3 # :title: User management
\r
5 # rbot user management
\r
6 # Author:: Giuseppe Bilotta (giuseppe.bilotta@gmail.com)
\r
7 # Copyright:: Copyright (c) 2006 Giuseppe Bilotta
\r
12 require 'rbot/maskdb'
\r
14 # This would be a good idea if it was failproof, but the truth
\r
15 # is that other methods can indirectly modify the hash. *sigh*
\r
17 # class AuthNotifyingHash < Hash
\r
18 # %w(clear default= delete delete_if replace invert
\r
19 # merge! update rehash reject! replace shift []= store).each { |m|
\r
21 # define_method(m) { |*a|
\r
23 # Irc::Bot::Auth.manager.set_changed
\r
35 # This module contains the actual Authentication stuff
\r
39 Config.register Config::StringValue.new( 'auth.password',
\r
40 :default => 'rbotauth', :wizard => true,
\r
41 :on_change => Proc.new {|bot, v| bot.auth.botowner.password = v},
\r
42 :desc => _('Password for the bot owner'))
\r
43 Config.register Config::BooleanValue.new( 'auth.login_by_mask',
\r
45 :desc => _('Set false to prevent new botusers from logging in without a password when the user netmask is known'))
\r
46 Config.register Config::BooleanValue.new( 'auth.autologin',
\r
48 :desc => _('Set false to prevent new botusers from recognizing IRC users without a need to manually login'))
\r
49 Config.register Config::BooleanValue.new( 'auth.autouser',
\r
50 :default => 'false',
\r
51 :desc => _('Set true to allow new botusers to be created automatically'))
\r
52 # Config.register Config::IntegerValue.new( 'auth.default_level',
\r
53 # :default => 10, :wizard => true,
\r
54 # :desc => 'The default level for new/unknown users' )
\r
56 # Generate a random password of length _l_
\r
58 def Auth.random_password(l=8)
\r
61 pwd << (rand(26) + (rand(2) == 0 ? 65 : 97) ).chr
\r
67 # An Irc::Bot::Auth::Command defines a command by its "path":
\r
69 # base::command::subcommand::subsubcommand::subsubsubcommand
\r
73 attr_reader :command, :path
\r
75 # A method that checks if a given _cmd_ is in a form that can be
\r
76 # reduced into a canonical command path, and if so, returns it
\r
78 def sanitize_command_path(cmd)
\r
79 pre = cmd.to_s.downcase.gsub(/^\*?(?:::)?/,"").gsub(/::$/,"")
\r
80 return pre if pre.empty?
\r
81 return pre if pre =~ /^\S+(::\S+)*$/
\r
82 raise TypeError, "#{cmd.inspect} is not a valid command"
\r
85 # Creates a new Command from a given string; you can then access
\r
86 # the command as a symbol with the :command method and the whole
\r
89 # Command.new("core::auth::save").path => [:"*", :"core", :"core::auth", :"core::auth::save"]
\r
91 # Command.new("core::auth::save").command => :"core::auth::save"
\r
94 cmdpath = sanitize_command_path(cmd).split('::')
\r
95 seq = cmdpath.inject(["*"]) { |list, cmd|
\r
96 list << (list.length > 1 ? list.last + "::" : "") + cmd
\r
98 @path = seq.map { |k|
\r
101 @command = path.last
\r
102 debug "Created command #{@command.inspect} with path #{@path.pretty_inspect}"
\r
106 def to_irc_auth_command
\r
120 # Returns an Irc::Bot::Auth::Comand from the receiver
\r
121 def to_irc_auth_command
\r
122 Irc::Bot::Auth::Command.new(self)
\r
130 # Returns an Irc::Bot::Auth::Comand from the receiver
\r
131 def to_irc_auth_command
\r
132 Irc::Bot::Auth::Command.new(self)
\r
145 # This class describes a permission set
\r
146 class PermissionSet
\r
149 # Create a new (empty) PermissionSet
\r
155 # Inspection simply inspects the internal hash
\r
160 # Sets the permission for command _cmd_ to _val_,
\r
162 def set_permission(str, val)
\r
163 cmd = str.to_irc_auth_command
\r
166 @perm[cmd.command] = val
\r
168 @perm.delete(cmd.command)
\r
170 raise TypeError, "#{val.inspect} must be true or false" unless [true,false].include?(val)
\r
174 # Resets the permission for command _cmd_
\r
176 def reset_permission(cmd)
\r
177 set_permission(cmd, nil)
\r
180 # Tells if command _cmd_ is permitted. We do this by returning
\r
181 # the value of the deepest Command#path that matches.
\r
184 cmd = str.to_irc_auth_command
\r
186 cmd.path.reverse.each { |k|
\r
187 if @perm.has_key?(k)
\r
198 # This is the error that gets raised when an invalid password is met
\r
200 class InvalidPassword < RuntimeError
\r
204 # This is the basic class for bot users: they have a username, a
\r
205 # password, a list of netmasks to match against, and a list of
\r
206 # permissions. A BotUser can be marked as 'transient', usually meaning
\r
207 # it's not intended for permanent storage. Transient BotUsers have lower
\r
208 # priority than nontransient ones for autologin purposes.
\r
210 # To initialize a BotUser, you pass a _username_ and an optional
\r
211 # hash of options. Currently, only two options are recognized:
\r
213 # transient:: true or false, determines if the BotUser is transient or
\r
214 # permanent (default is false, permanent BotUser).
\r
216 # Transient BotUsers are initialized by prepending an
\r
217 # asterisk (*) to the username, and appending a sanitized
\r
218 # version of the object_id. The username can be empty.
\r
219 # A random password is generated.
\r
221 # Permanent Botusers need the username as is, and no
\r
222 # password is generated.
\r
224 # masks:: an array of Netmasks to initialize the NetmaskList. This
\r
225 # list is used as-is for permanent BotUsers.
\r
227 # Transient BotUsers will alter the list elements which are
\r
228 # Irc::User by globbing the nick and any initial nonletter
\r
229 # part of the ident.
\r
231 # The masks option is optional for permanent BotUsers, but
\r
232 # obligatory (non-empty) for transients.
\r
236 attr_reader :username
\r
237 attr_reader :password
\r
238 attr_reader :netmasks
\r
240 attr_writer :login_by_mask
\r
241 attr_writer :transient
\r
243 def autologin=(vnew)
\r
247 @netmasks.each { |n| Auth.manager.maskdb.remove(self, n) }
\r
248 elsif vnew && !vold
\r
249 @netmasks.each { |n| Auth.manager.maskdb.add(self, n) }
\r
253 # Checks if the BotUser is transient
\r
258 # Checks if the BotUser is permanent (not transient)
\r
263 # Sets if the BotUser is permanent or not
\r
264 def permanent=(bool)
\r
268 # Make the BotUser permanent
\r
269 def make_permanent(name)
\r
270 raise TypError, "permanent already" if permanent?
\r
271 @username = BotUser.sanitize_username(name)
\r
274 reset_password # or not?
\r
275 @netmasks.dup.each do |m|
\r
277 add_netmask(m.generalize)
\r
281 # Create a new BotUser with given username
\r
282 def initialize(username, options={})
\r
283 opts = {:transient => false}.merge(options)
\r
284 @transient = opts[:transient]
\r
288 @username << BotUser.sanitize_username(username) if username and not username.to_s.empty?
\r
289 @username << BotUser.sanitize_username(object_id)
\r
291 @login_by_mask=true
\r
294 @username = BotUser.sanitize_username(username)
\r
296 reset_login_by_mask
\r
300 @netmasks = NetmaskList.new
\r
301 if opts.key?(:masks) and opts[:masks]
\r
302 masks = opts[:masks]
\r
303 masks = [masks] unless masks.respond_to?(:each)
\r
305 mask = m.to_irc_netmask
\r
306 if @transient and User === m
\r
308 mask.host = m.host.dup
\r
309 mask.user = "*" + m.user.sub(/^\w?[^\w]+/,'')
\r
311 add_netmask(mask) unless mask.to_s == "*"
\r
314 raise "must provide a usable mask for transient BotUser #{@username}" if @transient and @netmasks.empty?
\r
321 str = "<#{self.class}:#{'0x%08x' % self.object_id}"
\r
322 str << " (transient)" if @transient
\r
324 str << " @username=#{@username.inspect}"
\r
325 str << " @netmasks=#{@netmasks.inspect}"
\r
326 str << " @perm=#{@perm.inspect}"
\r
327 str << " @login_by_mask=#{@login_by_mask}"
\r
328 str << " @autologin=#{@autologin}"
\r
337 # Convert into a hash
\r
340 :username => @username,
\r
341 :password => @password,
\r
342 :netmasks => @netmasks,
\r
344 :login_by_mask => @login_by_mask,
\r
345 :autologin => @autologin,
\r
349 # Do we allow logging in without providing the password?
\r
355 # Reset the login-by-mask option
\r
357 def reset_login_by_mask
\r
358 @login_by_mask = Auth.manager.bot.config['auth.login_by_mask'] unless defined?(@login_by_mask)
\r
361 # Reset the autologin option
\r
363 def reset_autologin
\r
364 @autologin = Auth.manager.bot.config['auth.autologin'] unless defined?(@autologin)
\r
367 # Do we allow automatic logging in?
\r
373 # Restore from hash
\r
375 @username = h[:username] if h.has_key?(:username)
\r
376 @password = h[:password] if h.has_key?(:password)
\r
377 @login_by_mask = h[:login_by_mask] if h.has_key?(:login_by_mask)
\r
378 @autologin = h[:autologin] if h.has_key?(:autologin)
\r
379 if h.has_key?(:netmasks)
\r
380 @netmasks = h[:netmasks]
\r
381 @netmasks.each { |n| Auth.manager.maskdb.add(self, n) } if @autologin
\r
383 @perm = h[:perm] if h.has_key?(:perm)
\r
386 # This method sets the password if the proposed new password
\r
388 def password=(pwd=nil)
\r
394 raise InvalidPassword, "#{pass} contains invalid characters" if pass !~ /^[\x21-\x7e]+$/
\r
395 raise InvalidPassword, "#{pass} too short" if pass.length < 4
\r
397 rescue InvalidPassword => e
\r
400 raise InvalidPassword, "Exception #{e.inspect} while checking #{pass.inspect} (#{pwd.inspect})"
\r
405 # Resets the password by creating a new onw
\r
407 @password = Auth.random_password
\r
410 # Sets the permission for command _cmd_ to _val_ on channel _chan_
\r
412 def set_permission(cmd, val, chan="*")
\r
413 k = chan.to_s.to_sym
\r
414 @perm[k] = PermissionSet.new unless @perm.has_key?(k)
\r
415 @perm[k].set_permission(cmd, val)
\r
418 # Resets the permission for command _cmd_ on channel _chan_
\r
420 def reset_permission(cmd, chan ="*")
\r
421 set_permission(cmd, nil, chan)
\r
424 # Checks if BotUser is allowed to do something on channel _chan_,
\r
425 # or on all channels if _chan_ is nil
\r
427 def permit?(cmd, chan=nil)
\r
429 k = chan.to_s.to_sym
\r
434 if @perm.has_key?(k)
\r
435 allow = @perm[k].permit?(cmd)
\r
442 def add_netmask(mask)
\r
443 m = mask.to_irc_netmask
\r
446 Auth.manager.maskdb.add(self, m)
\r
447 Auth.manager.logout_transients(m) if self.permanent?
\r
451 # Removes a Netmask
\r
453 def delete_netmask(mask)
\r
454 m = mask.to_irc_netmask
\r
455 @netmasks.delete(m)
\r
456 Auth.manager.maskdb.remove(self, m) if self.autologin?
\r
459 # This method checks if BotUser has a Netmask that matches _user_
\r
462 user = usr.to_irc_user
\r
463 !!@netmasks.find { |n| user.matches? n }
\r
466 # This method gets called when User _user_ wants to log in.
\r
467 # It returns true or false depending on whether the password
\r
468 # is right. If it is, the Netmask of the user is added to the
\r
469 # list of acceptable Netmask unless it's already matched.
\r
470 def login(user, password=nil)
\r
471 if password == @password or (password.nil? and (@login_by_mask || @autologin) and knows?(user))
\r
472 add_netmask(user) unless knows?(user)
\r
473 debug "#{user} logged in as #{self.inspect}"
\r
480 # # This method gets called when User _user_ has logged out as this BotUser
\r
482 # delete_netmask(user) if knows?(user)
\r
485 # This method sanitizes a username by chomping, downcasing
\r
486 # and replacing any nonalphanumeric character with _
\r
488 def BotUser.sanitize_username(name)
\r
489 candidate = name.to_s.chomp.downcase.gsub(/[^a-z0-9]/,"_")
\r
490 raise "sanitized botusername #{candidate} too short" if candidate.length < 3
\r
496 # This is the default BotUser: it's used for all users which haven't
\r
497 # identified with the bot
\r
499 class DefaultBotUserClass < BotUser
\r
501 private :add_netmask, :delete_netmask
\r
505 # The default BotUser is named 'everyone'
\r
508 reset_login_by_mask
\r
511 @default_perm = PermissionSet.new
\r
514 # This method returns without changing anything
\r
516 def login_by_mask=(val)
\r
517 debug "Tried to change the login-by-mask for default bot user, ignoring"
\r
518 return @login_by_mask
\r
521 # The default botuser allows logins by mask
\r
523 def reset_login_by_mask
\r
524 @login_by_mask = true
\r
527 # This method returns without changing anything
\r
529 def autologin=(val)
\r
530 debug "Tried to change the autologin for default bot user, ignoring"
\r
534 # The default botuser doesn't allow autologin (meaningless)
\r
536 def reset_autologin
\r
540 # Sets the default permission for the default user (i.e. the ones
\r
541 # set by the BotModule writers) on all channels
\r
543 def set_default_permission(cmd, val)
\r
544 @default_perm.set_permission(Command.new(cmd), val)
\r
545 debug "Default permissions now: #{@default_perm.pretty_inspect}"
\r
548 # default knows everybody
\r
551 return true if user.to_irc_user
\r
554 # We always allow logging in as the default user
\r
555 def login(user, password)
\r
559 # DefaultBotUser will check the default_perm after checking
\r
561 # or on all channels if _chan_ is nil
\r
563 def permit?(cmd, chan=nil)
\r
564 allow = super(cmd, chan)
\r
565 if allow.nil? && chan.nil?
\r
566 allow = @default_perm.permit?(cmd)
\r
573 # Returns the only instance of DefaultBotUserClass
\r
575 def Auth.defaultbotuser
\r
576 return DefaultBotUserClass.instance
\r
579 # This is the BotOwner: he can do everything
\r
581 class BotOwnerClass < BotUser
\r
586 @login_by_mask = false
\r
591 def permit?(cmd, chan=nil)
\r
597 # Returns the only instance of BotOwnerClass
\r
600 return BotOwnerClass.instance
\r
605 # Check if the current BotUser is the default one
\r
607 return DefaultBotUserClass === self
\r
610 # Check if the current BotUser is the owner
\r
612 return BotOwnerClass === self
\r
617 # This is the ManagerClass singleton, used to manage
\r
618 # Irc::User/Irc::Bot::Auth::BotUser connections and everything
\r
624 attr_reader :maskdb
\r
625 attr_reader :everyone
\r
626 attr_reader :botowner
\r
629 # The instance manages two <code>Hash</code>es: one that maps
\r
630 # <code>Irc::User</code>s onto <code>BotUser</code>s, and the other that maps
\r
631 # usernames onto <code>BotUser</code>
\r
633 @everyone = Auth::defaultbotuser
\r
634 @botowner = Auth::botowner
\r
638 def bot_associate(bot)
\r
639 raise "Cannot associate with a new bot! Save first" if defined?(@has_changes) && @has_changes
\r
646 # This variable is set to true when there have been changes
\r
647 # to the botusers list, so that we know when to save
\r
648 @has_changes = false
\r
652 @has_changes = true
\r
656 @has_changes = false
\r
663 # resets the hashes
\r
665 @botusers = Hash.new
\r
666 @maskdb = NetmaskDb.new
\r
667 @allbotusers = Hash.new
\r
668 [everyone, botowner].each do |x|
\r
669 @allbotusers[x.username.to_sym] = x
\r
673 def load_array(ary, forced)
\r
675 warning "Tried to load an empty array"
\r
678 raise "Won't load with unsaved changes" if @has_changes and not forced
\r
681 raise TypeError, "#{x} should be a Hash" unless x.kind_of?(Hash)
\r
686 get_botuser(u).from_hash(x)
\r
687 get_botuser(u).transient = false
\r
693 @allbotusers.values.map { |x|
\r
694 x.transient? ? nil : x.to_hash
\r
698 # checks if we know about a certain BotUser username
\r
699 def include?(botusername)
\r
700 @allbotusers.has_key?(botusername.to_sym)
\r
703 # Maps <code>Irc::User</code> to BotUser
\r
704 def irc_to_botuser(ircuser)
\r
705 logged = @botusers[ircuser.to_irc_user]
\r
706 return logged if logged
\r
707 return autologin(ircuser)
\r
710 # creates a new BotUser
\r
711 def create_botuser(name, password=nil)
\r
712 n = BotUser.sanitize_username(name)
\r
714 raise "botuser #{n} exists" if include?(k)
\r
715 bu = BotUser.new(n)
\r
716 bu.password = password
\r
717 @allbotusers[k] = bu
\r
721 # returns the botuser with name _name_
\r
722 def get_botuser(name)
\r
723 @allbotusers.fetch(BotUser.sanitize_username(name).to_sym)
\r
726 # Logs Irc::User _user_ in to BotUser _botusername_ with password _pwd_
\r
728 # raises an error if _botusername_ is not a known BotUser username
\r
730 # It is possible to autologin by Netmask, on request
\r
732 def login(user, botusername, pwd=nil)
\r
733 ircuser = user.to_irc_user
\r
734 n = BotUser.sanitize_username(botusername)
\r
736 raise "No such BotUser #{n}" unless include?(k)
\r
737 if @botusers.has_key?(ircuser)
\r
738 return true if @botusers[ircuser].username == n
\r
740 # @botusers[ircuser].logout(ircuser)
\r
742 bu = @allbotusers[k]
\r
743 if bu.login(ircuser, pwd)
\r
744 @botusers[ircuser] = bu
\r
750 # Tries to auto-login Irc::User _user_ by looking at the known botusers that allow autologin
\r
751 # and trying to login without a password
\r
753 def autologin(user)
\r
754 ircuser = user.to_irc_user
\r
755 debug "Trying to autologin #{ircuser}"
\r
756 return @botusers[ircuser] if @botusers.has_key?(ircuser)
\r
757 bu = maskdb.find(ircuser)
\r
759 debug "trying #{bu}"
\r
760 bu.login(ircuser) or raise '...what?!'
\r
761 @botusers[ircuser] = bu
\r
764 # Finally, create a transient if we're set to allow it
\r
765 if @bot.config['auth.autouser']
\r
766 bu = create_transient_botuser(ircuser)
\r
767 @botusers[ircuser] = bu
\r
773 # Creates a new transient BotUser associated with Irc::User _user_,
\r
774 # automatically logging him in. Note that transient botuser creation can
\r
775 # fail, typically if we don't have the complete user netmask (e.g. for
\r
776 # messages coming in from a linkbot)
\r
778 def create_transient_botuser(user)
\r
779 ircuser = user.to_irc_user
\r
782 bu = BotUser.new(ircuser, :transient => true, :masks => ircuser)
\r
785 warning "failed to create transient for #{user}"
\r
791 # Logs out any Irc::User matching Irc::Netmask _m_ and logged in
\r
792 # to a transient BotUser
\r
794 def logout_transients(m)
\r
795 debug "to check: #{@botusers.keys.join ' '}"
\r
796 @botusers.keys.each do |iu|
\r
797 debug "checking #{iu.fullform} against #{m.fullform}"
\r
799 bu.transient? or next
\r
800 iu.matches?(m) or next
\r
801 @botusers.delete(iu).autologin = false
\r
805 # Makes transient BotUser _user_ into a permanent BotUser
\r
806 # named _name_; if _user_ is an Irc::User, act on the transient
\r
807 # BotUser (if any) it's logged in as
\r
809 def make_permanent(user, name)
\r
810 # TODO merge BotUser instead?
\r
811 raise "there's already a BotUser called #{name}" if include?(name)
\r
815 when String, Irc::User
\r
816 tuser = irc_to_botuser(user)
\r
820 raise TypeError, "sorry, don't know how to make #{user.class} into a permanent BotUser"
\r
822 return nil unless tuser
\r
823 raise TypeError, "#{tuser} is not transient" unless tuser.transient?
\r
825 tuser.make_permanent(name)
\r
826 @allbotusers[tuser.username.to_sym] = tuser
\r
831 # Checks if User _user_ can do _cmd_ on _chan_.
\r
833 # Permission are checked in this order, until a true or false
\r
835 # * associated BotUser on _chan_
\r
836 # * associated BotUser on all channels
\r
837 # * everyone on _chan_
\r
838 # * everyone on all channels
\r
840 def permit?(user, cmdtxt, channel=nil)
\r
841 if user.class <= BotUser
\r
844 botuser = irc_to_botuser(user)
\r
846 cmd = cmdtxt.to_irc_auth_command
\r
858 allow = botuser.permit?(cmd, chan) if chan
\r
859 return allow unless allow.nil?
\r
860 allow = botuser.permit?(cmd)
\r
861 return allow unless allow.nil?
\r
863 unless botuser == everyone
\r
864 allow = everyone.permit?(cmd, chan) if chan
\r
865 return allow unless allow.nil?
\r
866 allow = everyone.permit?(cmd)
\r
867 return allow unless allow.nil?
\r
870 raise "Could not check permission for user #{user.inspect} to run #{cmdtxt.inspect} on #{chan.inspect}"
\r
873 # Checks if command _cmd_ is allowed to User _user_ on _chan_, optionally
\r
874 # telling if the user is authorized
\r
876 def allow?(cmdtxt, user, chan=nil)
\r
877 if permit?(user, cmdtxt, chan)
\r
880 # cmds = cmdtxt.split('::')
\r
881 # @bot.say chan, "you don't have #{cmds.last} (#{cmds.first}) permissions here" if chan
\r
882 @bot.say chan, _("%{user}, you don't have '%{command}' permissions here") %
\r
883 {:user=>user, :command=>cmdtxt} if chan
\r
890 # Returns the only instance of ManagerClass
\r
893 return ManagerClass.instance
\r
901 # A convenience method to automatically found the botuser
\r
902 # associated with the receiver
\r
905 Irc::Bot::Auth.manager.irc_to_botuser(self)
\r
projects / user / henk / code / ruby / rbot.git / blob