3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-15 00:19:29 +01:00

consolidate login throttle checks

We can check once during initialization of the SASL session, e.g.
on receiving `AUTHENTICATE PLAIN` or `AUTHENTICATE EXTERNAL`
This commit is contained in:
Shivaram Lingamneni 2021-07-30 14:06:13 -04:00
parent 41822813c0
commit ebe1f84d64

View File

@ -166,6 +166,12 @@ func authenticateHandler(server *Server, client *Client, msg ircmsg.Message, rb
// start new sasl session // start new sasl session
if session.sasl.mechanism == "" { if session.sasl.mechanism == "" {
throttled, remainingTime := client.loginThrottle.Touch()
if throttled {
rb.Add(nil, server.name, ERR_SASLFAIL, client.Nick(), fmt.Sprintf(client.t("Please wait at least %v and try again"), remainingTime))
return false
}
mechanism := strings.ToUpper(msg.Params[0]) mechanism := strings.ToUpper(msg.Params[0])
_, mechanismIsEnabled := EnabledSaslMechanisms[mechanism] _, mechanismIsEnabled := EnabledSaslMechanisms[mechanism]
@ -247,12 +253,6 @@ func authPlainHandler(server *Server, client *Client, session *Session, value []
return false return false
} }
throttled, remainingTime := client.loginThrottle.Touch()
if throttled {
rb.Add(nil, server.name, ERR_SASLFAIL, client.Nick(), fmt.Sprintf(client.t("Please wait at least %v and try again"), remainingTime))
return false
}
// see #843: strip the device ID for the benefit of clients that don't // see #843: strip the device ID for the benefit of clients that don't
// distinguish user/ident from account name // distinguish user/ident from account name
if strudelIndex := strings.IndexByte(authcid, '@'); strudelIndex != -1 { if strudelIndex := strings.IndexByte(authcid, '@'); strudelIndex != -1 {
@ -347,12 +347,6 @@ func authScramHandler(server *Server, client *Client, session *Session, value []
// first message? if so, initialize the SCRAM conversation // first message? if so, initialize the SCRAM conversation
if session.sasl.scramConv == nil { if session.sasl.scramConv == nil {
throttled, remainingTime := client.loginThrottle.Touch()
if throttled {
rb.Add(nil, server.name, ERR_SASLFAIL, client.Nick(), fmt.Sprintf(client.t("Please wait at least %v and try again"), remainingTime))
continueAuth = false
return false
}
session.sasl.scramConv = server.accounts.NewScramConversation() session.sasl.scramConv = server.accounts.NewScramConversation()
} }