correctly account for nickname in CAP LS arithmetic
The arithmetic was assuming that the nickname is * (which it is
pre-registration). However, we were sending the actual nickname
post-registration. It would be simpler to always send *, but it
appears that the nickname is actually required by the spec:
>Replies from the server must [sic] contain the client identifier name or
>asterisk if one is not yet available.
There is no change in behavior since committing the transaction
already write(2)'s all the data to disk. But let's comply with
the official buntdb API.
The channel mode +R used to both prevent joins by unregistered users,
and prevent unregistered users who happened to be joined from speaking.
This changes the behavior so that +R only prevents joins:
1. This allows users who were invited or SAJOIN'ed to speak
2. To restore the old semantics, chanops can set +RM
fix case where CS TRANSFER as an operator required acceptance
Reported by @mogad0n. If a user had both operator privileges and
channel owner privileges, the CS TRANSFER would proceed as though
unprivileged, requiring acceptance by the receiving user. Fix this
to not require acceptance.
* Add email-based password reset
Fixes #734
* rename SETPASS to RESETPASS
* review fixes
* abuse mitigations
* SENDPASS and RESETPASS should both touch the client login throttle
* Produce a logline and a sno on SENDPASS (since it actually sends an email)
* don't re-retrieve the settings value
* add email confirmation for NS SET EMAIL
* smtp: if require-tls is disabled, don't validate server cert
* review fixes
* remove cooldown for NS SET EMAIL
If you accidentally set the wrong address, the cooldown would prevent you
from fixing your mistake. Since we touch the registration throttle anyway,
this shouldn't present more of an abuse concern than registration itself.
remove SCRAM-SHA-256 from advertised SASL mechanisms
Advertising SCRAM-SHA-256 breaks irccloud, which doesn't fall back to PLAIN
if it sees SCRAM advertised but SCRAM then fails (as is the case for any
account password hashed on Ergo 2.7 or lower).
Leave a config option for irctest to enable it in the controller.