mirror of
https://github.com/ergochat/ergo.git
synced 2024-11-25 21:39:25 +01:00
review fix
This commit is contained in:
parent
61738782c0
commit
75e9476026
@ -851,15 +851,16 @@ Oragono can emulate certain capabilities of the ZNC bouncer for the benefit of c
|
|||||||
|
|
||||||
Oragono can be configured to call arbitrary scripts to authenticate users; see the `auth-script` section of the config. The API for these scripts is as follows: Oragono will invoke the script with a configurable set of arguments, then send it the authentication data as JSON on the first line (`\n`-terminated) of stdin. The input is a JSON-encoded dictionary with the following keys:
|
Oragono can be configured to call arbitrary scripts to authenticate users; see the `auth-script` section of the config. The API for these scripts is as follows: Oragono will invoke the script with a configurable set of arguments, then send it the authentication data as JSON on the first line (`\n`-terminated) of stdin. The input is a JSON-encoded dictionary with the following keys:
|
||||||
|
|
||||||
* `AccountName`: this is a string during passphrase-based authentication, otherwise the empty string
|
* `accountName`: during passphrase-based authentication, this is a string, otherwise omitted
|
||||||
* `Passphrase`: this is a string during passphrase-based authentication, otherwise the empty string
|
* `passphrase`: during passphrase-based authentication, this is a string, otherwise omitted
|
||||||
* `Certfp`: this is a string during certfp-based authentication, otherwise the empty string
|
* `certfp`: during certfp-based authentication, this is a string, otherwise omitted
|
||||||
|
* `ip`: a string representation of the client's IP address
|
||||||
|
|
||||||
The script must print a single line (`\n`-terminated) to its output and exit. This line must be a JSON-encoded dictionary with the following keys:
|
The script must print a single line (`\n`-terminated) to its output and exit. This line must be a JSON-encoded dictionary with the following keys:
|
||||||
|
|
||||||
* `Success`, a boolean indicating whether the authentication was successful
|
* `success`, a boolean indicating whether the authentication was successful
|
||||||
* `AccountName`, a string containing the normalized account name (in the case of passphrase-based authentication, it is permissible to return the empty string or omit the value)
|
* `accountName`, a string containing the normalized account name (in the case of passphrase-based authentication, it is permissible to return the empty string or omit the value)
|
||||||
* `Error`, containing a human-readable description of the authentication error to be logged if applicable
|
* `error`, containing a human-readable description of the authentication error to be logged if applicable
|
||||||
|
|
||||||
Here is a toy example of an authentication script in Python that checks that the account name and the password are equal (and rejects any attempts to authenticate via certfp):
|
Here is a toy example of an authentication script in Python that checks that the account name and the password are equal (and rejects any attempts to authenticate via certfp):
|
||||||
|
|
||||||
@ -870,10 +871,10 @@ import sys, json
|
|||||||
|
|
||||||
raw_input = sys.stdin.readline()
|
raw_input = sys.stdin.readline()
|
||||||
input = json.loads(b)
|
input = json.loads(b)
|
||||||
account_name = input.get("AccountName")
|
account_name = input.get("accountName")
|
||||||
passphrase = input.get("Passphrase")
|
passphrase = input.get("passphrase")
|
||||||
success = bool(account_name) and bool(passphrase) and account_name == passphrase
|
success = bool(account_name) and bool(passphrase) and account_name == passphrase
|
||||||
print(json.dumps({"Success": success})
|
print(json.dumps({"success": success})
|
||||||
```
|
```
|
||||||
|
|
||||||
Note that after a failed script invocation, Oragono will proceed to check the credentials against its local database.
|
Note that after a failed script invocation, Oragono will proceed to check the credentials against its local database.
|
||||||
|
@ -1073,7 +1073,7 @@ func (am *AccountManager) AuthenticateByPassphrase(client *Client, accountName s
|
|||||||
if config.Accounts.AuthScript.Enabled {
|
if config.Accounts.AuthScript.Enabled {
|
||||||
var output AuthScriptOutput
|
var output AuthScriptOutput
|
||||||
output, err = CheckAuthScript(config.Accounts.AuthScript,
|
output, err = CheckAuthScript(config.Accounts.AuthScript,
|
||||||
AuthScriptInput{AccountName: accountName, Passphrase: passphrase})
|
AuthScriptInput{AccountName: accountName, Passphrase: passphrase, IP: client.IP().String()})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
am.server.logger.Error("internal", "failed shell auth invocation", err.Error())
|
am.server.logger.Error("internal", "failed shell auth invocation", err.Error())
|
||||||
return err
|
return err
|
||||||
@ -1411,7 +1411,8 @@ func (am *AccountManager) AuthenticateByCertFP(client *Client, certfp, authzid s
|
|||||||
config := am.server.Config()
|
config := am.server.Config()
|
||||||
if config.Accounts.AuthScript.Enabled {
|
if config.Accounts.AuthScript.Enabled {
|
||||||
var output AuthScriptOutput
|
var output AuthScriptOutput
|
||||||
output, err = CheckAuthScript(config.Accounts.AuthScript, AuthScriptInput{Certfp: certfp})
|
output, err = CheckAuthScript(config.Accounts.AuthScript,
|
||||||
|
AuthScriptInput{Certfp: certfp, IP: client.IP().String()})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
am.server.logger.Error("internal", "failed shell auth invocation", err.Error())
|
am.server.logger.Error("internal", "failed shell auth invocation", err.Error())
|
||||||
return err
|
return err
|
||||||
|
@ -15,15 +15,16 @@ import (
|
|||||||
|
|
||||||
// JSON-serializable input and output types for the script
|
// JSON-serializable input and output types for the script
|
||||||
type AuthScriptInput struct {
|
type AuthScriptInput struct {
|
||||||
AccountName string
|
AccountName string `json:"accountName,omitempty"`
|
||||||
Passphrase string
|
Passphrase string `json:"passphrase,omitempty"`
|
||||||
Certfp string
|
Certfp string `json:"certfp,omitempty"`
|
||||||
|
IP string `json:"ip,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type AuthScriptOutput struct {
|
type AuthScriptOutput struct {
|
||||||
AccountName string
|
AccountName string `json:"accountName"`
|
||||||
Success bool
|
Success bool `json:"success"`
|
||||||
Error string
|
Error string `json:"error"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// internal tupling of output and error for passing over a channel
|
// internal tupling of output and error for passing over a channel
|
||||||
|
Loading…
Reference in New Issue
Block a user