implement master-password/master-login in permissions module

This commit is contained in:
jesopo 2019-11-21 16:31:23 +00:00
parent dea29c5d5b
commit 50d12e7e1f

View file

@ -32,6 +32,16 @@ class Module(ModuleManager.BaseModule):
(None, None)) (None, None))
return hash, salt return hash, salt
def _master_password(self):
master_password = self._random_password()
hash, salt = self._make_hash(master_password)
self.bot.set_setting("master-password", [hash, salt])
return master_password
@utils.hook("control.master-password")
def command_line(self, event):
master_password = self._master_password()
return "One-time master password: %s" % master_password
def _has_identified(self, server, user, account): def _has_identified(self, server, user, account):
user._id_override = server.get_user_id(account) user._id_override = server.get_user_id(account)
def _is_identified(self, user): def _is_identified(self, user):
@ -66,6 +76,7 @@ class Module(ModuleManager.BaseModule):
def new_user(self, event): def new_user(self, event):
event["user"]._hostmask_account = None event["user"]._hostmask_account = None
event["user"]._account_override = None event["user"]._account_override = None
event["user"]._master_admin = False
def _set_hostmask(self, server, user): def _set_hostmask(self, server, user):
account = self._find_hostmask(server, user) account = self._find_hostmask(server, user)
@ -98,6 +109,9 @@ class Module(ModuleManager.BaseModule):
return [] return []
def _has_permission(self, user, permission): def _has_permission(self, user, permission):
if user._master_admin:
return True
permissions = self._get_permissions(user) permissions = self._get_permissions(user)
if permission in permissions: if permission in permissions:
return True return True
@ -118,6 +132,21 @@ class Module(ModuleManager.BaseModule):
return True return True
return False return False
@utils.hook("received.command.masterlogin")
@utils.kwarg("min_args", 1)
@utils.kwarg("private_only", True)
def master_login(self, event):
saved_hash, saved_salt = self.bot.get_setting("master-password",
(None, None))
if saved_hash and saved_salt:
given_hash, _ = self._make_hash(event["args"], saved_salt)
if utils.security.constant_time_compare(given_hash, saved_hash):
self.bot.del_setting("master-password")
event["user"]._master_admin = True
event["stdout"].write("Master login successful")
return
event["stderr"].write("Master login failed")
@utils.hook("received.command.mypermissions") @utils.hook("received.command.mypermissions")
@utils.kwarg("authenticated", True) @utils.kwarg("authenticated", True)
def my_permissions(self, event): def my_permissions(self, event):