mirror of
https://github.com/ergochat/ergo.git
synced 2024-12-23 03:02:48 +01:00
Merge pull request #822 from slingamn/issue821_alwayson_mismatch.2
fix #821, maybe
This commit is contained in:
commit
e9a6864499
@ -935,6 +935,12 @@ func (am *AccountManager) checkPassphrase(accountName, passphrase string) (accou
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (am *AccountManager) AuthenticateByPassphrase(client *Client, accountName string, passphrase string) (err error) {
|
func (am *AccountManager) AuthenticateByPassphrase(client *Client, accountName string, passphrase string) (err error) {
|
||||||
|
if client.registered {
|
||||||
|
if clientAlready := am.server.clients.Get(accountName); clientAlready != nil && clientAlready.AlwaysOn() {
|
||||||
|
return errNickAccountMismatch
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
var account ClientAccount
|
var account ClientAccount
|
||||||
|
|
||||||
defer func() {
|
defer func() {
|
||||||
@ -1210,6 +1216,11 @@ func (am *AccountManager) AuthenticateByCertFP(client *Client, certfp, authzid s
|
|||||||
} else if !clientAccount.Verified {
|
} else if !clientAccount.Verified {
|
||||||
return errAccountUnverified
|
return errAccountUnverified
|
||||||
}
|
}
|
||||||
|
if client.registered {
|
||||||
|
if clientAlready := am.server.clients.Get(clientAccount.Name); clientAlready != nil && clientAlready.AlwaysOn() {
|
||||||
|
return errNickAccountMismatch
|
||||||
|
}
|
||||||
|
}
|
||||||
am.Login(client, clientAccount)
|
am.Login(client, clientAccount)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -42,6 +42,7 @@ var (
|
|||||||
errNicknameInUse = errors.New("nickname in use")
|
errNicknameInUse = errors.New("nickname in use")
|
||||||
errNicknameReserved = errors.New("nickname is reserved")
|
errNicknameReserved = errors.New("nickname is reserved")
|
||||||
errCantChangeNick = errors.New(`Always-on clients can't change nicknames`)
|
errCantChangeNick = errors.New(`Always-on clients can't change nicknames`)
|
||||||
|
errNickAccountMismatch = errors.New(`Your nickname doesn't match your account name`)
|
||||||
errNoExistingBan = errors.New("Ban does not exist")
|
errNoExistingBan = errors.New("Ban does not exist")
|
||||||
errNoSuchChannel = errors.New(`No such channel`)
|
errNoSuchChannel = errors.New(`No such channel`)
|
||||||
errChannelPurged = errors.New(`This channel was purged by the server operators and cannot be used`)
|
errChannelPurged = errors.New(`This channel was purged by the server operators and cannot be used`)
|
||||||
|
@ -471,6 +471,17 @@ func nsSetHandler(server *Server, client *Client, command string, params []strin
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
case "always-on":
|
case "always-on":
|
||||||
|
// #821: it's problematic to alter the value of always-on if you're not
|
||||||
|
// the (actual or potential) always-on client yourself. make an exception
|
||||||
|
// for `saset` to give operators an escape hatch (any consistency problems
|
||||||
|
// can probably be fixed by restarting the server):
|
||||||
|
if command != "saset" {
|
||||||
|
details := client.Details()
|
||||||
|
if details.nick != details.accountName {
|
||||||
|
err = errNickAccountMismatch
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if err == nil {
|
||||||
var newValue PersistentStatus
|
var newValue PersistentStatus
|
||||||
newValue, err = persistentStatusFromString(params[1])
|
newValue, err = persistentStatusFromString(params[1])
|
||||||
// "opt-in" and "opt-out" don't make sense as user preferences
|
// "opt-in" and "opt-out" don't make sense as user preferences
|
||||||
@ -481,6 +492,7 @@ func nsSetHandler(server *Server, client *Client, command string, params []strin
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
case "autoreplay-missed":
|
case "autoreplay-missed":
|
||||||
var newValue bool
|
var newValue bool
|
||||||
newValue, err = utils.StringToBool(params[1])
|
newValue, err = utils.StringToBool(params[1])
|
||||||
@ -515,6 +527,8 @@ func nsSetHandler(server *Server, client *Client, command string, params []strin
|
|||||||
displaySetting(params[0], finalSettings, client, rb)
|
displaySetting(params[0], finalSettings, client, rb)
|
||||||
case errInvalidParams, errAccountDoesNotExist, errFeatureDisabled, errAccountUnverified, errAccountUpdateFailed:
|
case errInvalidParams, errAccountDoesNotExist, errFeatureDisabled, errAccountUnverified, errAccountUpdateFailed:
|
||||||
nsNotice(rb, client.t(err.Error()))
|
nsNotice(rb, client.t(err.Error()))
|
||||||
|
case errNickAccountMismatch:
|
||||||
|
nsNotice(rb, fmt.Sprintf(client.t("Your nickname must match your account name %s exactly to modify this setting. Try changing it with /NICK, or logging out and back in with the correct nickname."), client.AccountName()))
|
||||||
default:
|
default:
|
||||||
// unknown error
|
// unknown error
|
||||||
nsNotice(rb, client.t("An error occurred"))
|
nsNotice(rb, client.t("An error occurred"))
|
||||||
@ -601,6 +615,7 @@ func nsIdentifyHandler(server *Server, client *Client, command string, params []
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var err error
|
||||||
loginSuccessful := false
|
loginSuccessful := false
|
||||||
|
|
||||||
var username, passphrase string
|
var username, passphrase string
|
||||||
@ -623,18 +638,20 @@ func nsIdentifyHandler(server *Server, client *Client, command string, params []
|
|||||||
if !nsLoginThrottleCheck(client, rb) {
|
if !nsLoginThrottleCheck(client, rb) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
err := server.accounts.AuthenticateByPassphrase(client, username, passphrase)
|
err = server.accounts.AuthenticateByPassphrase(client, username, passphrase)
|
||||||
loginSuccessful = (err == nil)
|
loginSuccessful = (err == nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
// try certfp
|
// try certfp
|
||||||
if !loginSuccessful && rb.session.certfp != "" {
|
if !loginSuccessful && rb.session.certfp != "" {
|
||||||
err := server.accounts.AuthenticateByCertFP(client, rb.session.certfp, "")
|
err = server.accounts.AuthenticateByCertFP(client, rb.session.certfp, "")
|
||||||
loginSuccessful = (err == nil)
|
loginSuccessful = (err == nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
if loginSuccessful {
|
if loginSuccessful {
|
||||||
sendSuccessfulAccountAuth(client, rb, true, true)
|
sendSuccessfulAccountAuth(client, rb, true, true)
|
||||||
|
} else if err == errNickAccountMismatch {
|
||||||
|
nsNotice(rb, client.t("That account is set to always-on; try logging out and logging back in with SASL"))
|
||||||
} else {
|
} else {
|
||||||
nsNotice(rb, client.t("Could not login with your TLS certificate or supplied username/password"))
|
nsNotice(rb, client.t("Could not login with your TLS certificate or supplied username/password"))
|
||||||
}
|
}
|
||||||
|
@ -584,6 +584,8 @@ func (server *Server) applyConfig(config *Config) (err error) {
|
|||||||
return fmt.Errorf("Datastore path cannot be changed after launching the server, rehash aborted")
|
return fmt.Errorf("Datastore path cannot be changed after launching the server, rehash aborted")
|
||||||
} else if globalCasemappingSetting != config.Server.Casemapping {
|
} else if globalCasemappingSetting != config.Server.Casemapping {
|
||||||
return fmt.Errorf("Casemapping cannot be changed after launching the server, rehash aborted")
|
return fmt.Errorf("Casemapping cannot be changed after launching the server, rehash aborted")
|
||||||
|
} else if oldConfig.Accounts.Multiclient.AlwaysOn != config.Accounts.Multiclient.AlwaysOn {
|
||||||
|
return fmt.Errorf("Default always-on setting cannot be changed after launching the server, rehash aborted")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user