fix #1020

2025-12-20 02:00:11 -08:00 · 2020-05-17 18:06:20 -04:00 · 2020-05-17 18:06:20 -04:00 · 67150bc8f7
commit 67150bc8f7
parent 1ab06949bf
5 changed files with 63 additions and 13 deletions
--- a/irc/handlers.go
+++ b/irc/handlers.go
@ -2159,16 +2159,45 @@ func passHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *Resp
 		rb.Add(nil, server.name, ERR_ALREADYREGISTRED, client.nick, client.t("You may not reregister"))
 		return false
 	}
+	if rb.session.passStatus != serverPassUnsent {
+		return false
+	}
+
+	password := msg.Params[0]
+	config := server.Config()
+
+	if config.Accounts.LoginViaPassCommand {
+		colonIndex := strings.IndexByte(password, ':')
+		if colonIndex != -1 && client.Account() == "" {
+			// TODO consolidate all login throttle checks into AccountManager
+			throttled, _ := client.loginThrottle.Touch()
+			if !throttled {
+				account, accountPass := password[:colonIndex], password[colonIndex+1:]
+				err := server.accounts.AuthenticateByPassphrase(client, account, accountPass)
+				if err == nil {
+					sendSuccessfulAccountAuth(client, rb, false, true)
+					// login-via-pass-command entails that we do not need to check
+					// an actual server password (either no password or skip-server-password)
+					rb.session.passStatus = serverPassSuccessful
+					return false
+				}
+			}
+		}
+	}
+
+	serverPassword := config.Server.passwordBytes

 	// if no password exists, skip checking
-	serverPassword := server.Config().Server.passwordBytes
 	if serverPassword == nil {
 		return false
 	}

 	// check the provided password
-	password := []byte(msg.Params[0])
-	rb.session.sentPassCommand = bcrypt.CompareHashAndPassword(serverPassword, password) == nil
+	if bcrypt.CompareHashAndPassword(serverPassword, []byte(password)) == nil {
+		rb.session.passStatus = serverPassSuccessful
+	} else {
+		rb.session.passStatus = serverPassFailed
+	}

 	// if they failed the check, we'll bounce them later when they try to complete registration
 	return false