GitHub
/
ergo
mirror of https://github.com/ergochat/ergo.git
3
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,563 Commits 21 Branches 70 Tags 46 MiB
Commit Graph

92 Commits

Author SHA1 Message Date
Shivaram Lingamneni 05cb80507f fix #741 2020-01-11 22:43:40 -05:00
Shivaram Lingamneni eb630b7657 Revert "never set the certfp lookup key before verification" 
This reverts commit a120cc2443.
 2020-01-06 15:00:26 -05:00
Shivaram Lingamneni a120cc2443 never set the certfp lookup key before verification 2020-01-06 12:53:21 -05:00
Shivaram Lingamneni 1b35c6887f fix #733 2020-01-06 12:21:52 -05:00
Shivaram Lingamneni f920d3b79f fix #530, #721 2019-12-29 12:05:01 -05:00
Shivaram Lingamneni 68e3b74b79
Merge pull request #717 from slingamn/issue716 
fix #716
 2019-12-25 21:11:53 -05:00
Shivaram Lingamneni 8c1db7a2f5 better UX for cancelling channel transfers 2019-12-25 15:59:38 -05:00
Shivaram Lingamneni 33c8b2177e fix a bug 
In the previous commit, the client would receive a failure message but would
actually remain logged in after an authzid/authcid mismatch. This was a
correctness rather than a security issue, but now it's fixed so that the client
never logs in in the first place.
 2019-12-25 15:06:26 -05:00
Shivaram Lingamneni 1487980fe0 Fix #710 2019-12-24 15:03:37 -05:00
Shivaram Lingamneni 7a6925fa3f Merge remote-tracking branch 'origin/master' into issue702 2019-12-23 11:32:15 -05:00
Shivaram Lingamneni bf5a02f077
Merge pull request #692 from slingamn/issue683_channelpurge.1 
chanserv enhancements and miscellaneous fixes
 2019-12-22 10:41:24 -05:00
Shivaram Lingamneni 26ca016c66 fix the analogous issue for vhosts 2019-12-21 20:26:40 -05:00
Shivaram Lingamneni 25c4eb2996 fix #702 2019-12-21 20:19:19 -05:00
Shivaram Lingamneni 6740222ecb fix #616 2019-12-18 17:38:14 -05:00
Shivaram Lingamneni 07865b8f63 chanserv enhancements and miscellaneous fixes 
* Fix #684
* Fix #683
* Add `CHANSERV CLEAR`
* Allow mode changes from channel founders even when they aren't joined
* Operators with the chanreg capability are exempt from max-channels-per-account
* Small fixes and cleanup
 2019-12-16 20:06:52 -05:00
Shivaram Lingamneni 80aa77372b fix spurious error message 2019-07-12 11:49:01 -04:00
Shivaram Lingamneni 1a1d3ff89f fix #410 2019-05-29 04:43:13 -04:00
Shivaram Lingamneni 8794740f89 be more pedantic about distinguishing skeletons and casefolds 2019-05-24 13:09:56 -04:00
Shivaram Lingamneni 851617a4a5 Merge remote-tracking branch 'origin/master' into brb.5 2019-05-22 03:29:18 -04:00
Shivaram Lingamneni 1121e3d320 fix #404 2019-05-22 01:18:22 -04:00
Shivaram Lingamneni 3d445573cf implement draft/resume-0.4 2019-05-21 22:36:37 -04:00
Shivaram Lingamneni 8fc588375b implement user preferences system 2019-05-19 06:17:30 -04:00
Shivaram Lingamneni 5331afbdd4 Merge remote-tracking branch 'origin/master' into compat.4 2019-05-11 21:56:41 -04:00
Shivaram Lingamneni c193def606 fix some issues found with staticcheck.io 2019-05-10 01:44:14 -04:00
Shivaram Lingamneni 278e4acf57 fix handling of nil session in reattach code 2019-05-09 05:03:21 -04:00
Shivaram Lingamneni 4af783ed9e fix #449 2019-04-14 20:48:50 -04:00
Shivaram Lingamneni c2faeed4b5 initial implementation of bouncer functionality 2019-04-14 20:48:50 -04:00
Shivaram Lingamneni 63029e2ff5 refactor channel registration 2019-03-12 04:16:16 -04:00
Daniel Oaks 7cf8aaccf6
Merge pull request #352 from slingamn/chanreglimit.1 
track channel registrations per account
 2019-02-18 07:08:57 +10:00
Daniel Oaks c604638b7c
Merge pull request #386 from slingamn/regenabled 
allow SAREGISTER even when normal registration is fully disabled
 2019-02-18 07:08:04 +10:00
Shivaram Lingamneni a5f04495a1 fix #389 2019-02-15 13:34:09 -05:00
Shivaram Lingamneni d147708158 allow SAREGISTER even when normal registration is fully disabled 2019-02-14 20:42:02 -05:00
Shivaram Lingamneni 754934b429 unregister should boot clients if sasl is required 2019-02-14 15:42:07 -05:00
Shivaram Lingamneni 7786043275 make the land-grab check case-insensitive 2019-02-13 03:19:47 -05:00
Shivaram Lingamneni 6d690b0e36 add loglines for account registration, login, and unregistration 2019-02-13 02:54:27 -05:00
Shivaram Lingamneni e4c9351254 fix: set the existing channels unregistered 2019-02-12 02:09:31 -05:00
Shivaram Lingamneni ff7bbc4a9c track channel registrations per account 
* limit the total number of registrations per account
* when an account is unregistered, unregister all its channels
 2019-02-06 04:34:45 -05:00
Shivaram Lingamneni 775ead700f prevent nick reservation land-grabs 2019-02-05 20:18:40 -05:00
Shivaram Lingamneni 1c23af8767 add sasl-only config option 2019-02-05 00:51:58 -05:00
Shivaram Lingamneni 35948d2e5b refactor some conditions for clarity 2019-01-31 17:34:06 -05:00
Shivaram Lingamneni b9b2553a2f use the TR39 skeleton algorithm to prevent confusables (#178) 2019-01-30 21:48:53 -05:00
Shivaram Lingamneni a52d167278 additional defensive check in EnforcementStatus 2019-01-03 23:44:01 -05:00
Shivaram Lingamneni f20abf414f don't log an error logline for an incorrect SASL password 2019-01-02 10:29:42 -05:00
Shivaram Lingamneni 2ee89b15b3 per-user settings for nickname enforcement 2019-01-02 10:15:59 -05:00
Shivaram Lingamneni c2b2559ab4 avoid some uses of Sprintf for loglines 2019-01-02 09:55:45 -05:00
Daniel Oaks f912f64f21
Merge pull request #304 from slingamn/history.1 
draft/resume-0.2 implementation, message history support
 2018-12-15 04:37:16 +10:00
Shivaram Lingamneni 48f9b5e4fa implement NS PASSWD for password changes 2018-11-28 18:25:15 -05:00
Shivaram Lingamneni a0bf548fc5 draft/resume-0.2 implementation, message history support 2018-11-26 05:23:27 -05:00
Shivaram Lingamneni dfb0a57040 refactor the password hashing / password autoupgrade system 2018-08-06 02:26:21 -04:00
Daniel Oaks 6260869068 Upgrade password hashing. 
Previously, we generated and prepended a long salt before generating
password hashes. This resulted in the hash verification cutting off long
before it should do. This form of salting is also not necessary with
bcrypt as it's provided by the password hashing and verification
functions themselves, so totally rip it out.

This commit also adds the functionality for the server to automagically
upgrade users to use the new hashing system, which means better
security and more assurance that people can't bruteforce passwords.

No need to apply a database upgrade to do this, whoo! \o/
 2018-08-05 22:51:15 -04:00