bitbot-3.11-fork/modules/permissions.py

import base64, os
import scrypt
from src import ModuleManager, Utils

REQUIRES_IDENTIFY = ("You need to be identified to use that command "
 "(/msg %s register | /msg %s identify)")

class Module(ModuleManager.BaseModule):
    @Utils.hook("new.user")
    def new_user(self, event):
        self._logout(event["user"])

    @Utils.hook("received.part")
    def on_part(self, event):
        if len(event["user"].channels) == 1 and event["user"
                ].identified_account_override:
            event["user"].send_notice("You no longer share any channels "
                "with me so you have been signed out")

    def _get_hash(self, server, account):
        hash, salt = server.get_user(account).get_setting("authentication",
            (None, None))
        return hash, salt

    def _make_salt(self):
        return base64.b64encode(os.urandom(64)).decode("utf8")

    def _make_hash(self, password, salt=None):
        salt = salt or self._make_salt()
        hash = base64.b64encode(scrypt.hash(password, salt)).decode("utf8")
        return hash, salt

    def _identified(self, server, user, account):
        user.identified_account_override = account
        user.identified_account_id_override = server.get_user(account).get_id()

    def _logout(self, user):
        user.identified_account_override = None
        user.identified_account_id_override = None

    @Utils.hook("received.command.identify", private_only=True, min_args=2,
        usage="<account> <password>")
    def identify(self, event):
        """
        Identify yourself
        """
        identity_mechanism = event["server"].get_setting("identity-mechanism",
            "internal")
        if not identity_mechanism == "internal":
            event["stderr"].write("The 'identify' command isn't available "
                "on this network")
            return

        if not event["user"].channels:
            event["stderr"].write("You must share at least one channel "
                "with me before you can identify")
            return

        if not event["user"].identified_account_override:
            account = event["args_split"][0]
            password = " ".join(event["args_split"][1:])
            hash, salt = self._get_hash(event["server"], account)
            if hash and salt:
                attempt, _ = self._make_hash(password, salt)
                if attempt == hash:
                    self._identified(event["server"], event["user"], account)
                    event["stdout"].write("Correct password, you have "
                        "been identified as '%s'." % account)
                else:
                    event["stderr"].write("Incorrect password for '%s'" %
                        account)
            else:
                event["stderr"].write("Account '%s' is not registered" %
                    account)
        else:
            event["stderr"].write("You are already identified")

    @Utils.hook("received.command.register", private_only=True, min_args=1,
        usage="<password>")
    def register(self, event):
        """
        Register yourself
        """
        identity_mechanism = event["server"].get_setting("identity-mechanism",
            "internal")
        if not identity_mechanism == "internal":
            event["stderr"].write("The 'identify' command isn't available "
                "on this network")
            return

        hash, salt = self._get_hash(event["server"], event["user"].nickname)
        if not hash and not salt:
            password = event["args_split"][0]
            hash, salt = self._make_hash(password)
            event["user"].set_setting("authentication", [hash, salt])
            self._identified(event["server"], event["user"],
                event["user"].nickname)
            event["stdout"].write("Nickname registered successfully")
        else:
            event["stderr"].write("This nickname is already registered")

    @Utils.hook("received.command.logout", private_only=True)
    def logout(self, event):
        """
        Logout from your identified account
        """
        if event["user"].identified_account_override:
            self._logout(event["user"])
            event["stdout"].write("You have been logged out")
        else:
            event["stderr"].write("You are not logged in")

    @Utils.hook("received.command.resetpassword", private_only=True,
        min_args=2, usage="<nickname> <password>", permission="resetpassword")
    def reset_password(self, event):
        """
        Reset a given user's password
        """
        target = event["server"].get_user(event["args_split"][0])
        password = " ".join(event["args_split"][1:])
        registered = target.get_setting("authentication", None)

        if registered == None:
            event["stderr"].write("'%s' isn't registered" % target.nickname)
        else:
            hash, salt = self._make_hash(password)
            target.set_setting("authentication", [hash, salt])
            event["stdout"].write("Reset password for '%s'" %
                target.nickname)

    @Utils.hook("preprocess.command")
    def preprocess_command(self, event):
        permission = event["hook"].kwargs.get("permission", None)
        authenticated = event["hook"].kwargs.get("authenticated", False)

        identity_mechanism = event["server"].get_setting("identity-mechanism",
            "internal")
        identified_account = None
        if identity_mechanism == "internal":
            identified_account = event["user"].identified_account_override
        elif identity_mechanism == "ircv3-account":
            identified_account = (event["user"].identified_account or
                event["tags"].get("account", None))

        identified_user = None
        permissions = []
        if identified_account:
            identified_user = event["server"].get_user(identified_account)
            permissions = identified_user.get_setting("permissions", [])

        if permission:
            has_permission = permission and (
                permission in permissions or "*" in permissions)
            if not identified_account or not has_permission:
                return "You do not have permission to do that"
        elif authenticated:
            if not identified_account:
                return REQUIRES_IDENTIFY % (event["server"].nickname,
                    event["server"].nickname)

    @Utils.hook("received.command.mypermissions", authenticated=True)
    def my_permissions(self, event):
        """
        Show your permissions
        """
        permissions = event["user"].get_setting("permissions", [])
        event["stdout"].write("Your permissions: %s" % ", ".join(permissions))

    def _get_user_details(self, server, nickname):
        target = server.get_user(nickname)
        registered = bool(target.get_setting("authentication", None))
        permissions = target.get_setting("permissions", [])
        return [target, registered, permissions]

    @Utils.hook("received.command.givepermission", min_args=2,
        permission="givepermission")
    def give_permission(self, event):
        """
        Give a given permission to a given user
        """
        permission = event["args_split"][1].lower()
        target, registered, permissions = self._get_user_details(
            event["server"], event["args_split"][0])

        if target.identified_account == None:
            event["stderr"].write("%s isn't registered" % target.nickname)
            return

        if permission in permissions:
            event["stderr"].write("%s already has permission '%s'" % (
                target.nickname, permission))
        else:
            permissions.append(permission)
            target.set_setting("permissions", permissions)
            event["stdout"].write("Gave permission '%s' to %s" % (
                permission, target.nickname))
    @Utils.hook("received.command.removepermission", min_args=2,
        permission="removepermission")
    def remove_permission(self, event):
        """
        Remove a given permission from a given user
        """
        permission = event["args_split"][1].lower()
        target, registered, permissions = self._get_user_details(
            event["server"], event["args_split"][0])

        if target.identified_account == None:
            event["stderr"].write("%s isn't registered" % target.nickname)
            return

        if permission not in permissions:
            event["stderr"].write("%s doesn't have permission '%s'" % (
                target.nickname, permission))
        else:
            permissions.remove(permission)
            if not permissions:
                target.del_setting("permissions")
            else:
                target.set_setting("permissions", permissions)
            event["stdout"].write("Removed permission '%s' from %s" % (
                permission, target.nickname))
added permissions.py which contains code for identifying/registering/logouting users. updated README.md to reflect the newly required scrypt module. 2016-04-04 17:42:37 +00:00			`import base64, os`
			`import scrypt`
Switch to using @Utils.hook and docstrings for event hooks 2018-09-26 17:27:17 +00:00			`from src import ModuleManager, Utils`
added permissions.py which contains code for identifying/registering/logouting users. updated README.md to reflect the newly required scrypt module. 2016-04-04 17:42:37 +00:00
Add the ability to only require authentication if your nickname is registered 2018-08-28 17:16:19 +00:00			`REQUIRES_IDENTIFY = ("You need to be identified to use that command "`
			`"(/msg %s register \| /msg %s identify)")`

Switch to using @Utils.hook and docstrings for event hooks 2018-09-26 17:27:17 +00:00			`class Module(ModuleManager.BaseModule):`
			`@Utils.hook("new.user")`
added permissions.py which contains code for identifying/registering/logouting users. updated README.md to reflect the newly required scrypt module. 2016-04-04 17:42:37 +00:00			`def new_user(self, event):`
			`self._logout(event["user"])`

Switch to using @Utils.hook and docstrings for event hooks 2018-09-26 17:27:17 +00:00			`@Utils.hook("received.part")`
added permissions.py which contains code for identifying/registering/logouting users. updated README.md to reflect the newly required scrypt module. 2016-04-04 17:42:37 +00:00			`def on_part(self, event):`
Support IRCv3's account-notify/extended-join along with WHOX to replace internal register/identify 2018-09-05 10:58:10 +00:00			`if len(event["user"].channels) == 1 and event["user"`
			`].identified_account_override:`
added permissions.py which contains code for identifying/registering/logouting users. updated README.md to reflect the newly required scrypt module. 2016-04-04 17:42:37 +00:00			`event["user"].send_notice("You no longer share any channels "`
			`"with me so you have been signed out")`

Support IRCv3's account-notify/extended-join along with WHOX to replace internal register/identify 2018-09-05 10:58:10 +00:00			`def _get_hash(self, server, account):`
			`hash, salt = server.get_user(account).get_setting("authentication",`
			`(None, None))`
added permissions.py which contains code for identifying/registering/logouting users. updated README.md to reflect the newly required scrypt module. 2016-04-04 17:42:37 +00:00			`return hash, salt`
added the code to prevent users using certain commands based on permissions. 2016-04-06 17:23:02 +00:00
added permissions.py which contains code for identifying/registering/logouting users. updated README.md to reflect the newly required scrypt module. 2016-04-04 17:42:37 +00:00			`def _make_salt(self):`
			`return base64.b64encode(os.urandom(64)).decode("utf8")`
added the code to prevent users using certain commands based on permissions. 2016-04-06 17:23:02 +00:00
added permissions.py which contains code for identifying/registering/logouting users. updated README.md to reflect the newly required scrypt module. 2016-04-04 17:42:37 +00:00			`def _make_hash(self, password, salt=None):`
			`salt = salt or self._make_salt()`
			`hash = base64.b64encode(scrypt.hash(password, salt)).decode("utf8")`
			`return hash, salt`
added the code to prevent users using certain commands based on permissions. 2016-04-06 17:23:02 +00:00
Support IRCv3's account-notify/extended-join along with WHOX to replace internal register/identify 2018-09-05 10:58:10 +00:00			`def _identified(self, server, user, account):`
			`user.identified_account_override = account`
User.id doesn't exist anymore; it's User.get_id() 2018-09-18 23:45:01 +00:00			`user.identified_account_id_override = server.get_user(account).get_id()`
added the code to prevent users using certain commands based on permissions. 2016-04-06 17:23:02 +00:00
added permissions.py which contains code for identifying/registering/logouting users. updated README.md to reflect the newly required scrypt module. 2016-04-04 17:42:37 +00:00			`def _logout(self, user):`
Support IRCv3's account-notify/extended-join along with WHOX to replace internal register/identify 2018-09-05 10:58:10 +00:00			`user.identified_account_override = None`
			`user.identified_account_id_override = None`
added the code to prevent users using certain commands based on permissions. 2016-04-06 17:23:02 +00:00
Switch to using @Utils.hook and docstrings for event hooks 2018-09-26 17:27:17 +00:00			`@Utils.hook("received.command.identify", private_only=True, min_args=2,`
			`usage="<account> <password>")`
added permissions.py which contains code for identifying/registering/logouting users. updated README.md to reflect the newly required scrypt module. 2016-04-04 17:42:37 +00:00			`def identify(self, event):`
Switch to using @Utils.hook and docstrings for event hooks 2018-09-26 17:27:17 +00:00			`"""`
			`Identify yourself`
			`"""`
Support IRCv3's account-notify/extended-join along with WHOX to replace internal register/identify 2018-09-05 10:58:10 +00:00			`identity_mechanism = event["server"].get_setting("identity-mechanism",`
			`"internal")`
			`if not identity_mechanism == "internal":`
			`event["stderr"].write("The 'identify' command isn't available "`
			`"on this network")`
			`return`

ironed out some little issues with permissions.py. 2016-04-04 17:48:39 +00:00			`if not event["user"].channels:`
			`event["stderr"].write("You must share at least one channel "`
			`"with me before you can identify")`
			`return`
Support IRCv3's account-notify/extended-join along with WHOX to replace internal register/identify 2018-09-05 10:58:10 +00:00
			`if not event["user"].identified_account_override:`
			`account = event["args_split"][0]`
			`password = " ".join(event["args_split"][1:])`
			`hash, salt = self._get_hash(event["server"], account)`
added permissions.py which contains code for identifying/registering/logouting users. updated README.md to reflect the newly required scrypt module. 2016-04-04 17:42:37 +00:00			`if hash and salt:`
			`attempt, _ = self._make_hash(password, salt)`
			`if attempt == hash:`
Support IRCv3's account-notify/extended-join along with WHOX to replace internal register/identify 2018-09-05 10:58:10 +00:00			`self._identified(event["server"], event["user"], account)`
added permissions.py which contains code for identifying/registering/logouting users. updated README.md to reflect the newly required scrypt module. 2016-04-04 17:42:37 +00:00			`event["stdout"].write("Correct password, you have "`
Support IRCv3's account-notify/extended-join along with WHOX to replace internal register/identify 2018-09-05 10:58:10 +00:00			`"been identified as '%s'." % account)`
added permissions.py which contains code for identifying/registering/logouting users. updated README.md to reflect the newly required scrypt module. 2016-04-04 17:42:37 +00:00			`else:`
Support IRCv3's account-notify/extended-join along with WHOX to replace internal register/identify 2018-09-05 10:58:10 +00:00			`event["stderr"].write("Incorrect password for '%s'" %`
			`account)`
added permissions.py which contains code for identifying/registering/logouting users. updated README.md to reflect the newly required scrypt module. 2016-04-04 17:42:37 +00:00			`else:`
Support IRCv3's account-notify/extended-join along with WHOX to replace internal register/identify 2018-09-05 10:58:10 +00:00			`event["stderr"].write("Account '%s' is not registered" %`
			`account)`
added permissions.py which contains code for identifying/registering/logouting users. updated README.md to reflect the newly required scrypt module. 2016-04-04 17:42:37 +00:00			`else:`
			`event["stderr"].write("You are already identified")`

Switch to using @Utils.hook and docstrings for event hooks 2018-09-26 17:27:17 +00:00			`@Utils.hook("received.command.register", private_only=True, min_args=1,`
			`usage="<password>")`
added permissions.py which contains code for identifying/registering/logouting users. updated README.md to reflect the newly required scrypt module. 2016-04-04 17:42:37 +00:00			`def register(self, event):`
Switch to using @Utils.hook and docstrings for event hooks 2018-09-26 17:27:17 +00:00			`"""`
			`Register yourself`
			`"""`
Only allow the register command on networks that support internal identity 2018-09-18 23:45:14 +00:00			`identity_mechanism = event["server"].get_setting("identity-mechanism",`
			`"internal")`
			`if not identity_mechanism == "internal":`
			`event["stderr"].write("The 'identify' command isn't available "`
			`"on this network")`
			`return`

Support IRCv3's account-notify/extended-join along with WHOX to replace internal register/identify 2018-09-05 10:58:10 +00:00			`hash, salt = self._get_hash(event["server"], event["user"].nickname)`
added permissions.py which contains code for identifying/registering/logouting users. updated README.md to reflect the newly required scrypt module. 2016-04-04 17:42:37 +00:00			`if not hash and not salt:`
			`password = event["args_split"][0]`
			`hash, salt = self._make_hash(password)`
			`event["user"].set_setting("authentication", [hash, salt])`
permissions._identified takes server, user and nickname 2018-09-19 00:19:04 +00:00			`self._identified(event["server"], event["user"],`
			`event["user"].nickname)`
added permissions.py which contains code for identifying/registering/logouting users. updated README.md to reflect the newly required scrypt module. 2016-04-04 17:42:37 +00:00			`event["stdout"].write("Nickname registered successfully")`
			`else:`
			`event["stderr"].write("This nickname is already registered")`

Switch to using @Utils.hook and docstrings for event hooks 2018-09-26 17:27:17 +00:00			`@Utils.hook("received.command.logout", private_only=True)`
added permissions.py which contains code for identifying/registering/logouting users. updated README.md to reflect the newly required scrypt module. 2016-04-04 17:42:37 +00:00			`def logout(self, event):`
Switch to using @Utils.hook and docstrings for event hooks 2018-09-26 17:27:17 +00:00			`"""`
			`Logout from your identified account`
			`"""`
Support IRCv3's account-notify/extended-join along with WHOX to replace internal register/identify 2018-09-05 10:58:10 +00:00			`if event["user"].identified_account_override:`
added permissions.py which contains code for identifying/registering/logouting users. updated README.md to reflect the newly required scrypt module. 2016-04-04 17:42:37 +00:00			`self._logout(event["user"])`
			`event["stdout"].write("You have been logged out")`
			`else:`
			`event["stderr"].write("You are not logged in")`
added the code to prevent users using certain commands based on permissions. 2016-04-06 17:23:02 +00:00
Switch to using @Utils.hook and docstrings for event hooks 2018-09-26 17:27:17 +00:00			`@Utils.hook("received.command.resetpassword", private_only=True,`
			`min_args=2, usage="<nickname> <password>", permission="resetpassword")`
Added !resetpassword in permissions.py 2018-09-03 10:30:54 +00:00			`def reset_password(self, event):`
Switch to using @Utils.hook and docstrings for event hooks 2018-09-26 17:27:17 +00:00			`"""`
			`Reset a given user's password`
			`"""`
Added !resetpassword in permissions.py 2018-09-03 10:30:54 +00:00			`target = event["server"].get_user(event["args_split"][0])`
			`password = " ".join(event["args_split"][1:])`
			`registered = target.get_setting("authentication", None)`

			`if registered == None:`
			`event["stderr"].write("'%s' isn't registered" % target.nickname)`
			`else:`
			`hash, salt = self._make_hash(password)`
			`target.set_setting("authentication", [hash, salt])`
			`event["stdout"].write("Reset password for '%s'" %`
			`target.nickname)`

Switch to using @Utils.hook and docstrings for event hooks 2018-09-26 17:27:17 +00:00			`@Utils.hook("preprocess.command")`
added the code to prevent users using certain commands based on permissions. 2016-04-06 17:23:02 +00:00			`def preprocess_command(self, event):`
			`permission = event["hook"].kwargs.get("permission", None)`
Added code to preprocess check a command that only requires authentication, not a permission 2018-08-18 17:28:41 +00:00			`authenticated = event["hook"].kwargs.get("authenticated", False)`
Support IRCv3's account-notify/extended-join along with WHOX to replace internal register/identify 2018-09-05 10:58:10 +00:00
			`identity_mechanism = event["server"].get_setting("identity-mechanism",`
			`"internal")`
			`identified_account = None`
			`if identity_mechanism == "internal":`
			`identified_account = event["user"].identified_account_override`
			`elif identity_mechanism == "ircv3-account":`
Support account-tag in permissions.py 2018-09-05 14:39:29 +00:00			`identified_account = (event["user"].identified_account or`
			`event["tags"].get("account", None))`
Support IRCv3's account-notify/extended-join along with WHOX to replace internal register/identify 2018-09-05 10:58:10 +00:00
			`identified_user = None`
			`permissions = []`
			`if identified_account:`
			`identified_user = event["server"].get_user(identified_account)`
			`permissions = identified_user.get_setting("permissions", [])`
Add the ability to only require authentication if your nickname is registered 2018-08-28 17:16:19 +00:00
get user permissions every time they try to use a command that requires permissions, instead of caching their permissions when they sign in 2018-08-02 22:00:42 +00:00			`if permission:`
			`has_permission = permission and (`
Support IRCv3's account-notify/extended-join along with WHOX to replace internal register/identify 2018-09-05 10:58:10 +00:00			`permission in permissions or "*" in permissions)`
			`if not identified_account or not has_permission:`
get user permissions every time they try to use a command that requires permissions, instead of caching their permissions when they sign in 2018-08-02 22:00:42 +00:00			`return "You do not have permission to do that"`
Added code to preprocess check a command that only requires authentication, not a permission 2018-08-18 17:28:41 +00:00			`elif authenticated:`
Support IRCv3's account-notify/extended-join along with WHOX to replace internal register/identify 2018-09-05 10:58:10 +00:00			`if not identified_account:`
Add the ability to only require authentication if your nickname is registered 2018-08-28 17:16:19 +00:00			`return REQUIRES_IDENTIFY % (event["server"].nickname,`
			`event["server"].nickname)`
added a command to show you what permissions you have. 2016-05-17 13:50:48 +00:00
Switch to using @Utils.hook and docstrings for event hooks 2018-09-26 17:27:17 +00:00			`@Utils.hook("received.command.mypermissions", authenticated=True)`
added a command to show you what permissions you have. 2016-05-17 13:50:48 +00:00			`def my_permissions(self, event):`
Switch to using @Utils.hook and docstrings for event hooks 2018-09-26 17:27:17 +00:00			`"""`
			`Show your permissions`
			`"""`
get user permissions every time they try to use a command that requires permissions, instead of caching their permissions when they sign in 2018-08-02 22:00:42 +00:00			`permissions = event["user"].get_setting("permissions", [])`
added a command to show you what permissions you have. 2016-05-17 13:50:48 +00:00			`event["stdout"].write("Your permissions: %s" % ", ".join(permissions))`
Add !givepermission and !removepermission to permissions.py 2018-08-28 15:53:21 +00:00
			`def _get_user_details(self, server, nickname):`
			`target = server.get_user(nickname)`
			`registered = bool(target.get_setting("authentication", None))`
			`permissions = target.get_setting("permissions", [])`
			`return [target, registered, permissions]`

Switch to using @Utils.hook and docstrings for event hooks 2018-09-26 17:27:17 +00:00			`@Utils.hook("received.command.givepermission", min_args=2,`
			`permission="givepermission")`
Add !givepermission and !removepermission to permissions.py 2018-08-28 15:53:21 +00:00			`def give_permission(self, event):`
Switch to using @Utils.hook and docstrings for event hooks 2018-09-26 17:27:17 +00:00			`"""`
			`Give a given permission to a given user`
			`"""`
Add !givepermission and !removepermission to permissions.py 2018-08-28 15:53:21 +00:00			`permission = event["args_split"][1].lower()`
			`target, registered, permissions = self._get_user_details(`
			`event["server"], event["args_split"][0])`

Add .reloadallmodules, and fix permissions. 2018-09-23 10:01:24 +00:00			`if target.identified_account == None:`
Add !givepermission and !removepermission to permissions.py 2018-08-28 15:53:21 +00:00			`event["stderr"].write("%s isn't registered" % target.nickname)`
			`return`

			`if permission in permissions:`
			`event["stderr"].write("%s already has permission '%s'" % (`
			`target.nickname, permission))`
			`else:`
			`permissions.append(permission)`
			`target.set_setting("permissions", permissions)`
			`event["stdout"].write("Gave permission '%s' to %s" % (`
			`permission, target.nickname))`
Switch to using @Utils.hook and docstrings for event hooks 2018-09-26 17:27:17 +00:00			`@Utils.hook("received.command.removepermission", min_args=2,`
			`permission="removepermission")`
Add !givepermission and !removepermission to permissions.py 2018-08-28 15:53:21 +00:00			`def remove_permission(self, event):`
Switch to using @Utils.hook and docstrings for event hooks 2018-09-26 17:27:17 +00:00			`"""`
			`Remove a given permission from a given user`
			`"""`
Add !givepermission and !removepermission to permissions.py 2018-08-28 15:53:21 +00:00			`permission = event["args_split"][1].lower()`
			`target, registered, permissions = self._get_user_details(`
			`event["server"], event["args_split"][0])`

Add .reloadallmodules, and fix permissions. 2018-09-23 10:01:24 +00:00			`if target.identified_account == None:`
Add !givepermission and !removepermission to permissions.py 2018-08-28 15:53:21 +00:00			`event["stderr"].write("%s isn't registered" % target.nickname)`
			`return`

Fix permission bug 2018-09-23 10:09:46 +00:00			`if permission not in permissions:`
Fix permission bug 2018-09-23 10:06:15 +00:00			`event["stderr"].write("%s doesn't have permission '%s'" % (`
Add !givepermission and !removepermission to permissions.py 2018-08-28 15:53:21 +00:00			`target.nickname, permission))`
			`else:`
			`permissions.remove(permission)`
Delete "permissions" setting when it's empty 2018-08-29 13:34:52 +00:00			`if not permissions:`
			`target.del_setting("permissions")`
			`else:`
			`target.set_setting("permissions", permissions)`
Add !givepermission and !removepermission to permissions.py 2018-08-28 15:53:21 +00:00			`event["stdout"].write("Removed permission '%s' from %s" % (`
			`permission, target.nickname))`