permit no password

Question

permit no password

daBrado opened this issue 10 years ago · comments

I don't know if it fits with the intent of Hector, but I am interested in the ability for people to connect to the IRC server without a password, e.g. when on a firewalled LAN and so perhaps one can assume it is okay for anyone who can even route to the server to also connect to the IRC server.

One way I thought to do this that would be backwards compatible is to just add a public method to Identity adapters called permit_no_password? which returns a boolean, and if the method doesn't exist on the adapter, it is assumed to be false.

You can see an example implementation here:

https://github.com/daBrado/hector/compare/nopasswdopt

I also added it into the YamlIdentityAdapter, so that one could configure that adapter to allow people to connect without a password. In this mode, it has the affect that if a user exists, they must supply a password; if the user does not yet exist, then no password is required.

Let me know if this is of interest, and if so, any changes you'd like to see in the above implementation... also I'd take a crack at adding test coverage.

Thanks.

Ross Paffett · Answer 1 · Mon Mar 31 2014 08:32:46 GMT+0800 (China Standard Time)

I think allowing anonymous connections is outside the scope of Hector itself, but it should be very easy to implement using a custom identity adapter, like this:

class AnonymousIdentityAdapter
  def authenticate(username, password)
    yield true
  end

  def normalize(username)
    username
  end
end

Configure Hector to use the adapter in init.rb:

Hector::Identity.adapter = AnonymousIdentityAdapter.new

Would that work for your needs?

Braden Pellett · Answer 2 · Mon Mar 31 2014 13:46:30 GMT+0800 (China Standard Time)

I had tried that method before, but the issue for me was that a password was still required for a connection, even though it was ultimately unused for the authentication. Perhaps the most confusing part was that the connection was silently timed out when no password was given. Regardless, I was hoping to not have to supply a password at all (as opposed to requiring one but then throwing it away). Does that make sense?

Braden Pellett · Answer 3 · Mon Mar 31 2014 14:26:27 GMT+0800 (China Standard Time)

I updated my nopasswd branch to show a simpler implementation of what I mean: https://github.com/daBrado/hector/compare/nopasswd This would just do an authentication attempt before getting the password. This implies that an identity adapter that allows nil passwords is equivalent to allowing passwordless connections.

(the previous implementation is now at https://github.com/daBrado/hector/compare/nopasswdopt)

lee aylward · Answer 4 · Fri Apr 04 2014 00:33:32 GMT+0800 (China Standard Time)

Some time ago I added something similar to hector in a branch. It skipped the requirement for a user and pass if the IP address met certain criteria. May be of some help: leedo@fa5ea73