### # Copyright (c) 2002-2005, Jeremiah Fincher # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # * Redistributions of source code must retain the above copyright notice, # this list of conditions, and the following disclaimer. # * Redistributions in binary form must reproduce the above copyright notice, # this list of conditions, and the following disclaimer in the # documentation and/or other materials provided with the distribution. # * Neither the name of the author of this software nor the name of # contributors to this software may be used to endorse or promote products # derived from this software without specific prior written consent. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. ### import re import sys import uuid import time import fnmatch import supybot.conf as conf import supybot.gpg as gpg import supybot.utils as utils import supybot.ircdb as ircdb from supybot.commands import * import supybot.ircutils as ircutils import supybot.callbacks as callbacks from supybot.i18n import PluginInternationalization, internationalizeDocstring _ = PluginInternationalization('User') class User(callbacks.Plugin): """Provides commands for dealing with users, such as registration and authentication to the bot. This is a core Supybot plugin that should not be removed!""" def _checkNotChannel(self, irc, msg, password=' '): if password and irc.isChannel(msg.args[0]): raise callbacks.Error(conf.supybot.replies.requiresPrivacy()) @internationalizeDocstring def list(self, irc, msg, args, optlist, glob): """[--capability=<capability>] [<glob>] Returns the valid registered usernames matching <glob>. If <glob> is not given, returns all registered usernames. """ predicates = [] for (option, arg) in optlist: if option == 'capability': if arg in conf.supybot.capabilities.private(): try: u = ircdb.users.getUser(msg.prefix) if not u._checkCapability('admin'): raise KeyError except KeyError: # Note that it may be raised by checkCapability too. irc.error(_('This is a private capability. Only admins ' 'can see who has it.'), Raise=True) def p(u, cap=arg): try: return u._checkCapability(cap) except KeyError: return False predicates.append(p) if glob: r = re.compile(fnmatch.translate(glob), re.I) def p(u): return r.match(u.name) is not None predicates.append(p) users = [] for u in ircdb.users.itervalues(): for predicate in predicates: if not predicate(u): break else: users.append(u.name) if users: utils.sortBy(str.lower, users) irc.reply(format('%L', users)) else: if predicates: irc.reply(_('There are no matching registered users.')) else: irc.reply(_('There are no registered users.')) list = wrap(list, [getopts({'capability':'capability'}), additional('glob')]) @internationalizeDocstring def register(self, irc, msg, args, name, password): """<name> <password> Registers <name> with the given password <password> and the current hostmask of the person registering. You shouldn't register twice; if you're not recognized as a user but you've already registered, use the hostmask add command to add another hostmask to your already-registered user, or use the identify command to identify just for a session. This command (and all other commands that include a password) must be sent to the bot privately, not in a channel. """ addHostmask = True try: ircdb.users.getUserId(name) irc.error(_('That name is already assigned to someone.'), Raise=True) except KeyError: pass if ircutils.isUserHostmask(name): irc.errorInvalid(_('username'), name, _('Hostmasks are not valid usernames.'), Raise=True) try: u = ircdb.users.getUser(msg.prefix) if u._checkCapability('owner'): addHostmask = False else: irc.error(_('Your hostmask is already registered to %s') % u.name) return except KeyError: pass user = ircdb.users.newUser() user.name = name user.setPassword(password) if addHostmask: user.addHostmask(msg.prefix) ircdb.users.setUser(user) irc.replySuccess() register = wrap(register, ['private', 'something', 'something']) @internationalizeDocstring def unregister(self, irc, msg, args, user, password): """<name> [<password>] Unregisters <name> from the user database. If the user giving this command is an owner user, the password is not necessary. """ try: caller = ircdb.users.getUser(msg.prefix) isOwner = caller._checkCapability('owner') except KeyError: caller = None isOwner = False if not conf.supybot.databases.users.allowUnregistration(): if not caller or not isOwner: self.log.warning('%s tried to unregister user %s.', msg.prefix, user.name) irc.error(_('This command has been disabled. You\'ll have to ' 'ask the owner of this bot to unregister your ' 'user.'), Raise=True) if isOwner or user.checkPassword(password): ircdb.users.delUser(user.id) irc.replySuccess() else: irc.error(conf.supybot.replies.incorrectAuthentication()) unregister = wrap(unregister, ['private', 'otherUser', additional('anything')]) @internationalizeDocstring def changename(self, irc, msg, args, user, newname, password): """<name> <new name> [<password>] Changes your current user database name to the new name given. <password> is only necessary if the user isn't recognized by hostmask. This message must be sent to the bot privately (not on a channel) since it may contain a password. """ try: id = ircdb.users.getUserId(newname) irc.error(format(_('%q is already registered.'), newname)) return except KeyError: pass if user.checkHostmask(msg.prefix) or user.checkPassword(password): user.name = newname ircdb.users.setUser(user) irc.replySuccess() changename = wrap(changename, ['private', 'otherUser', 'something', additional('something', '')]) class set(callbacks.Commands): @internationalizeDocstring def password(self, irc, msg, args, user, password, newpassword): """[<name>] <old password> <new password> Sets the new password for the user specified by <name> to <new password>. Obviously this message must be sent to the bot privately (not in a channel). If the requesting user is an owner user (and the user whose password is being changed isn't that same owner user), then <old password> needn't be correct. """ try: u = ircdb.users.getUser(msg.prefix) except KeyError: u = None if user is None: if u is None: irc.errorNotRegistered(Raise=True) user = u if user.checkPassword(password) or \ (u and u._checkCapability('owner') and not u == user): user.setPassword(newpassword) ircdb.users.setUser(user) irc.replySuccess() else: irc.error(conf.supybot.replies.incorrectAuthentication()) password = wrap(password, ['private', optional('otherUser'), 'something', 'something']) @internationalizeDocstring def secure(self, irc, msg, args, user, password, value): """<password> [<True|False>] Sets the secure flag on the user of the person sending the message. Requires that the person's hostmask be in the list of hostmasks for that user in addition to the password being correct. When the secure flag is set, the user *must* identify before they can be recognized. If a specific True/False value is not given, it inverts the current value. """ if value is None: value = not user.secure if user.checkPassword(password) and \ user.checkHostmask(msg.prefix, useAuth=False): user.secure = value ircdb.users.setUser(user) irc.reply(_('Secure flag set to %s') % value) else: irc.error(conf.supybot.replies.incorrectAuthentication()) secure = wrap(secure, ['private', 'user', 'something', additional('boolean')]) @internationalizeDocstring def username(self, irc, msg, args, hostmask): """<hostmask|nick> Returns the username of the user specified by <hostmask> or <nick> if the user is registered. """ if ircutils.isNick(hostmask): try: hostmask = irc.state.nickToHostmask(hostmask) except KeyError: irc.error(_('I haven\'t seen %s.') % hostmask, Raise=True) try: user = ircdb.users.getUser(hostmask) irc.reply(user.name) except KeyError: irc.error(_('I don\'t know who that is.')) username = wrap(username, [first('nick', 'hostmask')]) class hostmask(callbacks.Commands): @internationalizeDocstring def hostmask(self, irc, msg, args, nick): """[<nick>] Returns the hostmask of <nick>. If <nick> isn't given, return the hostmask of the person giving the command. """ if not nick: nick = msg.nick irc.reply(irc.state.nickToHostmask(nick)) hostmask = wrap(hostmask, [additional('seenNick')]) @internationalizeDocstring def list(self, irc, msg, args, name): """[<name>] Returns the hostmasks of the user specified by <name>; if <name> isn't specified, returns the hostmasks of the user calling the command. """ def getHostmasks(user): hostmasks = list(map(repr, user.hostmasks)) if hostmasks: hostmasks.sort() return format('%L', hostmasks) else: return format(_('%s has no registered hostmasks.'), user.name) try: user = ircdb.users.getUser(msg.prefix) if name: if name != user.name and \ not ircdb.checkCapability(msg.prefix, 'owner'): irc.error(_('You may only retrieve your own ' 'hostmasks.'), Raise=True) else: try: user = ircdb.users.getUser(name) irc.reply(getHostmasks(user)) except KeyError: irc.errorNoUser() else: irc.reply(getHostmasks(user)) except KeyError: irc.errorNotRegistered() list = wrap(list, ['private', additional('something')]) @internationalizeDocstring def add(self, irc, msg, args, user, hostmask, password): """[<name>] [<hostmask>] [<password>] Adds the hostmask <hostmask> to the user specified by <name>. The <password> may only be required if the user is not recognized by hostmask. <password> is also not required if an owner user is giving the command on behalf of some other user. If <hostmask> is not given, it defaults to your current hostmask. If <name> is not given, it defaults to your currently identified name. This message must be sent to the bot privately (not on a channel) since it may contain a password. """ if not hostmask: hostmask = msg.prefix if not ircutils.isUserHostmask(hostmask): irc.errorInvalid(_('hostmask'), hostmask, _('Make sure your hostmask includes a nick, ' 'then an exclamation point (!), then a user, ' 'then an at symbol (@), then a host. Feel ' 'free to use wildcards (* and ?, which work ' 'just like they do on the command line) in ' 'any of these parts.'), Raise=True) try: otherId = ircdb.users.getUserId(hostmask) if otherId != user.id: irc.error(_('That hostmask is already registered.'), Raise=True) except KeyError: pass if not user.checkPassword(password) and \ not user.checkHostmask(msg.prefix): try: u = ircdb.users.getUser(msg.prefix) except KeyError: irc.error(conf.supybot.replies.incorrectAuthentication(), Raise=True) if not u._checkCapability('owner'): irc.error(conf.supybot.replies.incorrectAuthentication(), Raise=True) try: user.addHostmask(hostmask) except ValueError as e: irc.error(str(e), Raise=True) try: ircdb.users.setUser(user) except ircdb.DuplicateHostmask: irc.error(_('That hostmask is already registered.'), Raise=True) except ValueError as e: irc.error(str(e), Raise=True) irc.replySuccess() add = wrap(add, ['private', first('otherUser', 'user'), optional('something'), additional('something', '')]) @internationalizeDocstring def remove(self, irc, msg, args, user, hostmask, password): """[<name>] [<hostmask>] [<password>] Removes the hostmask <hostmask> from the record of the user specified by <name>. If the hostmask given is 'all' then all hostmasks will be removed. The <password> may only be required if the user is not recognized by their hostmask. This message must be sent to the bot privately (not on a channel) since it may contain a password. If <hostmask> is not given, it defaults to your current hostmask. If <name> is not given, it defaults to your currently identified name. """ if not hostmask: hostmask = msg.prefix if not user.checkPassword(password) and \ not user.checkHostmask(msg.prefix): u = ircdb.users.getUser(msg.prefix) if not u._checkCapability('owner'): irc.error(conf.supybot.replies.incorrectAuthentication()) return try: s = '' if hostmask == 'all': user.hostmasks.clear() s = _('All hostmasks removed.') else: user.removeHostmask(hostmask) except KeyError: irc.error(_('There was no such hostmask.')) return ircdb.users.setUser(user) irc.replySuccess(s) remove = wrap(remove, ['private', first('otherUser', 'user'), optional('something'), additional('something', '')]) def callCommand(self, command, irc, msg, *args, **kwargs): if command[0] != 'gpg' or \ (gpg.available and self.registryValue('gpg.enable')): return super(User, self) \ .callCommand(command, irc, msg, *args, **kwargs) else: irc.error(_('GPG features are not enabled.')) class gpg(callbacks.Commands): def __init__(self, *args): super(User.gpg, self).__init__(*args) self._tokens = {} def _expire_tokens(self): now = time.time() self._tokens = dict(filter(lambda x_y: x_y[1][1]>now, self._tokens.items())) @internationalizeDocstring def add(self, irc, msg, args, user, keyid, keyserver): """<key id> <key server> Add a GPG key to your account.""" if keyid in user.gpgkeys: irc.error(_('This key is already associated with your ' 'account.')) return result = gpg.keyring.recv_keys(keyserver, keyid) reply = format(_('%n imported, %i unchanged, %i not imported.'), (result.imported, _('key')), result.unchanged, result.not_imported, [x['fingerprint'] for x in result.results]) if result.imported == 1: user.gpgkeys.append(keyid) irc.reply(reply) else: irc.error(reply) add = wrap(add, ['user', ('somethingWithoutSpaces', _('You must give a valid key id')), ('somethingWithoutSpaces', _('You must give a valid key server'))]) @internationalizeDocstring def remove(self, irc, msg, args, user, fingerprint): """<fingerprint> Remove a GPG key from your account.""" try: keyids = [x['keyid'] for x in gpg.keyring.list_keys() if x['fingerprint'] == fingerprint] if len(keyids) == 0: raise ValueError for keyid in keyids: try: user.gpgkeys.remove(keyid) except ValueError: user.gpgkeys.remove('0x' + keyid) gpg.keyring.delete_keys(fingerprint) irc.replySuccess() except ValueError: irc.error(_('GPG key not associated with your account.')) remove = wrap(remove, ['user', 'somethingWithoutSpaces']) @internationalizeDocstring def list(self, irc, msg, args, user): """takes no arguments List your GPG keys.""" keyids = user.gpgkeys if len(keyids) == 0: irc.reply(_('No key is associated with your account.')) else: irc.reply(format('%L', keyids)) list = wrap(list, ['user']) @internationalizeDocstring def gettoken(self, irc, msg, args): """takes no arguments Send you a token that you'll have to sign with your key.""" self._expire_tokens() token = '{%s}' % str(uuid.uuid4()) lifetime = conf.supybot.plugins.User.gpg.TokenTimeout() self._tokens.update({token: (msg.prefix, time.time()+lifetime)}) irc.reply(_('Your token is: %s. Please sign it with your ' 'GPG key, paste it somewhere, and call the \'auth\' ' 'command with the URL to the (raw) file containing the ' 'signature.') % token) gettoken = wrap(gettoken, []) _auth_re = re.compile(r'-----BEGIN PGP SIGNED MESSAGE-----\r?\n' r'Hash: .*\r?\n\r?\n' r'\s*({[0-9a-z-]+})\s*\r?\n' r'-----BEGIN PGP SIGNATURE-----\r?\n.*' r'\r?\n-----END PGP SIGNATURE-----', re.S) @internationalizeDocstring def auth(self, irc, msg, args, url): """<url> Check the GPG signature at the <url> and authenticates you if the key used is associated to a user.""" self._expire_tokens() content = utils.web.getUrl(url) if sys.version_info[0] >= 3 and isinstance(content, bytes): content = content.decode() match = self._auth_re.search(content) if not match: irc.error(_('Signature or token not found.'), Raise=True) data = match.group(0) token = match.group(1) if token not in self._tokens: irc.error(_('Unknown token. It may have expired before you ' 'submit it.'), Raise=True) if self._tokens[token][0] != msg.prefix: irc.error(_('Your hostname/nick changed in the process. ' 'Authentication aborted.'), Raise=True) verified = gpg.keyring.verify(data) if verified and verified.valid: keyid = verified.key_id prefix, expiry = self._tokens.pop(token) found = False for (id, user) in ircdb.users.items(): if keyid in [x[-len(keyid):] for x in user.gpgkeys]: try: user.addAuth(msg.prefix) except ValueError: irc.error(_('Your secure flag is true and your ' 'hostmask doesn\'t match any of your ' 'known hostmasks.'), Raise=True) ircdb.users.setUser(user, flush=False) irc.reply(_('You are now authenticated as %s.') % user.name) return irc.error(_('Unknown GPG key.'), Raise=True) else: irc.error(_('Signature could not be verified. Make sure ' 'this is a valid GPG signature and the URL is valid.')) auth = wrap(auth, ['url']) @internationalizeDocstring def capabilities(self, irc, msg, args, user): """[<name>] Returns the capabilities of the user specified by <name>; if <name> isn't specified, returns the capabilities of the user calling the command. """ try: u = ircdb.users.getUser(msg.prefix) except KeyError: irc.errorNotRegistered() else: if u == user or u._checkCapability('admin'): irc.reply('[%s]' % '; '.join(user.capabilities), private=True) else: irc.error(conf.supybot.replies.incorrectAuthentication(), Raise=True) capabilities = wrap(capabilities, [first('otherUser', 'user')]) @internationalizeDocstring def identify(self, irc, msg, args, user, password): """<name> <password> Identifies the user as <name>. This command (and all other commands that include a password) must be sent to the bot privately, not in a channel. """ if user.checkPassword(password): try: user.addAuth(msg.prefix) ircdb.users.setUser(user, flush=False) irc.replySuccess() except ValueError: irc.error(_('Your secure flag is true and your hostmask ' 'doesn\'t match any of your known hostmasks.')) else: self.log.warning('Failed identification attempt by %s (password ' 'did not match for %s).', msg.prefix, user.name) irc.error(conf.supybot.replies.incorrectAuthentication()) identify = wrap(identify, ['private', 'otherUser', 'something']) @internationalizeDocstring def unidentify(self, irc, msg, args, user): """takes no arguments Un-identifies you. Note that this may not result in the desired effect of causing the bot not to recognize you anymore, since you may have added hostmasks to your user that can cause the bot to continue to recognize you. """ user.clearAuth() ircdb.users.setUser(user) irc.replySuccess(_('If you remain recognized after giving this command, ' 'you\'re being recognized by hostmask, rather than ' 'by password. You must remove whatever hostmask is ' 'causing you to be recognized in order not to be ' 'recognized.')) unidentify = wrap(unidentify, ['user']) @internationalizeDocstring def whoami(self, irc, msg, args): """takes no arguments Returns the name of the user calling the command. """ try: user = ircdb.users.getUser(msg.prefix) irc.reply(user.name) except KeyError: irc.reply(_('I don\'t recognize you. You can message me either of these two commands: "user identify <username> <password>" to log in or "user register <username> <password>" to register.')) whoami = wrap(whoami) @internationalizeDocstring def stats(self, irc, msg, args): """takes no arguments Returns some statistics on the user database. """ users = 0 owners = 0 admins = 0 hostmasks = 0 for user in ircdb.users.itervalues(): users += 1 hostmasks += len(user.hostmasks) try: if user._checkCapability('owner'): owners += 1 elif user._checkCapability('admin'): admins += 1 except KeyError: pass irc.reply(format(_('I have %s registered users ' 'with %s registered hostmasks; ' '%n and %n.'), users, hostmasks, (owners, 'owner'), (admins, 'admin'))) stats = wrap(stats) Class = User # vim:set shiftwidth=4 softtabstop=4 expandtab textwidth=79: