jaraco / irc

Full-featured Python IRC library for Python.
MIT License
392 stars 87 forks source link

Handle Invalid IRC Password #23

Closed jaraco closed 8 years ago

jaraco commented 8 years ago

Some IRC servers need a password when you are joining.

This is handled in irc.client.py line 493:


  # Log on...
        if self.password:
        self.user(self.username, self.ircname)
        return self

This sends the PASS aPassword command to the server before NICK and USER.

This is all following perfectly to the RFC on passwords.

The problem arises if this password is invalid.

I cannot see how the server tells us if the password we just sent was bad. I don't see it handled in the flow of the code in client.py and my tinkering around seems to show the program just sits there doing nothing if this happens.

Can an error be raised on bad password, allowing the program to react to this corner case?

The RFC says we can get back a "ERR_NEEDMOREPARAMS" when we send a "PASS" command but I don't think this is going to help here.

Any idea, or am I missing something?

jaraco commented 8 years ago

Because IRC is asynchronous, I believe it needs a handler for whatever response might be given by the server. I'm not familiar with the protocol, but what I suspect is that you'll need add a global handler to the client for an appropriate event, and when the event comes in that indicates a bad password, you can handle that however is appropriate (disconnect, prompt, re-try, etc).

Original comment by: Jason R. Coombs

jaraco commented 8 years ago

What would really help here is more detail about what a server does (either according to the spec or inferred from actual behavior) in the case of an invalid password. You can probably run the client with debug logging enabled against a server where you transmit an invalid password. That will provide a better indication of what response might be handled by the client.

Original comment by: Jason R. Coombs

jaraco commented 8 years ago

All great points. Thanks to your input I believe I have a plan to move forward. Thanks!

Original comment by: Brendan Ashby

jaraco commented 8 years ago

On further consideration, I suspect the client should probably raise an error if it attempts to send a password which is rejected by the server. I wonder if the server always sends a response to a PASS command, only only when it's invalid. If only the latter, then it'll be harder to detect an error condition.

I'd be interested to hear what you've encountered regarding this issue.

Original comment by: Jason R. Coombs

jaraco commented 8 years ago

After looking into this more, I'm a little frustrated with the way the library handles errors. Using a server my company has, which also requires a password, I attempted to connect using an invalid password with this script:

import logging
import ssl


import irc.client
import irc.connection

client = irc.client.IRC()
server = client.server()
password = 'foo'
ssl_factory = irc.connection.Factory(wrapper=ssl.wrap_socket)
conn = server.connect(
    'irc.example.net', 7000, 'jaraco_test',

def on_error(connection, event):
    if 'Password mismatch' in event.target:
        connection.disconnect("You can't fire me; I quit!")
        raise Exception("Failed to authenticate")

client.add_global_handler('error', on_error)

(I've replaced our actual server and port)

What I get if I run that is this:

> python .\bad-pass.py
DEBUG:irc.client:connect(server='irc.example.com', port=7000, nickname='jaraco_test', ...)
DEBUG:irc.client:TO SERVER: PASS foo
DEBUG:irc.client:TO SERVER: NICK jaraco_test
DEBUG:irc.client:TO SERVER: USER jaraco_test 0 * :jaraco_test
DEBUG:irc.client:FROM SERVER: :irc.example.com NOTICE AUTH :*** Looking up your hostname...
DEBUG:irc.client:command: privnotice, source: irc.example.com, target: AUTH, arguments: ['*** Looking up your hostname...']
DEBUG:irc.client:FROM SERVER: :irc.example.com NOTICE AUTH :*** Found your hostname
DEBUG:irc.client:command: privnotice, source: irc.example.com, target: AUTH, arguments: ['*** Found your hostname']
DEBUG:irc.client:FROM SERVER: ERROR :Closing Link: jaraco_test[c-68-55-72-219.hsd1.dc.comcast.net] (Password mismatch)
DEBUG:irc.client:command: error, source: None, target: Closing Link: jaraco_test[c-68-55-72-219.hsd1.dc.comcast.net] (Password mismatch), arguments: []
Closing Link: jaraco_test[c-68-55-72-219.hsd1.dc.comcast.net] (Password mismatch)
DEBUG:irc.client:TO SERVER: QUIT :You can't fire me; I quit!
Traceback (most recent call last):
  File ".\bad-pass.py", line 26, in <module>
  File "C:\Users\jaraco\projects\irc\irc\client.py", line 266, in process_forever
  File "C:\Users\jaraco\projects\irc\irc\client.py", line 247, in process_once
  File "C:\Users\jaraco\projects\irc\irc\client.py", line 212, in process_data
  File "C:\Users\jaraco\projects\irc\irc\client.py", line 645, in process_data
    self._handle_event(Event(command, NickMask(prefix), target, arguments))
  File "C:\Users\jaraco\projects\irc\irc\client.py", line 649, in _handle_event
    self.irclibobj._handle_event(self, event)
  File "C:\Users\jaraco\projects\irc\irc\client.py", line 386, in _handle_event
    result = handler.callback(connection, event)
  File ".\bad-pass.py", line 23, in on_error
    raise Exception("Failed to authenticate")
Exception: Failed to authenticate

But more interestingly, if I leave out the 'raise Exception' clause, the script will run indefinitely. It will 'process_forever' even though it'll never have any sockets in the main event loop.

So a few things to note. First, the IRC library could probably handle better the circumstance where it doesn't have any connections. Second, the IRC server we use doesn't follow the RFC for handling the invalid password. Third, it was fairly straightforward to write a handler to capture when the password is invalid.

I realize this doesn't "fix" the issue, but it should help anyone struggling with it to better understand how to handle it.

Original comment by: Jason R. Coombs

jaraco commented 8 years ago

I'm going to close this as wontfix for now. If someone wishes to provide a session (perhaps using the script above) to show a transcript of a session against a server that follows the RFC for bad passwords, please do so, and I will gladly add support for the library.

As it is, the one example I have is a non-compliant example, so probably belongs in custom code and not in the library.

Original comment by: Jason R. Coombs