~emersion/soju-dev

Add fallback for authentication v2 PROPOSED

gildarts: 1
 Add fallback for authentication

 1 files changed, 29 insertions(+), 2 deletions(-)
Export patchset (mbox)
How do I use this?

Copy & paste the following snippet into your terminal to import this patchset into git:

curl -s https://lists.sr.ht/~emersion/soju-dev/patches/23661/mbox | git am -3
Learn more about email & git
View this thread in the archives

[RFC PATCH v2] Add fallback for authentication Export this patch

This is adding a fallback for authentication to allow providing
username, client, and network inside the password field.

It splits on `:`, but only if the password fails to be recognised
initially.

Doesn't change the allowed characters in passwords.
---
 downstream.go | 31 +++++++++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/downstream.go b/downstream.go
index fee5134..d359321 100644
--- a/downstream.go
+++ b/downstream.go
@@ -954,6 +954,21 @@ func unmarshalUsername(rawUsername string) (username, client, network string) {
	return username, client, network
}

func unmarshalUsernameAndPassword(rawPassword string) (username, client, network, password string) {
	password = rawPassword

	i := strings.IndexAny(password, ":")

	if i >= 0 {
		username = rawPassword[:i]
		password = rawPassword[i+1:]
	}

	username, client, network = unmarshalUsername(username)

	return username, client, network, password
}

func (dc *downstreamConn) authenticate(username, password string) error {
	username, clientName, networkName := unmarshalUsername(username)

@@ -970,8 +985,20 @@ func (dc *downstreamConn) authenticate(username, password string) error {

	err = bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(password))
	if err != nil {
		dc.logger.Printf("failed authentication for %q: wrong password: %v", username, err)
		return errAuthFailed
		username, clientName, networkName, password = unmarshalUsernameAndPassword(password)

		u, err = dc.srv.db.GetUser(username)
		if err != nil {
			dc.logger.Printf("failed authentication for %q: user not found: %v", username, err)
			return errAuthFailed
		}

		err2 := bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(password))
		if err2 != nil {
			dc.logger.Printf("failed authentication for %q: wrong password: %v", username, err)

			return errAuthFailed
		}
	}

	dc.user = dc.srv.getUser(username)
-- 
2.28.0.windows.1