|
|
@@ -851,15 +851,16 @@ Oragono can emulate certain capabilities of the ZNC bouncer for the benefit of c
|
|
851
|
851
|
|
|
852
|
852
|
Oragono can be configured to call arbitrary scripts to authenticate users; see the `auth-script` section of the config. The API for these scripts is as follows: Oragono will invoke the script with a configurable set of arguments, then send it the authentication data as JSON on the first line (`\n`-terminated) of stdin. The input is a JSON-encoded dictionary with the following keys:
|
|
853
|
853
|
|
|
854
|
|
-* `AccountName`: this is a string during passphrase-based authentication, otherwise the empty string
|
|
855
|
|
-* `Passphrase`: this is a string during passphrase-based authentication, otherwise the empty string
|
|
856
|
|
-* `Certfp`: this is a string during certfp-based authentication, otherwise the empty string
|
|
|
854
|
+* `accountName`: during passphrase-based authentication, this is a string, otherwise omitted
|
|
|
855
|
+* `passphrase`: during passphrase-based authentication, this is a string, otherwise omitted
|
|
|
856
|
+* `certfp`: during certfp-based authentication, this is a string, otherwise omitted
|
|
|
857
|
+* `ip`: a string representation of the client's IP address
|
|
857
|
858
|
|
|
858
|
859
|
The script must print a single line (`\n`-terminated) to its output and exit. This line must be a JSON-encoded dictionary with the following keys:
|
|
859
|
860
|
|
|
860
|
|
-* `Success`, a boolean indicating whether the authentication was successful
|
|
861
|
|
-* `AccountName`, a string containing the normalized account name (in the case of passphrase-based authentication, it is permissible to return the empty string or omit the value)
|
|
862
|
|
-* `Error`, containing a human-readable description of the authentication error to be logged if applicable
|
|
|
861
|
+* `success`, a boolean indicating whether the authentication was successful
|
|
|
862
|
+* `accountName`, a string containing the normalized account name (in the case of passphrase-based authentication, it is permissible to return the empty string or omit the value)
|
|
|
863
|
+* `error`, containing a human-readable description of the authentication error to be logged if applicable
|
|
863
|
864
|
|
|
864
|
865
|
Here is a toy example of an authentication script in Python that checks that the account name and the password are equal (and rejects any attempts to authenticate via certfp):
|
|
865
|
866
|
|
|
|
@@ -870,10 +871,10 @@ import sys, json
|
|
870
|
871
|
|
|
871
|
872
|
raw_input = sys.stdin.readline()
|
|
872
|
873
|
input = json.loads(b)
|
|
873
|
|
-account_name = input.get("AccountName")
|
|
874
|
|
-passphrase = input.get("Passphrase")
|
|
|
874
|
+account_name = input.get("accountName")
|
|
|
875
|
+passphrase = input.get("passphrase")
|
|
875
|
876
|
success = bool(account_name) and bool(passphrase) and account_name == passphrase
|
|
876
|
|
-print(json.dumps({"Success": success})
|
|
|
877
|
+print(json.dumps({"success": success})
|
|
877
|
878
|
```
|
|
878
|
879
|
|
|
879
|
880
|
Note that after a failed script invocation, Oragono will proceed to check the credentials against its local database.
|
Shivaram Lingamneni
4 лет назад