3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-12-23 03:02:48 +01:00
ergo/irc
Shivaram Lingamneni 218f6f2454 fix login throttle handling
We were checking the login throttle at the beginning of every SASL
conversation. This had several problems:

1. Pidgin (on Windows?) tries every mechanism in order, regardless of
the CAP advertisement. It would use up the default throttle allowance
trying unsupported mechanisms like CRAM-MD5.
2. The throttle was actually checked twice for AUTHENTICATE PLAIN
(once at the start of the conversation and once in AuthenticateByPassphrase).

The general pattern here is that we should check the throttle every time we
do something "expensive" (bcrypt verification, send a reset email) or
"dangerous" (anything that could lead to a bruteforce attack on passwords).
Therefore, delete the check from the AUTHENTICATE handler, and add one at
the beginning of the SCRAM conversation to replace it.
2024-05-26 05:19:41 -04:00
..
bunt refactor of channel persistence to use UUIDs 2023-01-04 05:06:21 -05:00
caps implement SASL OAUTHBEARER and draft/bearer (#2122) 2024-02-13 18:58:32 -05:00
cloaks fix #1647 2021-05-27 02:00:59 -04:00
connection_limits first pass at renaming Oragono to Ergo 2021-05-26 15:55:24 -04:00
custime use custime.Duration for more config fields 2020-02-20 00:09:39 -05:00
datastore refactor of channel persistence to use UUIDs 2023-01-04 05:06:21 -05:00
email fix #2142 2024-04-07 15:47:01 -04:00
flatip fix #1842 2021-11-30 03:27:40 -05:00
flock optionally protect against multiple starts with flock (#1873) 2022-01-01 18:56:40 -05:00
history use slices.Reverse from go1.21 2023-08-15 20:45:00 -04:00
isupport pull out max parameters constant in isupport impl 2024-02-11 12:38:49 -05:00
jwt bearer: close open jwt key files 2024-02-13 21:32:37 -05:00
languages upgrade go to 1.16 2021-02-17 15:14:53 -05:00
logger use new aligned atomic types everywhere 2022-08-10 02:47:39 -04:00
migrations support migrating anope databases 2020-10-12 15:06:17 -04:00
mkcerts fix #898 2020-03-22 18:18:48 -04:00
modes tweaks to NAMES implementation (#2058) 2023-04-14 02:15:56 -04:00
mysql use slices.Reverse from go1.21 2023-08-15 20:45:00 -04:00
oauth2 implement SASL OAUTHBEARER and draft/bearer (#2122) 2024-02-13 18:58:32 -05:00
passwd include a fixed test vector in password tests 2023-12-20 23:28:55 -05:00
smtp fix #2142 2024-04-07 15:47:01 -04:00
sno DISCONNECT Sno for always-on and/or multiclient 2021-07-03 04:41:42 +05:30
utils use maps.Clone from go1.21 2023-08-15 20:57:52 -04:00
accept_test.go add tests covering (*AcceptManager).Unaccept 2022-05-05 22:43:33 -04:00
accept.go fix #1688 2022-05-05 22:34:43 -04:00
accounts.go implement SASL OAUTHBEARER and draft/bearer (#2122) 2024-02-13 18:58:32 -05:00
authscript.go implement SASL OAUTHBEARER and draft/bearer (#2122) 2024-02-13 18:58:32 -05:00
channel.go fix #2144 2024-04-13 21:51:59 -04:00
channelmanager.go refactor of channel persistence to use UUIDs 2023-01-04 05:06:21 -05:00
channelreg.go refactor of channel persistence to use UUIDs 2023-01-04 05:06:21 -05:00
chanserv.go use slices.Contains from go1.21 2023-08-15 20:55:09 -04:00
client_lookup_set.go fix #2135 2024-03-11 01:32:39 -04:00
client_test.go tweaks to NAMES implementation (#2058) 2023-04-14 02:15:56 -04:00
client.go add a config switch to accept hostnames from WEBIRC 2024-04-13 21:43:41 -04:00
commands.go Implement draft/message-redaction (#2065) 2023-05-31 01:16:14 -04:00
config_test.go fix #2129 (#2132) 2024-02-25 10:05:36 -05:00
config.go fix #2129 (#2132) 2024-02-25 10:05:36 -05:00
constants.go tweak version strings again 2020-05-21 11:42:17 -04:00
database.go fix #2139 2024-03-29 12:32:42 -04:00
dline.go first pass at renaming Oragono to Ergo 2021-05-26 15:55:24 -04:00
errors.go implement SASL OAUTHBEARER and draft/bearer (#2122) 2024-02-13 18:58:32 -05:00
fakelag_test.go exempt a configurable number of MARKREAD commands from fakelag 2022-08-22 23:23:17 -04:00
fakelag.go use maps.Clone from go1.21 2023-08-15 20:57:52 -04:00
gateways.go add a config switch to accept hostnames from WEBIRC 2024-04-13 21:43:41 -04:00
getters.go fix deadlock on channel state mutex 2024-05-06 02:32:40 -04:00
handlers.go fix login throttle handling 2024-05-26 05:19:41 -04:00
help.go Implement draft/message-redaction (#2065) 2023-05-31 01:16:14 -04:00
histserv.go Implement draft/message-redaction (#2065) 2023-05-31 01:16:14 -04:00
hostserv.go refactor of channel persistence to use UUIDs 2023-01-04 05:06:21 -05:00
import.go refactor of channel persistence to use UUIDs 2023-01-04 05:06:21 -05:00
ircconn.go always validate UTF8 from websockets 2023-01-22 14:45:16 -05:00
kline.go first pass at renaming Oragono to Ergo 2021-05-26 15:55:24 -04:00
legacy.go refactor of channel persistence to use UUIDs 2023-01-04 05:06:21 -05:00
listeners.go make ReloadableListener lock-free 2023-01-05 20:18:14 -05:00
message_cache.go clean up force-trailing logic 2023-06-02 02:58:09 -04:00
misc_test.go fix #1688 2022-05-05 22:34:43 -04:00
modes_test.go fix #1688 2022-05-05 22:34:43 -04:00
modes.go SAMODE +f shouldn't require channel privileges 2021-11-09 13:23:25 -05:00
monitor.go upgrade to go 1.18, use generics 2022-03-30 00:44:51 -04:00
nickname.go Merge pull request #2136 from slingamn/issue2135_nicknameinuse 2024-03-20 10:48:27 -04:00
nickserv.go Gracefully handle NS cert add myself <fp> (#2128) 2024-02-14 09:56:37 -05:00
numerics.go fix #2109 (#2111) 2023-12-21 01:10:50 -05:00
panic.go factor out some shared code 2021-09-18 21:28:16 -04:00
responsebuffer.go clean up nested batch logic 2023-06-01 06:29:22 -04:00
roleplay.go first pass at renaming Oragono to Ergo 2021-05-26 15:55:24 -04:00
script.go scripting API for IP bans 2020-09-14 04:28:12 -04:00
semaphores.go first pass at renaming Oragono to Ergo 2021-05-26 15:55:24 -04:00
serde.go refactor of channel persistence to use UUIDs 2023-01-04 05:06:21 -05:00
server.go add a config switch to accept hostnames from WEBIRC 2024-04-13 21:43:41 -04:00
services.go fix #1850 2022-12-02 07:23:29 -05:00
snomanager.go use ergochat/irc-go instead of goshuirc/irc-go 2021-06-18 02:43:25 -04:00
socket.go replace some utils.Semaphore with (*sync.Mutex).TryLock 2022-09-02 04:25:39 -04:00
stats.go Apply default user modes just before registration. 2020-05-28 15:53:14 +00:00
strings_test.go validate normalized masks as IRC params 2020-10-25 23:32:24 -04:00
strings.go implement draft/read-marker capability 2022-03-30 23:16:09 -04:00
types.go tweaks to NAMES implementation (#2058) 2023-04-14 02:15:56 -04:00
uban.go fix missing parenthesis in UBAN INFO 2021-11-30 03:40:03 -05:00
usermaskset_test.go fix #307 2020-10-21 11:08:55 -04:00
usermaskset.go use new aligned atomic types everywhere 2022-08-10 02:47:39 -04:00
version.go set up new development version 2024-02-11 00:12:22 -05:00
whowas_test.go refactor channel registration 2019-03-12 04:16:16 -04:00
whowas.go refactor channel registration 2019-03-12 04:16:16 -04:00
znc.go upgrade to go 1.18, use generics 2022-03-30 00:44:51 -04:00