After changing a botuser setting, the settings for the issuing botuser were displayed...

[user/henk/code/ruby/rbot.git] / lib / rbot / core / auth.rb

#-- vim:sw=2:et\r
#++\r
\r
\r
class AuthModule < CoreBotModule\r
\r
  def initialize\r
    super\r
    load_array(:default, true)\r
    debug "initialized auth. Botusers: #{@bot.auth.save_array.inspect}"\r
  end\r
\r
  def save\r
    save_array\r
  end\r
\r
  def save_array(key=:default)\r
    if @bot.auth.changed?\r
      @registry[key] = @bot.auth.save_array\r
      @bot.auth.reset_changed\r
      debug "saved botusers (#{key}): #{@registry[key].inspect}"\r
    end\r
  end\r
\r
  def load_array(key=:default, forced=false)\r
    debug "loading botusers (#{key}): #{@registry[key].inspect}"\r
    @bot.auth.load_array(@registry[key], forced) if @registry.has_key?(key)\r
  end\r
\r
  # The permission parameters accept arguments with the following syntax:\r
  #   cmd_path... [on #chan .... | in here | in private]\r
  # This auxiliary method scans the array _ar_ to see if it matches\r
  # the given syntax: it expects + or - signs in front of _cmd_path_\r
  # elements when _setting_ = true\r
  #\r
  # It returns an array whose first element is the array of cmd_path,\r
  # the second element is an array of locations and third an array of\r
  # warnings occurred while parsing the strings\r
  #\r
  def parse_args(ar, setting)\r
    cmds = []\r
    locs = []\r
    warns = []\r
    doing_cmds = true\r
    next_must_be_chan = false\r
    want_more = false\r
    last_idx = 0\r
    ar.each_with_index { |x, i|\r
      if doing_cmds # parse cmd_path\r
        # check if the list is done\r
        if x == "on" or x == "in"\r
          doing_cmds = false\r
          next_must_be_chan = true if x == "on"\r
          next\r
        end\r
        if "+-".include?(x[0])\r
          warns << ArgumentError("please do not use + or - in front of command #{x} when resetting") unless setting\r
        else\r
          warns << ArgumentError("+ or - expected in front of #{x}") if setting\r
        end\r
        cmds << x\r
      else # parse locations\r
        if x[-1].chr == ','\r
          want_more = true\r
        else\r
          want_more = false\r
        end\r
        case next_must_be_chan\r
        when false\r
          locs << x.gsub(/^here$/,'_').gsub(/^private$/,'?')\r
        else\r
          warns << ArgumentError("#{x} doesn't look like a channel name") unless @bot.server.supports[:chantypes].include?(x[0])\r
          locs << x\r
        end\r
        unless wants_more\r
          last_idx = i\r
          break\r
        end\r
      end\r
    }\r
    warns << "trailing comma" if wants_more\r
    warns << "you probably forgot a comma" unless last_idx == ar.length - 1\r
    return cmds, locs, warns\r
  end\r
\r
  def auth_set(m, params)\r
    cmds, locs, warns = parse_args(params[:args])\r
    errs = warns.select { |w| w.kind_of?(Exception) }\r
    unless errs.empty?\r
      m.reply "couldn't satisfy your request: #{errs.join(',')}"\r
      return\r
    end\r
    user = params[:user].sub(/^all$/,"everyone")\r
    begin\r
      bu = @bot.auth.get_botuser(user)\r
    rescue\r
      return m.reply("couldn't find botuser #{user}")\r
    end\r
    if locs.empty?\r
      locs << "*"\r
    end\r
    begin\r
      locs.each { |loc|\r
        ch = loc\r
        if m.private?\r
          ch = "?" if loc == "_"\r
        else\r
          ch = m.target.to_s if loc == "_"\r
        end\r
        cmds.each { |setval|\r
          val = setval[0].chr == '+'\r
          cmd = setval[1..-1]\r
          bu.set_permission(cmd, val, ch)\r
        }\r
      }\r
    rescue => e\r
      m.reply "something went wrong while trying to set the permissions"\r
      raise\r
    end\r
    @bot.auth.set_changed\r
    debug "user #{user} permissions changed"\r
    m.reply "ok, #{user} now also has permissions #{params[:args].join(' ')}"\r
  end\r
\r
  def get_botuser_for(user)\r
    @bot.auth.irc_to_botuser(user)\r
  end\r
\r
  def get_botusername_for(user)\r
    get_botuser_for(user).username\r
  end\r
\r
  def welcome(user)\r
    "welcome, #{get_botusername_for(user)}"\r
  end\r
\r
  def auth_login(m, params)\r
    begin\r
      case @bot.auth.login(m.source, params[:botuser], params[:password])\r
      when true\r
        m.reply welcome(m.source)\r
        @bot.auth.set_changed\r
      else\r
        m.reply "sorry, can't do"\r
      end\r
    rescue => e\r
      m.reply "couldn't login: #{e}"\r
      raise\r
    end\r
  end\r
\r
  def auth_autologin(m, params)\r
    u = do_autologin(m.source)\r
    case u.username\r
    when 'everyone'\r
      m.reply "I couldn't find anything to let you login automatically"\r
    else\r
      m.reply welcome(m.source)\r
    end\r
  end\r
\r
  def do_autologin(user)\r
    @bot.auth.autologin(user)\r
  end\r
\r
  def auth_whoami(m, params)\r
    rep = ""\r
    # if m.public?\r
    #   rep << m.source.nick << ", "\r
    # end\r
    rep << "you are "\r
    rep << get_botusername_for(m.source).gsub(/^everyone$/, "no one that I know").gsub(/^owner$/, "my boss")\r
    m.reply rep\r
  end\r
\r
  def help(plugin, topic="")\r
    case topic\r
    when /^login/\r
      return "login [<botuser>] [<pass>]: logs in to the bot as botuser <botuser> with password <pass>. When using the full form, you must contact the bot in private. <pass> can be omitted if <botuser> allows login-by-mask and your netmask is among the known ones. if <botuser> is omitted too autologin will be attempted"\r
    when /^whoami/\r
      return "whoami: names the botuser you're linked to"\r
    when /^permission syntax/\r
      return "a permission is specified as module::path::to::cmd; when you want to enable it, prefix it with +; when you want to disable it, prefix it with -; when using the +reset+ command, do not use any prefix"\r
    when /^permission/\r
      return "permissions (re)set <permission> [in <channel>] for <user>: sets or resets the permissions for botuser <user> in channel <channel> (use ? to change the permissions for private addressing)"\r
    when /^user show/\r
      return "user show <what> : shows info about the user; <what> can be any of autologin, login-by-mask, netmasks"\r
    when /^user (en|dis)able/\r
      return "user enable|disable <what> : turns on or off <what> (autologin, login-by-mask)"\r
    when /^user set/\r
      return "user set password <blah> : sets the user password to <blah>; passwords can only contain upper and lowercase letters and numbers, and must be at least 4 characters long"\r
    when /^user (add|rm)/\r
      return "user add|rm netmask <mask> : adds/removes netmask <mask> from the list of netmasks known to the botuser you're linked to"\r
    when /^user reset/\r
      return "user reset <what> : resets <what> to the default values. <what> can be +netmasks+ (the list will be emptied), +autologin+ or +login-by-mask+ (will be reset to the default value) or +password+ (a new one will be generated and you'll be told in private)"\r
    when /^user tell/\r
      return "user tell <who> the password for <botuser> : contacts <who> in private to tell him/her the password for <botuser>"\r
    when /^user create/\r
      return "user create <name> <password> : create botuser named <name> with password <password>. The password can be omitted, in which case a random one will be generated. The <name> should only contain alphanumeric characters and the underscore (_)"\r
    when /^user list/\r
      return "user list : lists all the botusers"\r
    when /^user destroy/\r
      return "user destroy <botuser> <password> : destroys <botuser>; this function #{Bold}must#{Bold} be called in two steps. On the first call, no password must be specified: <botuser> is then queued for destruction. On the second call, you must specify the correct password for <botuser>, and it will be destroyed. If you want to cancel the destruction, issue the command +user cancel destroy <botuser>+"\r
    when /^user/\r
      return "user show, enable|disable, add|rm netmask, set, reset, tell, create, list, destroy"\r
    else\r
      return "#{name}: login, whoami, permission syntax, permissions, user"\r
    end\r
  end\r
\r
  def need_args(cmd)\r
    "sorry, I need more arguments to #{cmd}"\r
  end\r
\r
  def not_args(cmd, *stuff)\r
    "I can only #{cmd} these: #{stuff.join(', ')}"\r
  end\r
\r
  def set_prop(botuser, prop, val)\r
    k = prop.to_s.gsub("-","_")\r
    botuser.send( (k + "=").to_sym, val)\r
  end\r
\r
  def reset_prop(botuser, prop)\r
    k = prop.to_s.gsub("-","_")\r
    botuser.send( ("reset_"+k).to_sym)\r
  end\r
\r
  def ask_bool_prop(botuser, prop)\r
    k = prop.to_s.gsub("-","_")\r
    botuser.send( (k + "?").to_sym)\r
  end\r
\r
  def auth_manage_user(m, params)\r
    splits = params[:data]\r
\r
    cmd = splits.first\r
    return auth_whoami(m, params) if cmd.nil?\r
\r
    botuser = get_botuser_for(m.source)\r
    # By default, we do stuff on the botuser the irc user is bound to\r
    butarget = botuser\r
\r
    has_for = splits[-2] == "for"\r
    butarget = @bot.auth.get_botuser(splits[-1]) if has_for\r
    return m.reply("you can't mess with #{butarget.username}") if butarget == @bot.auth.botowner && botuser != butarget\r
    splits.slice!(-2,2) if has_for\r
\r
    bools = [:autologin, :"login-by-mask"]\r
    can_set = [:password]\r
    can_addrm = [:netmasks]\r
    can_reset = bools + can_set + can_addrm\r
\r
    case cmd.to_sym\r
\r
    when :show\r
      return "you can't see the properties of #{butarget.username}" if botuser != butarget and !botuser.permit?("auth::show::other")\r
\r
      case splits[1]\r
      when nil, "all"\r
        props = can_reset\r
      when "password"\r
        if botuser != butarget\r
          return m.reply("no way I'm telling you the master password!") if butarget == @bot.auth.botowner\r
          return m.reply("you can't ask for someone else's password")\r
        end\r
        return m.reply("c'mon, you can't be asking me seriously to tell you the password in public!") if m.public?\r
        return m.reply("the password for #{butarget.username} is #{butarget.password}")\r
      else\r
        props = splits[1..-1]\r
      end\r
\r
      str = []\r
\r
      props.each { |arg|\r
        k = arg.to_sym\r
        next if k == :password\r
        case k\r
        when *bools\r
          str << "can"\r
          str.last << "not" unless ask_bool_prop(butarget, k)\r
          str.last << " #{k}"\r
        when :netmasks\r
          str << "knows "\r
          if butarget.netmasks.empty?\r
            str.last << "no netmasks"\r
          else\r
            str.last << butarget.netmasks.join(", ")\r
          end\r
        end\r
      }\r
      return m.reply("#{butarget.username} #{str.join('; ')}")\r
\r
    when :enable, :disable\r
      return m.reply("you can't change the default user") if butarget == @bot.auth.everyone and !botuser.permit?("auth::edit::other::default")\r
      return m.reply("you can't edit #{butarget.username}") if butarget != botuser and !botuser.permit?("auth::edit::other")\r
\r
      return m.reply(need_args(cmd)) unless splits[1]\r
      things = []\r
      skipped = []\r
      splits[1..-1].each { |a|\r
        arg = a.to_sym\r
        if bools.include?(arg)\r
          set_prop(butarget, arg, cmd.to_sym == :enable)\r
          things << a\r
        else\r
          skipped << a\r
        end\r
      }\r
\r
      m.reply "I ignored #{skipped.join(', ')} because " + not_args(cmd, *bools) unless skipped.empty?\r
      if things.empty?\r
        m.reply "I haven't changed anything"\r
      else\r
        @bot.auth.set_changed\r
        return auth_manage_user(m, {:data => ["show"] + things + ["for", butarget.username] })\r
      end\r
\r
    when :set\r
      return m.reply("you can't change the default user") if butarget == @bot.auth.everyone and !botuser.permit?("auth::edit::default")\r
      return m.reply("you can't edit #{butarget.username}") if butarget != botuser and !botuser.permit?("auth::edit::other")\r
\r
      return m.reply(need_args(cmd)) unless splits[1]\r
      arg = splits[1].to_sym\r
      return m.reply(not_args(cmd, *can_set)) unless can_set.include?(arg)\r
      argarg = splits[2]\r
      return m.reply(need_args([cmd, splits[1]].join(" "))) unless argarg\r
      if arg == :password && m.public?\r
        return m.reply("is that a joke? setting the password in public?")\r
      end\r
      set_prop(butarget, arg, argarg)\r
      @bot.auth.set_changed\r
      auth_manage_user(m, {:data => ["show", arg, "for", butarget.username] })\r
\r
    when :reset\r
      return m.reply("you can't change the default user") if butarget == @bot.auth.everyone and !botuser.permit?("auth::edit::default")\r
      return m.reply("you can't edit #{butarget.username}") if butarget != botuser and !botuser.permit?("auth::edit::other")\r
\r
      return m.reply(need_args(cmd)) unless splits[1]\r
      things = []\r
      skipped = []\r
      splits[1..-1].each { |a|\r
        arg = a.to_sym\r
        if can_reset.include?(arg)\r
          reset_prop(butarget, arg)\r
          things << a\r
        else\r
          skipped << a\r
        end\r
      }\r
\r
      m.reply "I ignored #{skipped.join(', ')} because " + not_args(cmd, *can_reset) unless skipped.empty?\r
      if things.empty?\r
        m.reply "I haven't changed anything"\r
      else\r
        @bot.auth.set_changed\r
        @bot.say m.source, "the password for #{butarget.username} is now #{butarget.password}" if things.include?("password")\r
        return auth_manage_user(m, {:data => (["show"] + things - ["password"]) + ["for", butarget.username]})\r
      end\r
\r
    when :add, :rm, :remove, :del, :delete\r
      return m.reply("you can't change the default user") if butarget == @bot.auth.everyone and !botuser.permit?("auth::edit::default")\r
      return m.reply("you can't edit #{butarget.username}") if butarget != botuser and !botuser.permit?("auth::edit::other")\r
\r
      arg = splits[1]\r
      if arg.nil? or arg !~ /netmasks?/ or splits[2].nil?\r
        return m.reply("I can only add/remove netmasks. See +help user add+ for more instructions")\r
      end\r
\r
      method = cmd.to_sym == :add ? :add_netmask : :delete_netmask\r
\r
      failed = []\r
\r
      splits[2..-1].each { |mask|\r
        begin\r
          butarget.send(method, mask.to_irc_netmask(:server => @bot.server))\r
        rescue\r
          failed << mask\r
        end\r
      }\r
      m.reply "I failed to #{cmd} #{failed.join(', ')}" unless failed.empty?\r
      @bot.auth.set_changed\r
      return auth_manage_user(m, {:data => ["show", "netmasks", "for", butarget.username] })\r
\r
    else\r
      m.reply "sorry, I don't know how to #{m.message}"\r
    end\r
  end\r
\r
  def auth_tell_password(m, params)\r
    user = params[:user]\r
    begin\r
      botuser = @bot.auth.get_botuser(params[:botuser])\r
    rescue\r
      return m.reply("coudln't find botuser #{params[:botuser]})")\r
    end\r
    m.reply "I'm not telling the master password to anyway, pal" if botuser == @bot.auth.botowner\r
    msg = "the password for botuser #{botuser.username} is #{botuser.password}"\r
    @bot.say user, msg\r
    @bot.say m.source, "I told #{user} that " + msg\r
  end\r
\r
  def auth_create_user(m, params)\r
    name = params[:name]\r
    password = params[:password]\r
    return m.reply("are you nuts, creating a botuser with a publicly known password?") if m.public? and not password.nil?\r
    begin\r
      bu = @bot.auth.create_botuser(name, password)\r
      @bot.auth.set_changed\r
    rescue => e\r
      m.reply "failed to create #{name}: #{e}"\r
      debug e.inspect + "\n" + e.backtrace.join("\n")\r
      return\r
    end\r
    m.reply "created botuser #{bu.username}"\r
  end\r
\r
  def auth_list_users(m, params)\r
    # TODO name regexp to filter results\r
    list = @bot.auth.save_array.inject([]) { |list, x| list << x[:username] } - ['everyone', 'owner']\r
    if defined?(@destroy_q)\r
      list.map! { |x|\r
        @destroy_q.include?(x) ? x + " (queued for destruction)" : x\r
      }\r
    end\r
    return m.reply("I have no botusers other than the default ones") if list.empty?\r
    return m.reply("botuser#{'s' if list.length > 1}: #{list.join(', ')}")\r
  end\r
\r
  def auth_destroy_user(m, params)\r
    @destroy_q = [] unless defined?(@destroy_q)\r
    buname = params[:name]\r
    return m.reply("You can't destroy #{buname}") if ["everyone", "owner"].include?(buname)\r
    cancel = m.message.split[1] == 'cancel'\r
    password = params[:password]\r
\r
    buser_array = @bot.auth.save_array\r
    buser_hash = buser_array.inject({}) { |h, u|\r
      h[u[:username]] = u\r
      h\r
    }\r
\r
    return m.reply("no such botuser #{buname}") unless buser_hash.keys.include?(buname)\r
\r
    if cancel\r
      if @destroy_q.include?(buname)\r
        @destroy_q.delete(buname)\r
        m.reply "#{buname} removed from the destruction queue"\r
      else\r
        m.reply "#{buname} was not queued for destruction"\r
      end\r
      return\r
    end\r
\r
    if password.nil?\r
      if @destroy_q.include?(buname)\r
        rep = "#{buname} already queued for destruction"\r
      else\r
        @destroy_q << buname\r
        rep = "#{buname} queued for destruction"\r
      end\r
      return m.reply(rep + ", use #{Bold}user destroy #{buname} <password>#{Bold} to destroy it")\r
    else\r
      begin\r
        return m.reply("#{buname} is not queued for destruction yet") unless @destroy_q.include?(buname)\r
        return m.reply("wrong password for #{buname}") unless buser_hash[buname][:password] == password\r
        buser_array.delete_if { |u|\r
          u[:username] == buname\r
        }\r
        @destroy_q.delete(buname)\r
        @bot.auth.load_array(buser_array, true)\r
        @bot.auth.set_changed\r
      rescue => e\r
        return m.reply("failed: #{e}")\r
      end\r
      return m.reply("botuser #{buname} destroyed")\r
    end\r
\r
  end\r
\r
  def auth_copy_ren_user(m, params)\r
    source = Auth::BotUser.sanitize_username(params[:source])\r
    dest = Auth::BotUser.sanitize_username(params[:dest])\r
    return m.reply("please don't touch the default users") if (["everyone", "owner"] | [source, dest]).length < 4\r
\r
    buser_array = @bot.auth.save_array\r
    buser_hash = buser_array.inject({}) { |h, u|\r
      h[u[:username]] = u\r
      h\r
    }\r
\r
    return m.reply("no such botuser #{source}") unless buser_hash.keys.include?(source)\r
    return m.reply("botuser #{dest} exists already") if buser_hash.keys.include?(dest)\r
\r
    copying = m.message.split[1] == "copy"\r
    begin\r
      if copying\r
        h = buser_hash[source].dup \r
      else\r
        h = buser_hash[source]\r
      end\r
      h[:username] = dest\r
      buser_array << h if copying\r
\r
      @bot.auth.load_array(buser_array, true)\r
      @bot.auth.set_changed\r
    rescue => e\r
      return m.reply("failed: #{e}")\r
    end\r
    return m.reply("botuser #{source} copied to #{dest}") if copying\r
    return m.reply("botuser #{source} renamed to #{dest}")\r
\r
  end\r
\r
end\r
\r
auth = AuthModule.new\r
\r
auth.map "user create :name :password",\r
  :action => 'auth_create_user',\r
  :defaults => {:password => nil},\r
  :auth_path => 'user::manage::create!'\r
\r
auth.map "user cancel destroy :name :password",\r
  :action => 'auth_destroy_user',\r
  :defaults => { :password => nil },\r
  :auth_path => 'user::manage::destroy::cancel!'\r
\r
auth.map "user destroy :name :password",\r
  :action => 'auth_destroy_user',\r
  :defaults => { :password => nil },\r
  :auth_path => 'user::manage::destroy!'\r
\r
auth.map "user copy :source :dest",\r
  :action => 'auth_copy_ren_user',\r
  :auth_path => 'user::manage::copy!'\r
\r
auth.map "user rename :source :dest",\r
  :action => 'auth_copy_ren_user',\r
  :auth_path => 'user::manage::rename!'\r
\r
auth.default_auth("user::manage", false)\r
\r
auth.map "user tell :user the password for :botuser",\r
  :action => 'auth_tell_password',\r
  :auth_path => 'user::tell'\r
\r
auth.map "user list",\r
  :action => 'auth_list_users',\r
  :auth_path => 'user::list!'\r
\r
auth.map "user *data",\r
  :action => 'auth_manage_user'\r
\r
auth.default_auth("user", true)\r
auth.default_auth("edit::other", false)\r
\r
auth.map "whoami",\r
  :action => 'auth_whoami',\r
  :auth_path => '!*!'\r
\r
auth.map "login :botuser :password",\r
  :action => 'auth_login',\r
  :public => false,\r
  :defaults => { :password => nil },\r
  :auth_path => '!login!'\r
\r
auth.map "login :botuser",\r
  :action => 'auth_login',\r
  :auth_path => '!login!'\r
\r
auth.map "login",\r
  :action => 'auth_autologin',\r
  :auth_path => '!login!'\r
\r
auth.map "permissions set *args for :user",\r
  :action => 'auth_set',\r
  :auth_path => ':edit::set:'\r
\r
auth.map "permissions reset *args for :user",\r
  :action => 'auth_reset',\r
  :auth_path => ':edit::reset:'\r
\r
auth.default_auth('*', false)\r
\r