# Copyright:: Copyright (c) 2006 Giuseppe Bilotta\r
# License:: GPLv2\r
\r
-#--\r
-#####\r
-####\r
-### Discussion on IRC on how to implement it\r
-##\r
-#\r
-# <tango_> a. do we want user groups together with users?\r
-# <markey> hmm\r
-# <markey> let me think about it\r
-# <markey> generally I would say: as simple as possible while keeping it as flexible as need be\r
-# <tango_> I think we can put user groups in place afterwards if we build the structure right\r
-# <markey> prolly, yes\r
-# <tango_> so\r
-# <tango_> each plugin registers a name\r
-# <tango_> so rather than auth level we have +name -name\r
-# <markey> yes\r
-# <markey> much better\r
-# <tango_> the default is +name for every plugin, except when the plugin tells otherwise\r
-# <markey> although.. \r
-# <markey> if I only want to allow you access to one plugin\r
-# <markey> I have lots of typing to do\r
-# <tango_> nope\r
-# <tango_> we allow things like -*\r
-# <markey> ok\r
-# <tango_> and + has precedence\r
-# <tango_> hm no, not good either\r
-# <tango_> because we want bot -* +onething and +* -onething to work\r
-# <markey> but then: one plugin currently can have several levels, no?\r
-# <tango_> of course\r
-# <markey> commandedit, commanddel, commandfoo\r
-# <tango_> name.command ?\r
-# <markey> yep\r
-# <tango_> (then you can't have dots in commands\r
-# <tango_> maybe name:command\r
-# <markey> or name::comand\r
-# <markey> like a namespace\r
-# <tango_> ehehehe yeah I like it :)\r
-# <tango_> tel\r
-# <tango_> brb\r
-# <markey> usermod setcaps eean -*\r
-# <markey> usermod setcaps eean +quiz::edit\r
-# <markey> great\r
-# <markey> or even\r
-# <markey> auth eean -*, +quiz::edit\r
-# <markey> awesome\r
-# <markey> auth eean -*, +quiz::edit, +command, -command::del\r
-# <tango_> yes\r
-# <markey> you know, the default should be -*\r
-# <markey> because\r
-# <markey> in the time between adding the user and changing auth\r
-# <markey> it's insecure\r
-# <markey> user could do havoc\r
-# <markey> useradd eean, then eean does "~quit", before I change auth\r
-# <tango_> nope\r
-# <markey> perhaps we should allow combining useradd with auth\r
-# <tango_> the default should be +* -important stuff\r
-# <markey> ok\r
-# <tango_> how to specify channel stuff?\r
-# <markey> for one, when you issue the command on the channel itself\r
-# <markey> then it's channel relative\r
-# <markey> perhaps\r
-# <markey> or\r
-# <tango_> yes but I was thinking more about the syntax\r
-# <markey> auth eean #rbot -quiz\r
-# <tango_> hm\r
-# <markey> or maybe: treat channels like users: auth #rbot -quiz\r
-# <markey> would shut up quiz in #rbot\r
-# <markey> hm\r
-# <markey> heh\r
-# <tango_> auth * #rbot -quiz\r
-# <markey> not sure I'm making sense here ;)\r
-# <tango_> I think syntax should be auth [usermask] [channelmask] [modes]\r
-# <markey> yes\r
-# <markey> modes separated by comma?\r
-# <tango_> where channelmask is implied to be *\r
-# <tango_> no we can have it spacesplit\r
-# <markey> great\r
-# <markey> ok\r
-# <tango_> modes are detected by +-\r
-# <tango_> so you can do something like auth markey #rbot -quiz #amarok -chuck\r
-# <markey> also I like "auth" a lot more than "usermod foo"\r
-# <markey> yep\r
-# <tango_> I don't understand why the 'mod'\r
-# <tango_> we could have all auth commands start with use\r
-# <tango_> user\r
-# <tango_> user add\r
-# <tango_> user list\r
-# <tango_> user del\r
-# <markey> yes\r
-# <tango_> user auth\r
-# <tango_> hm\r
-# <tango_> and maybe auth as a synonym for user auth\r
-# <markey> this is also uncomfortable: usermod wants the full user mask\r
-# <markey> you have to copy/paste it\r
-# <tango_> no\r
-# <tango_> can't you use *?\r
-# <markey> sorry not sure\r
-# <markey> but this shows, it's not inuitive\r
-# <markey> I've read the docs\r
-# <markey> but didn't know how to use it really\r
-# <tango_> markey!*@*\r
-# <markey> that's not very intuitive\r
-# <tango_> we could use nick as a synonym for nick!*@* if it's too much for you :D\r
-# <markey> usermod markey foo should suffice\r
-# <markey> rememember: you're a hacker. when rbot gets many new users, they will often be noobs\r
-# <markey> gotta make things simple to use\r
-# <tango_> but the hostmask is only needed for the user creation\r
-# <markey> really? then forget what I said, sorry\r
-# <tango_> I think so\r
-# <tango_> ,help auth\r
-# <testbot> Auth module (User authentication) topics: setlevel, useradd, userdel, usermod, auth, levels, users, whoami, identify\r
-# <tango_> ,help usermod\r
-# <testbot> no help for topic usermod\r
-# <tango_> ,help auth usermod\r
-# <testbot> usermod <username> <item> <value> => Modify <username>s settings. Valid <item>s are: hostmask, (+|-)hostmask, password, level (private addressing only)\r
-# <tango_> see? it's username, not nick :D\r
-# <markey> btw, help usermod should also work\r
-# <tango_> ,help auth useradd\r
-# <testbot> useradd <username> => Add user <mask>, you still need to set him up correctly (private addressing only)\r
-# <markey> instead of help auth usermode\r
-# <markey> when it's not ambiguous\r
-# <tango_> and the help for useradd is wrong\r
-# <markey> for the website, we could make a logo contest :) the current logo looks like giblet made it in 5 minutes ;)\r
-# <markey> ah well, for 1.0 maybe\r
-# <tango_> so a user on rbot is given by\r
-# <tango_> username, password, hostmasks, permissions\r
-# <markey> yup\r
-# <tango_> the default permission is +* -importantstuff\r
-# <markey> how defines importantstuff?\r
-# <markey> you mean like core and auth?\r
-# <tango_> yes\r
-# <markey> ok\r
-# <tango_> but we can decide about this :)\r
-# <markey> some plugins are dangerous by default\r
-# <markey> like command plugin\r
-# <markey> you can do all sorts of nasty shit with it\r
-# <tango_> then command plugin will do something like: command.defaultperm("-command")\r
-# <markey> yes, good point\r
-# <tango_> this is then added to the default permissions (user * channel *)\r
-# <tango_> when checking for auth, we go like this:\r
-# <tango_> hm\r
-# <tango_> check user * channel *\r
-# <tango_> then user name channel *\r
-# <tango_> then user * channel name\r
-# <tango_> then user name channel name\r
-# <tango_> for each of these combinations we match against * first, then against command, and then against command::subcommand\r
-# <markey> yup\r
-# <tango_> setting or resetting it depending on wether it's + or -\r
-# <tango_> the final result gives us the permission\r
-# <tango_> implementation detail\r
-# <tango_> username and passwords are strings\r
-# <markey> (I might rename the command plugin, the name is somewhat confusing)\r
-# <tango_> yeah\r
-# <tango_> hostmasks are hostmasks\r
-# <markey> also I'm pondering to restrict it more: disallow access to @bot\r
-# <tango_> permissions are in the form [ [channel, {command => bool, ...}] ...]\r
-#++\r
-\r
-module Irc\r
+require 'singleton'\r
\r
- # This method raises a TypeError if _user_ is not of class User\r
- #\r
- def error_if_not_user(user)\r
- raise TypeError, "#{user.inspect} must be of type Irc::User and not #{user.class}" unless user.class <= User\r
- end\r
\r
- # This method raises a TypeError if _chan_ is not of class Chan\r
- #\r
- def error_if_not_channel(chan)\r
- raise TypeError, "#{chan.inspect} must be of type Irc::User and not #{chan.class}" unless chan.class <= Channel\r
- end\r
+module Irc\r
\r
\r
# This module contains the actual Authentication stuff\r
#\r
module Auth\r
\r
+ BotConfig.register BotConfigStringValue.new( 'auth.password',\r
+ :default => 'rbotauth', :wizard => true,\r
+ :desc => 'Password for the bot owner' )\r
+ BotConfig.register BotConfigBooleanValue.new( 'auth.login_by_mask',\r
+ :default => 'true',\r
+ :desc => 'Set false to prevent new botusers from logging in without a password when the user netmask is known')\r
+ BotConfig.register BotConfigBooleanValue.new( 'auth.autologin',\r
+ :default => 'true',\r
+ :desc => 'Set false to prevent new botusers from recognizing IRC users without a need to manually login')\r
+ # BotConfig.register BotConfigIntegerValue.new( 'auth.default_level',\r
+ # :default => 10, :wizard => true,\r
+ # :desc => 'The default level for new/unknown users' )\r
+\r
# Generate a random password of length _l_\r
#\r
- def random_password(l=8)\r
+ def Auth.random_password(l=8)\r
pwd = ""\r
8.times do\r
pwd += (rand(26) + (rand(2) == 0 ? 65 : 97) ).chr\r
# the command as a symbol with the :command method and the whole\r
# path as :path\r
#\r
- # Command.new("core::auth::save").path => [:"", :core, :"core::auth", :"core::auth::save"]\r
+ # Command.new("core::auth::save").path => [:"*", :"core", :"core::auth", :"core::auth::save"]\r
#\r
# Command.new("core::auth::save").command => :"core::auth::save"\r
#\r
def initialize(cmd)\r
cmdpath = sanitize_command_path(cmd).split('::')\r
- seq = cmdpath.inject([""]) { |list, cmd|\r
- list << (list.last ? list.last + "::" : "") + cmd\r
+ seq = cmdpath.inject(["*"]) { |list, cmd|\r
+ list << (list.length > 1 ? list.last + "::" : "") + cmd\r
}\r
@path = seq.map { |k|\r
k.to_sym\r
}\r
@command = path.last\r
+ debug "Created command #{@command.inspect} with path #{@path.join(', ')}"\r
+ end\r
+\r
+ # Returs self\r
+ def to_irc_auth_command\r
+ self\r
end\r
- end\r
\r
- # This method raises a TypeError if _user_ is not of class User\r
- #\r
- def error_if_not_command(cmd)\r
- raise TypeError, "#{cmd.inspect} must be of type Irc::Auth::Command and not #{cmd.class}" unless cmd.class <= Command\r
end\r
\r
+ end\r
+\r
+end\r
+\r
+\r
+class String\r
+\r
+ # Returns an Irc::Auth::Comand from the receiver\r
+ def to_irc_auth_command\r
+ Irc::Auth::Command.new(self)\r
+ end\r
+\r
+end\r
+\r
+\r
+module Irc\r
+\r
+\r
+ module Auth\r
+\r
\r
# This class describes a permission set\r
class PermissionSet\r
\r
+ attr_reader :perm\r
# Create a new (empty) PermissionSet\r
#\r
def initialize\r
@perm = {}\r
end\r
\r
+ # Inspection simply inspects the internal hash\r
+ def inspect\r
+ @perm.inspect\r
+ end\r
+\r
# Sets the permission for command _cmd_ to _val_,\r
- # creating intermediate permissions if needed.\r
#\r
- def set_permission(cmd, val)\r
- raise TypeError, "#{val.inspect} must be true or false" unless [true,false].include?(val)\r
- error_if_not_command(cmd)\r
- cmd.path.each { |k|\r
- set_permission(k.to_s, true) unless @perm.has_key?(k)\r
- }\r
- @perm[path.last] = val\r
+ def set_permission(str, val)\r
+ cmd = str.to_irc_auth_command\r
+ case val\r
+ when true, false\r
+ @perm[cmd.command] = val\r
+ when nil\r
+ @perm.delete(cmd.command)\r
+ else\r
+ raise TypeError, "#{val.inspect} must be true or false" unless [true,false].include?(val)\r
+ end\r
+ end\r
+\r
+ # Resets the permission for command _cmd_\r
+ #\r
+ def reset_permission(cmd)\r
+ set_permission(cmd, nil)\r
end\r
\r
# Tells if command _cmd_ is permitted. We do this by returning\r
# the value of the deepest Command#path that matches.\r
#\r
- def permit?(cmd)\r
- error_if_not_command(cmd)\r
+ def permit?(str)\r
+ cmd = str.to_irc_auth_command\r
allow = nil\r
cmd.path.reverse.each { |k|\r
if @perm.has_key?(k)\r
}\r
return allow\r
end\r
+\r
end\r
\r
\r
- # This is the basic class for bot users: they have a username, a password, a\r
- # list of netmasks to match against, and a list of permissions.\r
+ # This is the error that gets raised when an invalid password is met\r
+ #\r
+ class InvalidPassword < RuntimeError\r
+ end\r
+\r
+\r
+ # This is the basic class for bot users: they have a username, a password,\r
+ # a list of netmasks to match against, and a list of permissions.\r
#\r
class BotUser\r
\r
attr_reader :username\r
attr_reader :password\r
attr_reader :netmasks\r
+ attr_reader :perm\r
+ attr_writer :login_by_mask\r
+ attr_writer :autologin\r
\r
# Create a new BotUser with given username\r
def initialize(username)\r
@password = nil\r
@netmasks = NetmaskList.new\r
@perm = {}\r
+ reset_login_by_mask\r
+ reset_autologin\r
+ end\r
+\r
+ # Inspection\r
+ def inspect\r
+ str = "<#{self.class}:#{'0x%08x' % self.object_id}:"\r
+ str << " @username=#{@username.inspect}"\r
+ str << " @netmasks=#{@netmasks.inspect}"\r
+ str << " @perm=#{@perm.inspect}"\r
+ str << " @login_by_mask=#{@login_by_mask}"\r
+ str << " @autologin=#{@autologin}"\r
+ str << ">"\r
+ end\r
+\r
+ # In strings\r
+ def to_s\r
+ @username\r
+ end\r
+\r
+ # Convert into a hash\r
+ def to_hash\r
+ {\r
+ :username => @username,\r
+ :password => @password,\r
+ :netmasks => @netmasks,\r
+ :perm => @perm,\r
+ :login_by_mask => @login_by_mask,\r
+ :autologin => @autologin\r
+ }\r
+ end\r
+\r
+ # Do we allow logging in without providing the password?\r
+ #\r
+ def login_by_mask?\r
+ @login_by_mask\r
+ end\r
+\r
+ # Reset the login-by-mask option\r
+ #\r
+ def reset_login_by_mask\r
+ @login_by_mask = Auth.authmanager.bot.config['auth.login_by_mask'] unless defined?(@login_by_mask)\r
+ end\r
+\r
+ # Reset the autologin option\r
+ #\r
+ def reset_autologin\r
+ @autologin = Auth.authmanager.bot.config['auth.autologin'] unless defined?(@autologin)\r
+ end\r
+\r
+ # Do we allow automatic logging in?\r
+ #\r
+ def autologin?\r
+ @autologin\r
+ end\r
+\r
+ # Restore from hash\r
+ def from_hash(h)\r
+ @username = h[:username] if h.has_key?(:username)\r
+ @password = h[:password] if h.has_key?(:password)\r
+ @netmasks = h[:netmasks] if h.has_key?(:netmasks)\r
+ @perm = h[:perm] if h.has_key?(:perm)\r
+ @login_by_mask = h[:login_by_mask] if h.has_key?(:login_by_mask)\r
+ @autologin = h[:autologin] if h.has_key?(:autologin)\r
+ end\r
+\r
+ # This method sets the password if the proposed new password\r
+ # is valid\r
+ def password=(pwd=nil)\r
+ if pwd\r
+ begin\r
+ raise InvalidPassword, "#{pwd} contains invalid characters" if pwd !~ /^[A-Za-z0-9]+$/\r
+ raise InvalidPassword, "#{pwd} too short" if pwd.length < 4\r
+ @password = pwd\r
+ rescue InvalidPassword => e\r
+ raise e\r
+ rescue => e\r
+ raise InvalidPassword, "Exception #{e.inspect} while checking #{pwd}"\r
+ end\r
+ else\r
+ reset_password\r
+ end\r
end\r
\r
# Resets the password by creating a new onw\r
def reset_password\r
- @password = random_password\r
+ @password = Auth.random_password\r
end\r
\r
# Sets the permission for command _cmd_ to _val_ on channel _chan_\r
@perm[k].set_permission(cmd, val)\r
end\r
\r
+ # Resets the permission for command _cmd_ on channel _chan_\r
+ #\r
+ def reset_permission(cmd, chan ="*")\r
+ set_permission(cmd, nil, chan)\r
+ end\r
+\r
# Checks if BotUser is allowed to do something on channel _chan_,\r
# or on all channels if _chan_ is nil\r
#\r
# Adds a Netmask\r
#\r
def add_netmask(mask)\r
- case mask\r
- when Netmask\r
- @netmasks << mask\r
- else\r
- @netmasks << Netmask(mask)\r
- end\r
+ @netmasks << mask.to_irc_netmask\r
end\r
\r
# Removes a Netmask\r
#\r
def delete_netmask(mask)\r
- case mask\r
- when Netmask\r
- m = mask\r
- else\r
- m << Netmask(mask)\r
- end\r
+ m = mask.to_irc_netmask\r
@netmasks.delete(m)\r
end\r
\r
# Removes all <code>Netmask</code>s\r
- def reset_netmask_list\r
+ #\r
+ def reset_netmasks\r
@netmasks = NetmaskList.new\r
end\r
\r
# This method checks if BotUser has a Netmask that matches _user_\r
- def knows?(user)\r
- error_if_not_user(user)\r
+ #\r
+ def knows?(usr)\r
+ user = usr.to_irc_user\r
known = false\r
@netmasks.each { |n|\r
if user.matches?(n)\r
# is right. If it is, the Netmask of the user is added to the\r
# list of acceptable Netmask unless it's already matched.\r
def login(user, password)\r
- if password == @password\r
+ if password == @password or (password.nil? and (@login_by_mask || @autologin) and knows?(user))\r
add_netmask(user) unless knows?(user)\r
+ debug "#{user} logged in as #{self.inspect}"\r
return true\r
else\r
return false\r
# and replacing any nonalphanumeric character with _\r
#\r
def BotUser.sanitize_username(name)\r
- return name.to_s.chomp.downcase.gsub(/[^a-z0-9]/,"_")\r
+ candidate = name.to_s.chomp.downcase.gsub(/[^a-z0-9]/,"_")\r
+ raise "sanitized botusername #{candidate} too short" if candidate.length < 3\r
+ return candidate\r
end\r
\r
- # This method sets the password if the proposed new password\r
- # is valid\r
- def password=(pwd=nil)\r
- if pwd\r
- begin\r
- raise InvalidPassword, "#{pwd} contains invalid characters" if pwd !~ /^[A-Za-z0-9]+$/\r
- raise InvalidPassword, "#{pwd} too short" if pwd.length < 4\r
- @password = pwd\r
- rescue InvalidPassword => e\r
- raise e\r
- rescue => e\r
- raise InvalidPassword, "Exception #{e.inspect} while checking #{pwd}"\r
- end\r
- else\r
- reset_password\r
- end\r
- end\r
end\r
\r
\r
- # This is the anonymous BotUser: it's used for all users which haven't\r
+ # This is the default BotUser: it's used for all users which haven't\r
# identified with the bot\r
#\r
- class AnonBotUserClass < BotUser\r
+ class DefaultBotUserClass < BotUser\r
+\r
+ private :add_netmask, :delete_netmask\r
+\r
include Singleton\r
+\r
+ # The default BotUser is named 'everyone'\r
+ #\r
def initialize\r
- super("anonymous")\r
+ reset_login_by_mask\r
+ reset_autologin\r
+ super("everyone")\r
+ @default_perm = PermissionSet.new\r
+ end\r
+\r
+ # This method returns without changing anything\r
+ #\r
+ def login_by_mask=(val)\r
+ debug "Tried to change the login-by-mask for default bot user, ignoring"\r
+ return @login_by_mask\r
+ end\r
+\r
+ # The default botuser allows logins by mask\r
+ #\r
+ def reset_login_by_mask\r
+ @login_by_mask = true\r
+ end\r
+\r
+ # This method returns without changing anything\r
+ #\r
+ def autologin=(val)\r
+ debug "Tried to change the autologin for default bot user, ignoring"\r
+ return\r
+ end\r
+\r
+ # The default botuser doesn't allow autologin (meaningless)\r
+ #\r
+ def reset_autologin\r
+ @autologin = false\r
+ end\r
+\r
+ # Sets the default permission for the default user (i.e. the ones\r
+ # set by the BotModule writers) on all channels\r
+ #\r
+ def set_default_permission(cmd, val)\r
+ @default_perm.set_permission(Command.new(cmd), val)\r
+ debug "Default permissions now:\n#{@default_perm.inspect}"\r
end\r
- private :login, :add_netmask, :delete_netmask\r
\r
- # Anon knows everybody\r
+ # default knows everybody\r
+ #\r
def knows?(user)\r
- error_if_not_user(user)\r
+ return true if user.to_irc_user\r
+ end\r
+\r
+ # We always allow logging in as the default user\r
+ def login(user, password)\r
return true\r
end\r
\r
# Resets the NetmaskList\r
- def reset_netmask_list\r
+ def reset_netmasks\r
super\r
add_netmask("*!*@*")\r
end\r
+\r
+ # DefaultBotUser will check the default_perm after checking\r
+ # the global ones\r
+ # or on all channels if _chan_ is nil\r
+ #\r
+ def permit?(cmd, chan=nil)\r
+ allow = super(cmd, chan)\r
+ if allow.nil? && chan.nil?\r
+ allow = @default_perm.permit?(cmd)\r
+ end\r
+ return allow\r
+ end\r
+\r
end\r
\r
- # Returns the only instance of AnonBotUserClass\r
+ # Returns the only instance of DefaultBotUserClass\r
#\r
- def anonbotuser\r
- return AnonBotUserClass.instance\r
+ def Auth.defaultbotuser\r
+ return DefaultBotUserClass.instance\r
end\r
\r
# This is the BotOwner: he can do everything\r
#\r
class BotOwnerClass < BotUser\r
+\r
include Singleton\r
+\r
def initialize\r
+ @login_by_mask = false\r
+ @autologin = true\r
super("owner")\r
end\r
\r
def permit?(cmd, chan=nil)\r
return true\r
end\r
+\r
end\r
\r
# Returns the only instance of BotOwnerClass\r
#\r
- def botowner\r
- return BotOwneClass.instance\r
+ def Auth.botowner\r
+ return BotOwnerClass.instance\r
end\r
\r
\r
# everything\r
#\r
class AuthManagerClass\r
+\r
include Singleton\r
\r
+ attr_reader :everyone\r
+ attr_reader :botowner\r
+ attr_reader :bot\r
+\r
# The instance manages two <code>Hash</code>es: one that maps\r
# <code>Irc::User</code>s onto <code>BotUser</code>s, and the other that maps\r
# usernames onto <code>BotUser</code>\r
def initialize\r
+ @everyone = Auth::defaultbotuser\r
+ @botowner = Auth::botowner\r
+ bot_associate(nil)\r
+ end\r
+\r
+ def bot_associate(bot)\r
+ raise "Cannot associate with a new bot! Save first" if defined?(@has_changes) && @has_changes\r
+\r
reset_hashes\r
\r
+ # Associated bot\r
+ @bot = bot\r
+\r
# This variable is set to true when there have been changes\r
# to the botusers list, so that we know when to save\r
@has_changes = false\r
end\r
\r
+ def set_changed\r
+ @has_changes = true\r
+ end\r
+\r
+ def reset_changed\r
+ @has_changes = false\r
+ end\r
+\r
+ def changed?\r
+ @has_changes\r
+ end\r
+\r
# resets the hashes\r
def reset_hashes\r
@botusers = Hash.new\r
@allbotusers = Hash.new\r
- [anonbotuser, botowner].each { |x| @allbotusers[x.username.to_sym] = x }\r
- end\r
-\r
- # load botlist from userfile\r
- def load_merge(filename=nil)\r
- # TODO\r
- raise NotImplementedError\r
- @has_changes = true\r
+ [everyone, botowner].each { |x|\r
+ @allbotusers[x.username.to_sym] = x\r
+ }\r
end\r
\r
- def load(filename=nil)\r
+ def load_array(ary, forced)\r
+ raise "Won't load with unsaved changes" if @has_changes and not forced\r
reset_hashes\r
- load_merge(filename)\r
+ ary.each { |x|\r
+ raise TypeError, "#{x} should be a Hash" unless x.kind_of?(Hash)\r
+ u = x[:username]\r
+ unless include?(u)\r
+ create_botuser(u)\r
+ end\r
+ get_botuser(u).from_hash(x)\r
+ }\r
+ @has_changes=false\r
end\r
\r
- # save botlist to userfile\r
- def save(filename=nil)\r
- return unless @has_changes\r
- # TODO\r
- raise NotImplementedError\r
+ def save_array\r
+ @allbotusers.values.map { |x|\r
+ x.to_hash\r
+ }\r
end\r
\r
# checks if we know about a certain BotUser username\r
\r
# Maps <code>Irc::User</code> to BotUser\r
def irc_to_botuser(ircuser)\r
- error_if_not_user(ircuser)\r
- return @botusers[ircuser] || anonbotuser\r
+ logged = @botusers[ircuser.to_irc_user]\r
+ return logged if logged\r
+ return autologin(ircuser)\r
end\r
\r
# creates a new BotUser\r
def create_botuser(name, password=nil)\r
n = BotUser.sanitize_username(name)\r
k = n.to_sym\r
- raise "BotUser #{n} exists" if include?(k)\r
+ raise "botuser #{n} exists" if include?(k)\r
bu = BotUser.new(n)\r
bu.password = password\r
@allbotusers[k] = bu\r
+ return bu\r
end\r
\r
- # Logs Irc::User _ircuser_ in to BotUser _botusername_ with password _pwd_\r
+ # returns the botuser with name _name_\r
+ def get_botuser(name)\r
+ @allbotusers.fetch(BotUser.sanitize_username(name).to_sym)\r
+ end\r
+\r
+ # Logs Irc::User _user_ in to BotUser _botusername_ with password _pwd_\r
#\r
# raises an error if _botusername_ is not a known BotUser username\r
#\r
# It is possible to autologin by Netmask, on request\r
#\r
- def login(ircuser, botusername, pwd, bymask = false)\r
- error_if_not_user(ircuser)\r
- n = BotUser.sanitize_username(name)\r
+ def login(user, botusername, pwd=nil)\r
+ ircuser = user.to_irc_user\r
+ n = BotUser.sanitize_username(botusername)\r
k = n.to_sym\r
raise "No such BotUser #{n}" unless include?(k)\r
if @botusers.has_key?(ircuser)\r
+ return true if @botusers[ircuser].username == n\r
# TODO\r
# @botusers[ircuser].logout(ircuser)\r
end\r
bu = @allbotusers[k]\r
- if bymask && bu.knows?(user)\r
- @botusers[ircuser] = bu\r
- return true\r
- elsif bu.login(ircuser, pwd)\r
+ if bu.login(ircuser, pwd)\r
@botusers[ircuser] = bu\r
return true\r
end\r
return false\r
end\r
\r
+ # Tries to auto-login Irc::User _user_ by looking at the known botusers that allow autologin\r
+ # and trying to login without a password\r
+ #\r
+ def autologin(user)\r
+ ircuser = user.to_irc_user\r
+ debug "Trying to autlogin #{ircuser}"\r
+ return @botusers[ircuser] if @botusers.has_key?(ircuser)\r
+ @allbotusers.each { |n, bu|\r
+ debug "Checking with #{n}"\r
+ return bu if bu.autologin? and login(ircuser, n)\r
+ }\r
+ return everyone\r
+ end\r
+\r
# Checks if User _user_ can do _cmd_ on _chan_.\r
#\r
# Permission are checked in this order, until a true or false\r
# is returned:\r
# * associated BotUser on _chan_\r
# * associated BotUser on all channels\r
- # * anonbotuser on _chan_\r
- # * anonbotuser on all channels\r
+ # * everyone on _chan_\r
+ # * everyone on all channels\r
#\r
- def permit?(user, cmdtxt, chan=nil)\r
- error_if_not_user(user)\r
- cmd = Command.new(cmdtxt)\r
+ def permit?(user, cmdtxt, channel=nil)\r
+ if user.class <= BotUser\r
+ botuser = user\r
+ else\r
+ botuser = irc_to_botuser(user)\r
+ end\r
+ cmd = cmdtxt.to_irc_auth_command\r
+\r
+ chan = channel\r
+ case chan\r
+ when User\r
+ chan = "?"\r
+ when Channel\r
+ chan = chan.name\r
+ end\r
+\r
allow = nil\r
- botuser = @botusers[user]\r
+\r
allow = botuser.permit?(cmd, chan) if chan\r
return allow unless allow.nil?\r
allow = botuser.permit?(cmd)\r
return allow unless allow.nil?\r
- unless botuser == anonbotuser\r
- allow = anonbotuser.permit?(cmd, chan) if chan\r
+\r
+ unless botuser == everyone\r
+ allow = everyone.permit?(cmd, chan) if chan\r
return allow unless allow.nil?\r
- allow = anonbotuser.permit?(cmd)\r
+ allow = everyone.permit?(cmd)\r
return allow unless allow.nil?\r
end\r
+\r
raise "Could not check permission for user #{user.inspect} to run #{cmdtxt.inspect} on #{chan.inspect}"\r
end\r
+\r
+ # Checks if command _cmd_ is allowed to User _user_ on _chan_, optionally\r
+ # telling if the user is authorized\r
+ #\r
+ def allow?(cmdtxt, user, chan=nil)\r
+ if permit?(user, cmdtxt, chan)\r
+ return true\r
+ else\r
+ # cmds = cmdtxt.split('::')\r
+ # @bot.say chan, "you don't have #{cmds.last} (#{cmds.first}) permissions here" if chan\r
+ @bot.say chan, "#{user}, you don't have '#{cmdtxt}' permissions here" if chan\r
+ return false\r
+ end\r
+ end\r
+\r
end\r
\r
# Returns the only instance of AuthManagerClass\r
#\r
- def authmanager\r
+ def Auth.authmanager\r
return AuthManagerClass.instance\r
end\r
+\r
end\r
+\r
end\r