|
@@ -471,14 +471,26 @@ func nsSetHandler(server *Server, client *Client, command string, params []strin
|
471
|
471
|
}
|
472
|
472
|
}
|
473
|
473
|
case "always-on":
|
474
|
|
- var newValue PersistentStatus
|
475
|
|
- newValue, err = persistentStatusFromString(params[1])
|
476
|
|
- // "opt-in" and "opt-out" don't make sense as user preferences
|
477
|
|
- if err == nil && newValue != PersistentOptIn && newValue != PersistentOptOut {
|
478
|
|
- munger = func(in AccountSettings) (out AccountSettings, err error) {
|
479
|
|
- out = in
|
480
|
|
- out.AlwaysOn = newValue
|
481
|
|
- return
|
|
474
|
+ // #821: it's problematic to alter the value of always-on if you're not
|
|
475
|
+ // the (actual or potential) always-on client yourself. make an exception
|
|
476
|
+ // for `saset` to give operators an escape hatch (any consistency problems
|
|
477
|
+ // can probably be fixed by restarting the server):
|
|
478
|
+ if command != "saset" {
|
|
479
|
+ details := client.Details()
|
|
480
|
+ if details.nick != details.accountName {
|
|
481
|
+ err = errNickAccountMismatch
|
|
482
|
+ }
|
|
483
|
+ }
|
|
484
|
+ if err == nil {
|
|
485
|
+ var newValue PersistentStatus
|
|
486
|
+ newValue, err = persistentStatusFromString(params[1])
|
|
487
|
+ // "opt-in" and "opt-out" don't make sense as user preferences
|
|
488
|
+ if err == nil && newValue != PersistentOptIn && newValue != PersistentOptOut {
|
|
489
|
+ munger = func(in AccountSettings) (out AccountSettings, err error) {
|
|
490
|
+ out = in
|
|
491
|
+ out.AlwaysOn = newValue
|
|
492
|
+ return
|
|
493
|
+ }
|
482
|
494
|
}
|
483
|
495
|
}
|
484
|
496
|
case "autoreplay-missed":
|
|
@@ -515,6 +527,8 @@ func nsSetHandler(server *Server, client *Client, command string, params []strin
|
515
|
527
|
displaySetting(params[0], finalSettings, client, rb)
|
516
|
528
|
case errInvalidParams, errAccountDoesNotExist, errFeatureDisabled, errAccountUnverified, errAccountUpdateFailed:
|
517
|
529
|
nsNotice(rb, client.t(err.Error()))
|
|
530
|
+ case errNickAccountMismatch:
|
|
531
|
+ nsNotice(rb, fmt.Sprintf(client.t("Your nickname must match your account name %s exactly to modify this setting. Try changing it with /NICK, or logging out and back in with the correct nickname."), client.AccountName()))
|
518
|
532
|
default:
|
519
|
533
|
// unknown error
|
520
|
534
|
nsNotice(rb, client.t("An error occurred"))
|
|
@@ -601,6 +615,7 @@ func nsIdentifyHandler(server *Server, client *Client, command string, params []
|
601
|
615
|
return
|
602
|
616
|
}
|
603
|
617
|
|
|
618
|
+ var err error
|
604
|
619
|
loginSuccessful := false
|
605
|
620
|
|
606
|
621
|
var username, passphrase string
|
|
@@ -623,18 +638,20 @@ func nsIdentifyHandler(server *Server, client *Client, command string, params []
|
623
|
638
|
if !nsLoginThrottleCheck(client, rb) {
|
624
|
639
|
return
|
625
|
640
|
}
|
626
|
|
- err := server.accounts.AuthenticateByPassphrase(client, username, passphrase)
|
|
641
|
+ err = server.accounts.AuthenticateByPassphrase(client, username, passphrase)
|
627
|
642
|
loginSuccessful = (err == nil)
|
628
|
643
|
}
|
629
|
644
|
|
630
|
645
|
// try certfp
|
631
|
646
|
if !loginSuccessful && rb.session.certfp != "" {
|
632
|
|
- err := server.accounts.AuthenticateByCertFP(client, rb.session.certfp, "")
|
|
647
|
+ err = server.accounts.AuthenticateByCertFP(client, rb.session.certfp, "")
|
633
|
648
|
loginSuccessful = (err == nil)
|
634
|
649
|
}
|
635
|
650
|
|
636
|
651
|
if loginSuccessful {
|
637
|
652
|
sendSuccessfulAccountAuth(client, rb, true, true)
|
|
653
|
+ } else if err == errNickAccountMismatch {
|
|
654
|
+ nsNotice(rb, client.t("That account is set to always-on; try logging out and logging back in with SASL"))
|
638
|
655
|
} else {
|
639
|
656
|
nsNotice(rb, client.t("Could not login with your TLS certificate or supplied username/password"))
|
640
|
657
|
}
|