Botusers can now be destroyed

[user/henk/code/ruby/rbot.git] / lib / rbot / core / auth.rb

#-- vim:sw=2:et\r
#++\r
# TODO:\r
# * user destroy: should work in two phases:\r
#   * <code>user destroy _botuser_</code> would queue _botuser_ for\r
#     destruction\r
#   * <code>user destroy _botuser_ _password_</code> would actually destroy\r
#     _botuser_ if it was queued and the _password_ is correct\r
# * user copy\r
# * user rename\r
#\r
# It should be fairly easy to implement all of this stuff by using\r
# @bot.auth.load_array and @bot.auth.save_array: this means it can be tested\r
# live and without any need to touch the rbot kernel file +botuser.rb+\r
#\r
\r
\r
class AuthModule < CoreBotModule\r
\r
  def initialize\r
    super\r
    load_array(:default, true)\r
    debug "Initialized auth. Botusers: #{@bot.auth.save_array.inspect}"\r
  end\r
\r
  def save\r
    save_array\r
  end\r
\r
  def save_array(key=:default)\r
    if @bot.auth.changed?\r
      @registry[key] = @bot.auth.save_array\r
      @bot.auth.reset_changed\r
      debug "saved botusers (#{key}): #{@registry[key].inspect}"\r
    end\r
  end\r
\r
  def load_array(key=:default, forced=false)\r
    debug "loading botusers (#{key}): #{@registry[key].inspect}"\r
    @bot.auth.load_array(@registry[key], forced) if @registry.has_key?(key)\r
  end\r
\r
  # The permission parameters accept arguments with the following syntax:\r
  #   cmd_path... [on #chan .... | in here | in private]\r
  # This auxiliary method scans the array _ar_ to see if it matches\r
  # the given syntax: it expects + or - signs in front of _cmd_path_\r
  # elements when _setting_ = true\r
  #\r
  # It returns an array whose first element is the array of cmd_path,\r
  # the second element is an array of locations and third an array of\r
  # warnings occurred while parsing the strings\r
  #\r
  def parse_args(ar, setting)\r
    cmds = []\r
    locs = []\r
    warns = []\r
    doing_cmds = true\r
    next_must_be_chan = false\r
    want_more = false\r
    last_idx = 0\r
    ar.each_with_index { |x, i|\r
      if doing_cmds # parse cmd_path\r
        # check if the list is done\r
        if x == "on" or x == "in"\r
          doing_cmds = false\r
          next_must_be_chan = true if x == "on"\r
          next\r
        end\r
        if "+-".include?(x[0])\r
          warns << ArgumentError("please do not use + or - in front of command #{x} when resetting") unless setting\r
        else\r
          warns << ArgumentError("+ or - expected in front of #{x}") if setting\r
        end\r
        cmds << x\r
      else # parse locations\r
        if x[-1].chr == ','\r
          want_more = true\r
        else\r
          want_more = false\r
        end\r
        case next_must_be_chan\r
        when false\r
          locs << x.gsub(/^here$/,'_').gsub(/^private$/,'?')\r
        else\r
          warns << ArgumentError("#{x} doesn't look like a channel name") unless @bot.server.supports[:chantypes].include?(x[0])\r
          locs << x\r
        end\r
        unless wants_more\r
          last_idx = i\r
          break\r
        end\r
      end\r
    }\r
    warns << "trailing comma" if wants_more\r
    warns << "you probably forgot a comma" unless last_idx == ar.length - 1\r
    return cmds, locs, warns\r
  end\r
\r
  def auth_set(m, params)\r
    cmds, locs, warns = parse_args(params[:args])\r
    errs = warns.select { |w| w.kind_of?(Exception) }\r
    unless errs.empty?\r
      m.reply "couldn't satisfy your request: #{errs.join(',')}"\r
      return\r
    end\r
    user = params[:user].sub(/^all$/,"everyone")\r
    begin\r
      bu = @bot.auth.get_botuser(user)\r
    rescue\r
      return m.reply "couldn't find botuser #{user}"\r
    end\r
    if locs.empty?\r
      locs << "*"\r
    end\r
    begin\r
      locs.each { |loc|\r
        ch = loc\r
        if m.private?\r
          ch = "?" if loc == "_"\r
        else\r
          ch = m.target.to_s if loc == "_"\r
        end\r
        cmds.each { |setval|\r
          val = setval[0].chr == '+'\r
          cmd = setval[1..-1]\r
          bu.set_permission(cmd, val, ch)\r
        }\r
      }\r
    rescue => e\r
      m.reply "Something went wrong while trying to set the permissions"\r
      raise\r
    end\r
    @bot.auth.set_changed\r
    debug "User #{user} permissions changed"\r
    m.reply "Ok, #{user} now also has permissions #{params[:args].join(' ')}"\r
  end\r
\r
  def get_botuser_for(user)\r
    @bot.auth.irc_to_botuser(user)\r
  end\r
\r
  def get_botusername_for(user)\r
    get_botuser_for(user).username\r
  end\r
\r
  def welcome(user)\r
    "welcome, #{get_botusername_for(user)}"\r
  end\r
\r
  def auth_login(m, params)\r
    begin\r
      case @bot.auth.login(m.source, params[:botuser], params[:password])\r
      when true\r
        m.reply welcome(m.source)\r
        @bot.auth.set_changed\r
      else\r
        m.reply "sorry, can't do"\r
      end\r
    rescue => e\r
      m.reply "couldn't login: #{e}"\r
      raise\r
    end\r
  end\r
\r
  def auth_autologin(m, params)\r
    u = do_autologin(m.source)\r
    case u.username\r
    when 'everyone'\r
      m.reply "I couldn't find anything to let you login automatically"\r
    else\r
      m.reply welcome(m.source)\r
    end\r
  end\r
\r
  def do_autologin(user)\r
    @bot.auth.autologin(user)\r
  end\r
\r
  def auth_whoami(m, params)\r
    rep = ""\r
    # if m.public?\r
    #   rep << m.source.nick << ", "\r
    # end\r
    rep << "you are "\r
    rep << get_botusername_for(m.source).gsub(/^everyone$/, "no one that I know").gsub(/^owner$/, "my boss")\r
    m.reply rep\r
  end\r
\r
  def help(plugin, topic="")\r
    case topic\r
    when /^login/\r
      return "login [<botuser>] [<pass>]: logs in to the bot as botuser <botuser> with password <pass>. <pass> can be omitted if <botuser> allows login-by-mask and your netmask is among the known ones. if <botuser> is omitted too autologin will be attempted"\r
    when /^whoami/\r
      return "whoami: names the botuser you're linked to"\r
    when /^permission syntax/\r
      return "A permission is specified as module::path::to::cmd; when you want to enable it, prefix it with +; when you want to disable it, prefix it with -; when using the +reset+ command, do not use any prefix"\r
    when /^permission/\r
      return "permissions (re)set <permission> [in <channel>] for <user>: sets or resets the permissions for botuser <user> in channel <channel> (use ? to change the permissions for private addressing)"\r
    when /^user show/\r
      return "user show <what> : shows info about the user; <what> can be any of autologin, login-by-mask, netmasks"\r
    when /^user (en|dis)able/\r
      return "user enable|disable <what> : turns on or off <what> (autologin, login-by-mask)"\r
    when /^user set/\r
      return "user set password <blah> : sets the user password to <blah>; passwords can only contain upper and lowercase letters and numbers, and must be at least 4 characters long"\r
    when /^user (add|rm)/\r
      return "user add|rm netmask <mask> : adds/removes netmask <mask> from the list of netmasks known to the botuser you're linked to"\r
    when /^user reset/\r
      return "user reset <what> : resets <what> to the default values. <what> can be +netmasks+ (the list will be emptied), +autologin+ or +login-by-mask+ (will be reset to the default value) or +password+ (a new one will be generated and you'll be told in private)"\r
    when /^user tell/\r
      return "user tell <who> the password for <botuser> : contacts <who> in private to tell him/her the password for <botuser>"\r
    when /^user create/\r
      return "user create <name> <password> : create botuser named <name> with password <password>. The password can be omitted, in which case a random one will be generated. The <name> should only contain alphanumeric characters and the underscore (_)"\r
    when /^user list/\r
      return "user list : lists all the botusers"\r
    when /^user destroy/\r
      return "user destroy <botuser> <password> : destroys <botuser>; this function #{Bold}must#{Bold} be called in two steps. On the first call, no password must be specified: <botuser> is then queued for destruction. On the second call, you must specify the correct password for <botuser>, and it will be destroyed. If you want to cancel the destruction, issue the command +user cancel destroy <botuser>+"\r
    when /^user/\r
      return "user show, enable|disable, add|rm netmask, set, reset, tell, create, list, destroy"\r
    else\r
      return "#{name}: login, whoami, permission syntax, permissions, user"\r
    end\r
  end\r
\r
  def need_args(cmd)\r
    "sorry, I need more arguments to #{cmd}"\r
  end\r
\r
  def not_args(cmd, *stuff)\r
    "I can only #{cmd} these: #{stuff.join(', ')}"\r
  end\r
\r
  def set_prop(botuser, prop, val)\r
    k = prop.to_s.gsub("-","_")\r
    botuser.send( (k + "=").to_sym, val)\r
  end\r
\r
  def reset_prop(botuser, prop)\r
    k = prop.to_s.gsub("-","_")\r
    botuser.send( ("reset_"+k).to_sym)\r
  end\r
\r
  def ask_bool_prop(botuser, prop)\r
    k = prop.to_s.gsub("-","_")\r
    botuser.send( (k + "?").to_sym)\r
  end\r
\r
  def auth_manage_user(m, params)\r
    splits = params[:data]\r
\r
    cmd = splits.first\r
    return auth_whoami(m, params) if cmd.nil?\r
\r
    botuser = get_botuser_for(m.source)\r
    # By default, we do stuff on the botuser the irc user is bound to\r
    butarget = botuser\r
\r
    has_for = splits[-2] == "for"\r
    butarget = @bot.auth.get_botuser(splits[-1]) if has_for\r
    return m.reply "you can't mess with #{butarget.username}" if butarget == @bot.auth.botowner && botuser != butarget\r
    splits.slice!(-2,2) if has_for\r
\r
    bools = [:autologin, :"login-by-mask"]\r
    can_set = [:password]\r
    can_addrm = [:netmasks]\r
    can_reset = bools + can_set + can_addrm\r
\r
    case cmd.to_sym\r
\r
    when :show\r
      return "you can't see the properties of #{butarget.username}" if botuser != butarget and !botuser.permit?("auth::show::other")\r
\r
      case splits[1]\r
      when nil, "all"\r
        props = can_reset\r
      when "password"\r
        if botuser != butarget\r
          return m.reply "no way I'm telling you the master password!" if butarget == @bot.auth.botowner\r
          return m.reply "you can't ask for someone else's password"\r
        end\r
        return m.reply "c'mon, you can't be asking me seriously to tell you the password in public!" if m.public?\r
        return m.reply "the password for #{butarget.username} is #{butarget.password}"\r
      else\r
        props = splits[1..-1]\r
      end\r
\r
      str = []\r
\r
      props.each { |arg|\r
        k = arg.to_sym\r
        next if k == :password\r
        case k\r
        when *bools\r
          str << "can"\r
          str.last << "not" unless ask_bool_prop(butarget, k)\r
          str.last << " #{k}"\r
        when :netmasks\r
          str << "knows "\r
          if butarget.netmasks.empty?\r
            str.last << "no netmasks"\r
          else\r
            str.last << butarget.netmasks.join(", ")\r
          end\r
        end\r
      }\r
      return m.reply "#{butarget.username} #{str.join('; ')}"\r
\r
    when :enable, :disable\r
      return m.reply "you can't change the default user" if butarget == @bot.auth.everyone and !botuser.permit?("auth::edit::other::default")\r
      return m.reply "you can't edit #{butarget.username}" if butarget != botuser and !botuser.permit?("auth::edit::other")\r
\r
      return m.reply need_args(cmd) unless splits[1]\r
      things = []\r
      skipped = []\r
      splits[1..-1].each { |a|\r
        arg = a.to_sym\r
        if bools.include?(arg)\r
          set_prop(butarget, arg, cmd.to_sym == :enable)\r
          things << a\r
        else\r
          skipped << a\r
        end\r
      }\r
\r
      m.reply "I ignored #{skipped.join(', ')} because " + not_args(cmd, *bools) unless skipped.empty?\r
      if things.empty?\r
        m.reply "I haven't changed anything"\r
      else\r
        @bot.auth.set_changed\r
        return auth_manage_user(m, {:data => ["show"] + things })\r
      end\r
\r
    when :set\r
      return m.reply "you can't change the default user" if butarget == @bot.auth.everyone and !botuser.permit?("auth::edit::default")\r
      return m.reply "you can't edit #{butarget.username}" if butarget != botuser and !botuser.permit?("auth::edit::other")\r
\r
      return m.reply need_args(cmd) unless splits[1]\r
      arg = splits[1].to_sym\r
      return m.reply not_args(cmd, *can_set) unless can_set.include?(arg)\r
      argarg = splits[2]\r
      return m.reply need_args([cmd, splits[1]].join(" ")) unless argarg\r
      if arg == :password && m.public?\r
        return m.reply "is that a joke? setting the password in public?"\r
      end\r
      set_prop(butarget, arg, argarg)\r
      @bot.auth.set_changed\r
      auth_manage_user(m, {:data => ["show", arg] })\r
\r
    when :reset\r
      return m.reply "you can't change the default user" if butarget == @bot.auth.everyone and !botuser.permit?("auth::edit::default")\r
      return m.reply "you can't edit #{butarget.username}" if butarget != botuser and !botuser.permit?("auth::edit::other")\r
\r
      return m.reply need_args(cmd) unless splits[1]\r
      things = []\r
      skipped = []\r
      splits[1..-1].each { |a|\r
        arg = a.to_sym\r
        if can_reset.include?(arg)\r
          reset_prop(butarget, arg)\r
          things << a\r
        else\r
          skipped << a\r
        end\r
      }\r
\r
      m.reply "I ignored #{skipped.join(', ')} because " + not_args(cmd, *can_reset) unless skipped.empty?\r
      if things.empty?\r
        m.reply "I haven't changed anything"\r
      else\r
        @bot.auth.set_changed\r
        @bot.say m.source, "the password for #{butarget.username} is now #{butarget.password}" if things.include?("password")\r
        return auth_manage_user(m, {:data => ["show"] + things - ["password"]})\r
      end\r
\r
    when :add, :rm, :remove, :del, :delete\r
      return m.reply "you can't change the default user" if butarget == @bot.auth.everyone and !botuser.permit?("auth::edit::default")\r
      return m.reply "you can't edit #{butarget.username}" if butarget != botuser and !botuser.permit?("auth::edit::other")\r
\r
      arg = splits[1]\r
      if arg.nil? or arg !~ /netmasks?/ or splits[2].nil?\r
        return m.reply "I can only add/remove netmasks. See +help user add+ for more instructions"\r
      end\r
\r
      method = cmd.to_sym == :add ? :add_netmask : :delete_netmask\r
\r
      failed = []\r
\r
      splits[2..-1].each { |mask|\r
        begin\r
          butarget.send(method, mask.to_irc_netmask(:server => @bot.server))\r
        rescue\r
          failed << mask\r
        end\r
      }\r
      m.reply "I failed to #{cmd} #{failed.join(', ')}" unless failed.empty?\r
      @bot.auth.set_changed\r
      return auth_manage_user(m, {:data => ["show", "netmasks"] })\r
\r
    else\r
      m.reply "sorry, I don't know how to #{m.message}"\r
    end\r
  end\r
\r
  def auth_tell_password(m, params)\r
    user = params[:user]\r
    begin\r
      botuser = @bot.auth.get_botuser(params[:botuser])\r
    rescue\r
      return m.reply "coudln't find botuser #{params[:botuser]})"\r
    end\r
    m.reply "I'm not telling the master password to anyway, pal" if botuser == @bot.auth.botowner\r
    msg = "the password for botuser #{botuser.username} is #{botuser.password}"\r
    @bot.say user, msg\r
    @bot.say m.source, "I told #{user} that " + msg\r
  end\r
\r
  def auth_create_user(m, params)\r
    name = params[:name]\r
    password = params[:password]\r
    return m.reply "are you nuts, creating a botuser with a publicly known password?" if m.public? and not password.nil?\r
    begin\r
      bu = @bot.auth.create_botuser(name, password)\r
      @bot.auth.set_changed\r
    rescue => e\r
      return m.reply "Failed to create #{name}: #{e}"\r
      debug e.inspect + "\n" + e.backtrace.join("\n")\r
    end\r
    m.reply "Created botuser #{bu.username}"\r
  end\r
\r
  def auth_list_users(m, params)\r
    # TODO name regexp to filter results\r
    list = @bot.auth.save_array.inject([]) { |list, x| list << x[:username] } - ['everyone', 'owner']\r
    if defined?(@destroy_q)\r
      list.map! { |x|\r
        @destroy_q.include?(x) ? x + " (queued for destruction)" : x\r
      }\r
    end\r
    return m.reply "I have no botusers other than the default ones" if list.empty?\r
    return m.reply "Botuser#{'s' if list.length > 1}: #{list.join(', ')}"\r
  end\r
\r
  def auth_destroy_user(m, params)\r
    @destroy_q = [] unless defined?(@destroy_q)\r
    buname = params[:name]\r
    returm m.reply "You can't destroy #{buname}" if ["everyone", "owner"].include?(buname)\r
    cancel = m.message.split[1] == 'cancel'\r
    password = params[:password]\r
    buser_array = @bot.auth.save_array\r
    buser_hash = buser_array.inject({}) { |h, u|\r
      h[u[:username]] = u\r
      h\r
    }\r
\r
    return m.reply "No such botuser #{buname}" unless buser_hash.keys.include?(buname)\r
\r
    if cancel\r
      if @destroy_q.include?(buname)\r
        @destroy_q.delete(buname)\r
        m.reply "#{buname} removed from the destruction queue"\r
      else\r
        m.reply "#{buname} was not queued for destruction"\r
      end\r
      return\r
    end\r
\r
    if password.nil?\r
      if @destroy_q.include?(buname)\r
        rep = "#{buname} already queued for destruction"\r
      else\r
        @destroy_q << buname\r
        rep = "#{buname} queued for destruction"\r
      end\r
      return m.reply rep + ", use #{Bold}user destroy #{buname} <password>#{Bold} to destroy it"\r
    else\r
      begin\r
        return m.reply "#{buname} is not queued for destruction yet" unless @destroy_q.include?(buname)\r
        return m.reply "wrong password for #{buname}" unless buser_hash[buname][:password] == password\r
        buser_array.delete_if { |u|\r
          u[:username] == buname\r
        }\r
        @destroy_q.delete(buname)\r
        @bot.auth.load_array(buser_array, true)\r
      rescue => e\r
        return m.reply "failed: #{e}"\r
      end\r
      return m.reply "user #{buname} destroyed"\r
    end\r
\r
  end\r
\r
end\r
\r
auth = AuthModule.new\r
\r
auth.map "user create :name :password",\r
  :action => 'auth_create_user',\r
  :defaults => {:password => nil},\r
  :auth_path => 'user::manage::create!'\r
\r
auth.map "user cancel destroy :name :password",\r
  :action => 'auth_destroy_user',\r
  :defaults => { :password => nil },\r
  :auth_path => 'user::manage::destroy::cancel!'\r
\r
auth.map "user destroy :name :password",\r
  :action => 'auth_destroy_user',\r
  :defaults => { :password => nil },\r
  :auth_path => 'user::manage::destroy!'\r
\r
auth.default_auth("user::manage", false)\r
\r
auth.map "user tell :user the password for :botuser",\r
  :action => 'auth_tell_password',\r
  :auth_path => 'user::tell'\r
\r
auth.map "user list",\r
  :action => 'auth_list_users',\r
  :auth_path => 'user::list!'\r
\r
auth.map "user *data",\r
  :action => 'auth_manage_user'\r
\r
auth.default_auth("user", true)\r
auth.default_auth("edit::other", false)\r
\r
auth.map "whoami",\r
  :action => 'auth_whoami',\r
  :auth_path => '!*!'\r
\r
auth.map "login :botuser :password",\r
  :action => 'auth_login',\r
  :public => false,\r
  :defaults => { :password => nil },\r
  :auth_path => '!login!'\r
\r
auth.map "login :botuser",\r
  :action => 'auth_login',\r
  :auth_path => '!login!'\r
\r
auth.map "login",\r
  :action => 'auth_autologin',\r
  :auth_path => '!login!'\r
\r
auth.map "permissions set *args for :user",\r
  :action => 'auth_set',\r
  :auth_path => ':edit::set:'\r
\r
auth.map "permissions reset *args for :user",\r
  :action => 'auth_reset',\r
  :auth_path => ':edit::reset:'\r
\r
auth.default_auth('*', false)\r
\r