on the first line (`\n`-terminated) of stdin. The input is a JSON-encoded dictionary with the following keys:

-* `AccountName`: this is a string during passphrase-based authentication, otherwise the empty string
-* `Passphrase`: this is a string during passphrase-based authentication, otherwise the empty string
-* `Certfp`: this is a string during certfp-based authentication, otherwise the empty string
+* `accountName`: during passphrase-based authentication, this is a string, otherwise omitted
+* `passphrase`: during passphrase-based authentication, this is a string, otherwise omitted
+* `certfp`: during certfp-based authentication, this is a string, otherwise omitted
+* `ip`: a string representation of the client's IP address

 The script must print a single line (`\n`-terminated) to its output and exit. This line must be a JSON-encoded dictionary with the following keys:

-* `Success`, a boolean indicating whether the authentication was successful
-* `AccountName`, a string containing the normalized account name (in the case of passphrase-based authentication, it is permissible to return the empty string or omit the value)
-* `Error`, containing a human-readable description of the authentication error to be logged if applicable
+* `success`, a boolean indicating whether the authentication was successful
+* `accountName`, a string containing the normalized account name (in the case of passphrase-based authentication, it is permissible to return the empty string or omit the value)
+* `error`, containing a human-readable description of the authentication error to be logged if applicable

 Here is a toy example of an authentication script in Python that checks that the account name and the password are equal (and rejects any attempts to authenticate via certfp):

@ -870,10 +871,10 @@ import sys, json

 raw_input = sys.stdin.readline()
 input = json.loads(b)
-account_name = input.get("AccountName")
-passphrase = input.get("Passphrase")
+account_name = input.get("accountName")
+passphrase = input.get("passphrase")
 success = bool(account_name) and bool(passphrase) and account_name == passphrase
-print(json.dumps({"Success": success})
+print(json.dumps({"success": success})
 ```

 Note that after a failed script invocation, Oragono will proceed to check the credentials against its local database.
--- a/irc/accounts.go
+++ b/irc/accounts.go
@ -1073,7 +1073,7 @@ func (am *AccountManager) AuthenticateByPassphrase(client *Client, accountName s
 	if config.Accounts.AuthScript.Enabled {
 		var output AuthScriptOutput
 		output, err = CheckAuthScript(config.Accounts.AuthScript,
-			AuthScriptInput{AccountName: accountName, Passphrase: passphrase})
+			AuthScriptInput{AccountName: accountName, Passphrase: passphrase, IP: client.IP().String()})
 		if err != nil {
 			am.server.logger.Error("internal", "failed shell auth invocation", err.Error())
 			return err
@ -1411,7 +1411,8 @@ func (am *AccountManager) AuthenticateByCertFP(client *Client, certfp, authzid s
 	config := am.server.Config()
 	if config.Accounts.AuthScript.Enabled {
 		var output AuthScriptOutput
-		output, err = CheckAuthScript(config.Accounts.AuthScript, AuthScriptInput{Certfp: certfp})
+		output, err = CheckAuthScript(config.Accounts.AuthScript,
+			AuthScriptInput{Certfp: certfp, IP: client.IP().String()})
 		if err != nil {
 			am.server.logger.Error("internal", "failed shell auth invocation", err.Error())
 			return err
--- a/irc/authscript.go
+++ b/irc/authscript.go
@ -15,15 +15,16 @@ import (

 // JSON-serializable input and output types for the script
 type AuthScriptInput struct {
-	AccountName string
-	Passphrase  string
-	Certfp      string
+	AccountName string `json:"accountName,omitempty"`
+	Passphrase  string `json:"passphrase,omitempty"`
+	Certfp      string `json:"certfp,omitempty"`
+	IP          string `json:"ip,omitempty"`
 }

 type AuthScriptOutput struct {
-	AccountName string
-	Success     bool
-	Error       string
+	AccountName string `json:"accountName"`
+	Success     bool   `json:"success"`
+	Error       string `json:"error"`
 }

 // internal tupling of output and error for passing over a channel