Closed galgeek closed 9 years ago
hi @whimboo !
thanks for your feedback. the updated commit addresses it, except as I've noted in response to your line notes above.
Hi @whimboo !
Thanks for your feedback. I've updated this pull request. I've also responded to a couple of your line notes above.
Maybe this is ready to be merged?
hi @whimboo !
I've added another commit, adding verification for
I'm curious to know whether you're comfortable with these limits on an added nick.
hi @whimboo
I've restructured this listener to decrease nesting.
I've also backed out the checks on arguments to :addAdmin and :addHelper. Since we already check for logged on user of a registered nick and membership in the admin list before we run any admin command, it doesn't add much security to check these arguments, too. Moreover, it's not at all clear how we might verify a nick that's not currently signed in; that should probably be a separate issue.
thank you for your feedback!
hi @whimboo
I see some possibilities, in /help ... output from the Mozilla IRC server, for doing additional validation of arguments to :addAdmin/:addHelper, in particular, the /check command available to operators (though apparently not to all channel operators, so I can't test them with op on the #testdaybotTest channel), and there may be others. Maybe you know more?
I do think this should be a separate issue.
Moreover, it's not at all clear how we might verify a nick that's not currently signed in; that should probably be a separate issue.
Right now I think we should not allow the action and abort it. Only identified users should be able to get added.
Also not exactly sure what you mean with the /help output. Maybe you can clarify?
Hi @whimboo
Mozilla's IRC server has an operator command, /check <nick>
that looks like it might provide info on nicks that are not currently signed in, or not using our channel. If we want to allow :addAdmin to add a user with a registered nick who is not currently signed in, we need an alternative to node-irc's Client.whois
to check, since that works only for signed in users.
Hi @whimboo
I’ve rebased on updated master, and removed one more level of nesting.
I used just git rebase master
but still had to push +branch.
Thank you again for all your feedback and help!
Hm, /check
is really for operators of the IRC network. So no-one of us will have access to it.
This looks fine to me. I will get it merged in a minute. Thanks Barbara!
hi @whimboo !
here's a patch for issue #28. I've run some quick tests on it, seems ok. this could perhaps still be tidied up some, but it is far better than the code it replaces in the first patch. I've added some error-checking and tweaked the adminhelp array to support all this.