|
@@ -83,9 +83,10 @@ func parseCallback(spec string, config *AccountConfig) (callbackNamespace string
|
83
|
83
|
|
84
|
84
|
// ACC REGISTER <accountname> [callback_namespace:]<callback> [cred_type] :<credential>
|
85
|
85
|
func accRegisterHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *ResponseBuffer) bool {
|
|
86
|
+ nick := client.Nick()
|
86
|
87
|
// clients can't reg new accounts if they're already logged in
|
87
|
88
|
if client.LoggedIntoAccount() {
|
88
|
|
- rb.Add(nil, server.name, ERR_REG_UNSPECIFIED_ERROR, client.nick, "*", client.t("You're already logged into an account"))
|
|
89
|
+ rb.Add(nil, server.name, ERR_REG_UNSPECIFIED_ERROR, nick, "*", client.t("You're already logged into an account"))
|
89
|
90
|
return false
|
90
|
91
|
}
|
91
|
92
|
|
|
@@ -94,12 +95,12 @@ func accRegisterHandler(server *Server, client *Client, msg ircmsg.IrcMessage, r
|
94
|
95
|
casefoldedAccount, err := CasefoldName(account)
|
95
|
96
|
// probably don't need explicit check for "*" here... but let's do it anyway just to make sure
|
96
|
97
|
if err != nil || msg.Params[1] == "*" {
|
97
|
|
- rb.Add(nil, server.name, ERR_REG_UNSPECIFIED_ERROR, client.nick, account, client.t("Account name is not valid"))
|
|
98
|
+ rb.Add(nil, server.name, ERR_REG_UNSPECIFIED_ERROR, nick, account, client.t("Account name is not valid"))
|
98
|
99
|
return false
|
99
|
100
|
}
|
100
|
101
|
|
101
|
102
|
if len(msg.Params) < 4 {
|
102
|
|
- rb.Add(nil, server.name, ERR_NEEDMOREPARAMS, client.nick, msg.Command, client.t("Not enough parameters"))
|
|
103
|
+ rb.Add(nil, server.name, ERR_NEEDMOREPARAMS, nick, msg.Command, client.t("Not enough parameters"))
|
103
|
104
|
return false
|
104
|
105
|
}
|
105
|
106
|
|
|
@@ -107,7 +108,7 @@ func accRegisterHandler(server *Server, client *Client, msg ircmsg.IrcMessage, r
|
107
|
108
|
callbackNamespace, callbackValue := parseCallback(callbackSpec, server.AccountConfig())
|
108
|
109
|
|
109
|
110
|
if callbackNamespace == "" {
|
110
|
|
- rb.Add(nil, server.name, ERR_REG_INVALID_CALLBACK, client.nick, account, callbackSpec, client.t("Callback namespace is not supported"))
|
|
111
|
+ rb.Add(nil, server.name, ERR_REG_INVALID_CALLBACK, nick, account, callbackSpec, client.t("Callback namespace is not supported"))
|
111
|
112
|
return false
|
112
|
113
|
}
|
113
|
114
|
|
|
@@ -131,12 +132,12 @@ func accRegisterHandler(server *Server, client *Client, msg ircmsg.IrcMessage, r
|
131
|
132
|
}
|
132
|
133
|
}
|
133
|
134
|
if credentialType == "certfp" && client.certfp == "" {
|
134
|
|
- rb.Add(nil, server.name, ERR_REG_INVALID_CRED_TYPE, client.nick, credentialType, callbackNamespace, client.t("You are not using a TLS certificate"))
|
|
135
|
+ rb.Add(nil, server.name, ERR_REG_INVALID_CRED_TYPE, nick, credentialType, callbackNamespace, client.t("You are not using a TLS certificate"))
|
135
|
136
|
return false
|
136
|
137
|
}
|
137
|
138
|
|
138
|
139
|
if !credentialValid {
|
139
|
|
- rb.Add(nil, server.name, ERR_REG_INVALID_CRED_TYPE, client.nick, credentialType, callbackNamespace, client.t("Credential type is not supported"))
|
|
140
|
+ rb.Add(nil, server.name, ERR_REG_INVALID_CRED_TYPE, nick, credentialType, callbackNamespace, client.t("Credential type is not supported"))
|
140
|
141
|
return false
|
141
|
142
|
}
|
142
|
143
|
|
|
@@ -146,6 +147,13 @@ func accRegisterHandler(server *Server, client *Client, msg ircmsg.IrcMessage, r
|
146
|
147
|
} else if credentialType == "passphrase" {
|
147
|
148
|
passphrase = credentialValue
|
148
|
149
|
}
|
|
150
|
+
|
|
151
|
+ throttled, remainingTime := client.loginThrottle.Touch()
|
|
152
|
+ if throttled {
|
|
153
|
+ rb.Add(nil, server.name, ERR_REG_UNSPECIFIED_ERROR, nick, fmt.Sprintf(client.t("Please wait at least %v and try again"), remainingTime))
|
|
154
|
+ return false
|
|
155
|
+ }
|
|
156
|
+
|
149
|
157
|
err = server.accounts.Register(client, account, callbackNamespace, callbackValue, passphrase, certfp)
|
150
|
158
|
if err != nil {
|
151
|
159
|
msg := "Unknown"
|
|
@@ -161,7 +169,7 @@ func accRegisterHandler(server *Server, client *Client, msg ircmsg.IrcMessage, r
|
161
|
169
|
if err == errAccountAlreadyRegistered || err == errAccountCreation || err == errCertfpAlreadyExists {
|
162
|
170
|
msg = err.Error()
|
163
|
171
|
}
|
164
|
|
- rb.Add(nil, server.name, code, client.nick, "ACC", "REGISTER", client.t(msg))
|
|
172
|
+ rb.Add(nil, server.name, code, nick, "ACC", "REGISTER", client.t(msg))
|
165
|
173
|
return false
|
166
|
174
|
}
|
167
|
175
|
|
|
@@ -175,7 +183,7 @@ func accRegisterHandler(server *Server, client *Client, msg ircmsg.IrcMessage, r
|
175
|
183
|
} else {
|
176
|
184
|
messageTemplate := client.t("Account created, pending verification; verification code has been sent to %s:%s")
|
177
|
185
|
message := fmt.Sprintf(messageTemplate, callbackNamespace, callbackValue)
|
178
|
|
- rb.Add(nil, server.name, RPL_REG_VERIFICATION_REQUIRED, client.nick, casefoldedAccount, message)
|
|
186
|
+ rb.Add(nil, server.name, RPL_REG_VERIFICATION_REQUIRED, nick, casefoldedAccount, message)
|
179
|
187
|
}
|
180
|
188
|
|
181
|
189
|
return false
|
|
@@ -336,6 +344,8 @@ func authPlainHandler(server *Server, client *Client, mechanism string, value []
|
336
|
344
|
|
337
|
345
|
var accountKey, authzid string
|
338
|
346
|
|
|
347
|
+ nick := client.Nick()
|
|
348
|
+
|
339
|
349
|
if len(splitValue) == 3 {
|
340
|
350
|
accountKey = string(splitValue[0])
|
341
|
351
|
authzid = string(splitValue[1])
|
|
@@ -343,11 +353,17 @@ func authPlainHandler(server *Server, client *Client, mechanism string, value []
|
343
|
353
|
if accountKey == "" {
|
344
|
354
|
accountKey = authzid
|
345
|
355
|
} else if accountKey != authzid {
|
346
|
|
- rb.Add(nil, server.name, ERR_SASLFAIL, client.nick, client.t("SASL authentication failed: authcid and authzid should be the same"))
|
|
356
|
+ rb.Add(nil, server.name, ERR_SASLFAIL, nick, client.t("SASL authentication failed: authcid and authzid should be the same"))
|
347
|
357
|
return false
|
348
|
358
|
}
|
349
|
359
|
} else {
|
350
|
|
- rb.Add(nil, server.name, ERR_SASLFAIL, client.nick, client.t("SASL authentication failed: Invalid auth blob"))
|
|
360
|
+ rb.Add(nil, server.name, ERR_SASLFAIL, nick, client.t("SASL authentication failed: Invalid auth blob"))
|
|
361
|
+ return false
|
|
362
|
+ }
|
|
363
|
+
|
|
364
|
+ throttled, remainingTime := client.loginThrottle.Touch()
|
|
365
|
+ if throttled {
|
|
366
|
+ rb.Add(nil, server.name, ERR_SASLFAIL, nick, fmt.Sprintf(client.t("Please wait at least %v and try again"), remainingTime))
|
351
|
367
|
return false
|
352
|
368
|
}
|
353
|
369
|
|
|
@@ -355,7 +371,7 @@ func authPlainHandler(server *Server, client *Client, mechanism string, value []
|
355
|
371
|
err := server.accounts.AuthenticateByPassphrase(client, accountKey, password)
|
356
|
372
|
if err != nil {
|
357
|
373
|
msg := authErrorToMessage(server, err)
|
358
|
|
- rb.Add(nil, server.name, ERR_SASLFAIL, client.nick, fmt.Sprintf("%s: %s", client.t("SASL authentication failed"), client.t(msg)))
|
|
374
|
+ rb.Add(nil, server.name, ERR_SASLFAIL, nick, fmt.Sprintf("%s: %s", client.t("SASL authentication failed"), client.t(msg)))
|
359
|
375
|
return false
|
360
|
376
|
}
|
361
|
377
|
|