|
@@ -7,6 +7,7 @@ import (
|
7
|
7
|
"fmt"
|
8
|
8
|
"strings"
|
9
|
9
|
|
|
10
|
+ "github.com/goshuirc/irc-go/ircfmt"
|
10
|
11
|
"github.com/oragono/oragono/irc/utils"
|
11
|
12
|
)
|
12
|
13
|
|
|
@@ -98,10 +99,12 @@ SADROP forcibly de-links the given nickname from the attached user account.`,
|
98
|
99
|
},
|
99
|
100
|
"unregister": {
|
100
|
101
|
handler: nsUnregisterHandler,
|
101
|
|
- help: `Syntax: $bUNREGISTER [username]$b
|
|
102
|
+ help: `Syntax: $bUNREGISTER <username> [code]$b
|
102
|
103
|
|
103
|
|
-UNREGISTER lets you delete your user account (or the given one, if you're an
|
104
|
|
-IRC operator with the correct permissions).`,
|
|
104
|
+UNREGISTER lets you delete your user account (or someone else's, if you're an
|
|
105
|
+IRC operator with the correct permissions). To prevent accidental
|
|
106
|
+unregistrations, a verification code is required; invoking the command without
|
|
107
|
+a code will display the necessary code.`,
|
105
|
108
|
helpShort: `$bUNREGISTER$b lets you delete your user account.`,
|
106
|
109
|
},
|
107
|
110
|
"verify": {
|
|
@@ -316,7 +319,7 @@ func nsRegisterHandler(server *Server, client *Client, command, params string, r
|
316
|
319
|
}
|
317
|
320
|
|
318
|
321
|
func nsUnregisterHandler(server *Server, client *Client, command, params string, rb *ResponseBuffer) {
|
319
|
|
- username, _ := utils.ExtractParam(params)
|
|
322
|
+ username, verificationCode := utils.ExtractParam(params)
|
320
|
323
|
|
321
|
324
|
if !server.AccountConfig().Registration.Enabled {
|
322
|
325
|
nsNotice(rb, client.t("Account registration has been disabled"))
|
|
@@ -324,22 +327,32 @@ func nsUnregisterHandler(server *Server, client *Client, command, params string,
|
324
|
327
|
}
|
325
|
328
|
|
326
|
329
|
if username == "" {
|
327
|
|
- username = client.Account()
|
328
|
|
- }
|
329
|
|
- if username == "" {
|
330
|
|
- nsNotice(rb, client.t("You're not logged into an account"))
|
|
330
|
+ nsNotice(rb, client.t("You must specify an account"))
|
331
|
331
|
return
|
332
|
332
|
}
|
333
|
|
- cfname, err := CasefoldName(username)
|
334
|
|
- if err != nil {
|
335
|
|
- nsNotice(rb, client.t("Invalid username"))
|
|
333
|
+
|
|
334
|
+ account, err := server.accounts.LoadAccount(username)
|
|
335
|
+ if err == errAccountDoesNotExist {
|
|
336
|
+ nsNotice(rb, client.t("Invalid account name"))
|
|
337
|
+ return
|
|
338
|
+ } else if err != nil {
|
|
339
|
+ nsNotice(rb, client.t("Internal error"))
|
336
|
340
|
return
|
337
|
341
|
}
|
338
|
|
- if !(cfname == client.Account() || client.HasRoleCapabs("unregister")) {
|
|
342
|
+
|
|
343
|
+ cfname, _ := CasefoldName(username)
|
|
344
|
+ if !(cfname == client.Account() || client.HasRoleCapabs("accreg")) {
|
339
|
345
|
nsNotice(rb, client.t("Insufficient oper privs"))
|
340
|
346
|
return
|
341
|
347
|
}
|
342
|
348
|
|
|
349
|
+ expectedCode := unregisterConfirmationCode(account.Name, account.RegisteredAt)
|
|
350
|
+ if expectedCode != verificationCode {
|
|
351
|
+ nsNotice(rb, ircfmt.Unescape(client.t("$bWarning: unregistering this account will remove its stored privileges.$b")))
|
|
352
|
+ nsNotice(rb, fmt.Sprintf(client.t("To confirm account unregistration, type: /NS UNREGISTER %s %s"), cfname, expectedCode))
|
|
353
|
+ return
|
|
354
|
+ }
|
|
355
|
+
|
343
|
356
|
if cfname == client.Account() {
|
344
|
357
|
client.server.accounts.Logout(client)
|
345
|
358
|
}
|