Separate SASL and server passwords (#251)

prawnsalad · web-flow · commit 83937c4b16a9 · 2020-03-31T14:01:52.000+01:00
* Separate SASL and server passwords

* SASL auth logic tweaks

* let/const
diff --git a/docs/clientapi.md b/docs/clientapi.md
@@ -17,6 +17,10 @@ new Irc.Client({
     auto_reconnect_max_retries: 3,
     ping_interval: 30,
     ping_timeout: 120,
+    account: {
+        account: 'username',
+        password: 'account_password',
+    },
     webirc: {
         password: '',
         username: '*',
diff --git a/src/commands/handlers/registration.js b/src/commands/handlers/registration.js
@@ -131,7 +131,8 @@ var handlers = {
         ];
 
         // Optional CAPs depending on settings
-        if (handler.connection.options.password || handler.connection.options.sasl_mechanism === 'EXTERNAL') {
+        const saslAuth = getSaslAuth(handler);
+        if (saslAuth || handler.connection.options.sasl_mechanism === 'EXTERNAL') {
             want.push('sasl');
         }
         if (handler.connection.options.enable_chghost) {
@@ -256,9 +257,10 @@ var handlers = {
             return;
         }
 
-        const auth_str = handler.connection.options.nick + '\0' +
-            handler.connection.options.nick + '\0' +
-            handler.connection.options.password;
+        const saslAuth = getSaslAuth(handler);
+        const auth_str = saslAuth.account + '\0' +
+            saslAuth.account + '\0' +
+            saslAuth.password;
         const b = Buffer.from(auth_str, 'utf8');
         let b64 = b.toString('base64');
 
@@ -354,6 +356,33 @@ var handlers = {
     }
 };
 
+/**
+ * Only use the nick+password combo if an account has not been specifically given.
+ * If an account:{account,password} has been given, use it for SASL auth.
+ */
+function getSaslAuth(handler) {
+    const options = handler.connection.options;
+    if (options.account && options.account.account) {
+        // An account username has been given, use it for SASL auth
+        return {
+            account: options.account.account,
+            password: options.account.password || '',
+        };
+    } else if (options.account) {
+        // An account object existed but without auth credentials
+        return null;
+    } else if (options.password) {
+        // No account credentials found but we have a server password. Also use it for SASL
+        // for ease of use
+        return {
+            account: options.nick,
+            password: options.password,
+        };
+    }
+
+    return null;
+}
+
 module.exports = function AddCommandHandlers(command_controller) {
     _.each(handlers, function(handler, handler_command) {
         command_controller.addHandler(handler_command, handler);
