unofficial mirror of bug-gnu-emacs@gnu.org 
 help / color / mirror / code / Atom feed
* bug#46777: 28.0.50; ERC: NickServ identification: Prompt for password after other sources, overall simplifications
@ 2021-02-25 17:33 Olivier Certner
  2021-02-25 17:38 ` Olivier Certner
                   ` (2 more replies)
  0 siblings, 3 replies; 7+ messages in thread
From: Olivier Certner @ 2021-02-25 17:33 UTC (permalink / raw)
  To: 46777

When `erc-prompt-for-nickserv-password' is true, don't ignore the
other forms of identification.  Instead, process them first, and
prompt for the password last.  Separate concerns (determination of the
nick to use, of the password to use, and actual message sending).

Note that the user can be interactively prompted for a password on
reception of a Nickserv request, as before (on
`erc-prompt-for-nickserv-password').

This is a follow-up to #45340 (see end of discussion there for additional 
context).

Pull request with the single commit to be posted after the bug is open. 
Changes rebased on master.

-- 
Olivier Certner







^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#46777: 28.0.50; ERC: NickServ identification: Prompt for password after other sources, overall simplifications
  2021-02-25 17:33 bug#46777: 28.0.50; ERC: NickServ identification: Prompt for password after other sources, overall simplifications Olivier Certner
@ 2021-02-25 17:38 ` Olivier Certner
  2021-02-25 17:47   ` Basil L. Contovounesios
  2021-06-08  2:23 ` J.P.
       [not found] ` <878s3l6qms.fsf@neverwas.me>
  2 siblings, 1 reply; 7+ messages in thread
From: Olivier Certner @ 2021-02-25 17:38 UTC (permalink / raw)
  To: 46777

Corresponding "pull request" (just for showing the diff):
https://github.com/OlCe2/emacs/pull/2

-- 
Olivier Certner







^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#46777: 28.0.50; ERC: NickServ identification: Prompt for password after other sources, overall simplifications
  2021-02-25 17:38 ` Olivier Certner
@ 2021-02-25 17:47   ` Basil L. Contovounesios
  2021-02-25 18:22     ` Olivier Certner
  0 siblings, 1 reply; 7+ messages in thread
From: Basil L. Contovounesios @ 2021-02-25 17:47 UTC (permalink / raw)
  To: Olivier Certner; +Cc: 46777

Olivier Certner <ocert.dev@free.fr> writes:

> Corresponding "pull request" (just for showing the diff):
> https://github.com/OlCe2/emacs/pull/2

Thanks, but I think it's generally easier/preferred to review patches
here if you send them as attachments.  See the file CONTRIBUTE.

-- 
Basil





^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#46777: 28.0.50; ERC: NickServ identification: Prompt for password after other sources, overall simplifications
  2021-02-25 17:47   ` Basil L. Contovounesios
@ 2021-02-25 18:22     ` Olivier Certner
  0 siblings, 0 replies; 7+ messages in thread
From: Olivier Certner @ 2021-02-25 18:22 UTC (permalink / raw)
  To: Basil L. Contovounesios; +Cc: 46777

[-- Attachment #1: Type: text/plain, Size: 36 bytes --]

Sure. Attached.

-- 
Olivier Certner

[-- Attachment #2: 0001-NickServ-identification-Prompt-for-password-last-ove.patch --]
[-- Type: text/x-patch, Size: 11938 bytes --]

From 0b3d0c7a53f4a9d14db8301a8e499bf62cab619a Mon Sep 17 00:00:00 2001
From: Olivier Certner <olce.emacs@certner.fr>
Date: Fri, 5 Feb 2021 15:34:50 +0100
Subject: [PATCH] NickServ identification: Prompt for password last, overall
 simplifications

When `erc-prompt-for-nickserv-password' is true, don't ignore the
other forms of identification.  Instead, process them first, and
prompt for the password last.  Separate concerns (determination of the
nick to use, of the password to use, and actual message sending).

Note that the user can be interactively prompted for a password on
reception of a Nickserv request, as before (on
`erc-prompt-for-nickserv-password').

* lisp/erc/erc-services.el (erc-nickserv-identify): Don't take the
password anymore as an argument (and don't prompt for it
interactively).  On the contrary, now take the nick to use for
identification (interactively, ask for it, defaulting to the current
one).  Move actual message sending into the new
`erc-nickserv-send-identify', and password prompting into
`erc-nickserv-get-password'.

(erc-nickserv-send-identify): New function containing the sending
code, given the nick and password.

(erc-nickserv-get-password): Try each password source in turn, in this
order: `erc-nickserv-passwords', auth-source (if
`erc-use-auth-source-for-nickserv-password' is true), and in the end
prompt the user interactively (if `erc-prompt-for-nickserv-password'
is true).  If one source returns a string, the function returns it, or
nil if the string is empty.

(erc-nickserv-call-identify-function): Remove.  It was necessary as a
cumbersome workaround for the fact that the code for password
prompting was in the `interactive' form of function
`erc-nickserv-identify' before this change.

(erc-nickserv-identify-autodetect, erc-nickserv-identify-on-connect)
(erc-nickserv-identify-on-nick-change): Call `erc-nickserv-identify'
directly (`erc-nickserv-call-identify-function' was removed).  For the
last two functions, remove the redundant checks on the Nickserv
identification flags (additionally, it is doubtful they have any
measurable impact on performance).
---
 etc/NEWS                 |  14 +++-
 lisp/erc/erc-services.el | 157 ++++++++++++++++++++++-----------------
 2 files changed, 99 insertions(+), 72 deletions(-)

diff --git a/etc/NEWS b/etc/NEWS
index caa366aaef..3fbf7c6b29 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -1528,14 +1528,20 @@ https://www.w3.org/TR/xml/#charsets).  Now it rejects such strings.
 
 ** erc
 
----
-*** erc-services.el now supports NickServ passwords from auth-source.
+*** NickServ passwords can now be retrieved from auth-source
 The 'erc-use-auth-source-for-nickserv-password' user option enables
 querying auth-source for NickServ passwords.  To enable this, add the
 following to your init file:
 
-    (setq erc-prompt-for-nickserv-password nil
-          erc-use-auth-source-for-nickserv-password t)
+    (setq erc-use-auth-source-for-nickserv-password t)
+
+*** NickServ identification now prompts for password last
+When 'erc-prompt-for-nickserv-password' is true, the user used to be
+unconditionally prompted interactively for a password, regardless of
+the content of `erc-nickserv-passwords', which was effectively ignored
+(same for the new 'erc-use-auth-source-for-nickserv-password').  This
+limitation is now removed, and the user is interactively prompted
+last, after the other identification methods have run.
 
 ---
 *** The '/ignore' command will now ask for a timeout to stop ignoring the user.
diff --git a/lisp/erc/erc-services.el b/lisp/erc/erc-services.el
index 9ef8b7f46a..3740e54672 100644
--- a/lisp/erc/erc-services.el
+++ b/lisp/erc/erc-services.el
@@ -170,9 +170,8 @@ You can also use \\[erc-nickserv-identify-mode] to change modes."
 
 (defcustom erc-use-auth-source-for-nickserv-password nil
   "Query auth-source for a password when identifiying to NickServ.
-This option has an no effect if `erc-prompt-for-nickserv-password'
-is non-nil, and passwords from `erc-nickserv-passwords' take
-precedence."
+Passwords from `erc-nickserv-passwords' take precedence.  See
+function `erc-nickserv-get-password'."
   :version "28.1"
   :group 'erc-services
   :type 'boolean)
@@ -400,85 +399,107 @@ password for this nickname, otherwise try to send it automatically."
 		 identify-regex
 		 (string-match identify-regex msg))
 	(erc-log "NickServ IDENTIFY request detected")
-	(erc-nickserv-call-identify-function nick)
+	(erc-nickserv-identify nick)
 	nil))))
 
 (defun erc-nickserv-identify-on-connect (_server nick)
   "Identify to Nickserv after the connection to the server is established."
-  (unless (or (and (null erc-nickserv-passwords)
-                   (null erc-prompt-for-nickserv-password)
-                   (null erc-use-auth-source-for-nickserv-password))
-              (and (eq erc-nickserv-identify-mode 'both)
-                   (erc-nickserv-alist-regexp (erc-network))))
-    (erc-nickserv-call-identify-function nick)))
+  (unless (and (eq erc-nickserv-identify-mode 'both)
+               (erc-nickserv-alist-regexp (erc-network)))
+    (erc-nickserv-identify nick)))
 
 (defun erc-nickserv-identify-on-nick-change (nick _old-nick)
   "Identify to Nickserv whenever your nick changes."
-  (unless (or (and (null erc-nickserv-passwords)
-                   (null erc-prompt-for-nickserv-password)
-                   (null erc-use-auth-source-for-nickserv-password))
-              (and (eq erc-nickserv-identify-mode 'both)
-                   (erc-nickserv-alist-regexp (erc-network))))
-    (erc-nickserv-call-identify-function nick)))
+  (unless (and (eq erc-nickserv-identify-mode 'both)
+               (erc-nickserv-alist-regexp (erc-network)))
+    (erc-nickserv-identify nick)))
 
-(defun erc-nickserv-get-password (nickname)
-  "Return the password for NICKNAME from configured sources.
+(defun erc-nickserv-get-password (nick)
+  "Return the password for NICK from configured sources.
+First, a password for NICK is looked up in
+`erc-nickserv-passwords'.  Then, it is looked up in auth-source
+if `erc-use-auth-source-for-nickserv-password' is not nil.
+Finally, interactively prompt the user, if
+`erc-prompt-for-nickserv-password' is true.
 
-It uses `erc-nickserv-passwords' and additionally auth-source
-when `erc-use-auth-source-for-nickserv-password' is not nil."
-  (or
-   (when erc-nickserv-passwords
-     (cdr (assoc nickname
-                 (nth 1 (assoc (erc-network)
-                               erc-nickserv-passwords)))))
-   (when erc-use-auth-source-for-nickserv-password
-     (let* ((secret (nth 0 (auth-source-search
-                            :max 1 :require '(:secret)
-                            :host (erc-with-server-buffer erc-session-server)
-                            :port (format ; ensure we have a string
-                                   "%s" (erc-with-server-buffer erc-session-port))
-                            :user nickname))))
-       (when secret
-         (let ((passwd (plist-get secret :secret)))
-           (if (functionp passwd) (funcall passwd) passwd)))))))
-
-(defun erc-nickserv-call-identify-function (nickname)
-  "Call `erc-nickserv-identify'.
-Either call it interactively or run it with NICKNAME's password,
-depending on the value of `erc-prompt-for-nickserv-password'."
-  (if erc-prompt-for-nickserv-password
-      (call-interactively 'erc-nickserv-identify)
-    (erc-nickserv-identify (erc-nickserv-get-password nickname))))
+As soon as some source returns a password, the sequence of
+lookups stops and this function returns it (or returns nil if it
+is empty).  Otherwise, no corresponding password was found, and
+it returns nil."
+  (let (network server port)
+    ;; Fill in local vars, switching to the server buffer once only
+    (erc-with-server-buffer
+     (setq network erc-network
+           server erc-session-server
+           port erc-session-port))
+    (let ((ret
+           (or
+            (when erc-nickserv-passwords
+              (cdr (assoc nick
+                          (cl-second (assoc network
+                                            erc-nickserv-passwords)))))
+            (when erc-use-auth-source-for-nickserv-password
+              (let ((secret (cl-first (auth-source-search
+                                       :max 1 :require '(:secret)
+                                       :host server
+                                       ;; Ensure a string for :port
+                                       :port (format "%s" port)
+                                       :user nick))))
+                (when secret
+                  (let ((passwd (plist-get secret :secret)))
+                    (if (functionp passwd) (funcall passwd) passwd)))))
+            (when erc-prompt-for-nickserv-password
+              (read-passwd
+               (format "NickServ password for %s on %s (RET to cancel): "
+                       nick network))))))
+      (when (and ret (not (string= ret "")))
+        ret))))
 
 (defvar erc-auto-discard-away)
 
-;;;###autoload
-(defun erc-nickserv-identify (password)
+(defun erc-nickserv-send-identify (nick password)
   "Send an \"identify <PASSWORD>\" message to NickServ.
-When called interactively, read the password using `read-passwd'."
+Returns t if the message could be sent, nil otherwise."
+  (let* ((erc-auto-discard-away nil)
+         (network (erc-network))
+         (nickserv-info (assoc network erc-nickserv-alist))
+         (nickserv (or (erc-nickserv-alist-nickserv nil nickserv-info)
+                       "NickServ"))
+         (identify-word (or (erc-nickserv-alist-ident-keyword
+                             nil nickserv-info)
+                            "IDENTIFY"))
+         (nick (if (erc-nickserv-alist-use-nick-p nil nickserv-info)
+                   (concat nick " ")
+                 ""))
+         (msgtype (or (erc-nickserv-alist-ident-command nil nickserv-info)
+                      "PRIVMSG")))
+    (erc-message msgtype
+                 (concat nickserv " " identify-word " " nick password))))
+
+;;;###autoload
+(defun erc-nickserv-identify (&optional nick)
+  "Identify to NickServ immediately.
+Identification will either use NICK or the current nick if not
+provided, and some password obtained through
+`erc-nickserv-get-password' (which see).  If no password can be
+found, an error is reported trough `erc-error'.
+
+Interactively, the user will be prompted for NICK, an empty
+string meaning to default to the current nick.
+
+Returns t if the identify message could be sent, nil otherwise."
   (interactive
-   (list (read-passwd
-	  (format "NickServ password for %s on %s (RET to cancel): "
-		  (erc-current-nick)
-		  (or (and (erc-network)
-			   (symbol-name (erc-network)))
-		      "Unknown network")))))
-  (when (and password (not (string= "" password)))
-    (let* ((erc-auto-discard-away nil)
-	   (network (erc-network))
-	   (nickserv-info (assoc network erc-nickserv-alist))
-	   (nickserv (or (erc-nickserv-alist-nickserv nil nickserv-info)
-			 "NickServ"))
-	   (identify-word (or (erc-nickserv-alist-ident-keyword
-			       nil nickserv-info)
-			      "IDENTIFY"))
-	   (nick (if (erc-nickserv-alist-use-nick-p nil nickserv-info)
-		     (concat (erc-current-nick) " ")
-		   ""))
-	   (msgtype (or (erc-nickserv-alist-ident-command nil nickserv-info)
-			"PRIVMSG")))
-      (erc-message msgtype
-		   (concat nickserv " " identify-word " " nick password)))))
+   (list
+    (read-from-minibuffer "Nickname: " nil nil nil
+                          'erc-nick-history-list (erc-current-nick))))
+  (unless (and nick (not (string= nick "")))
+    (setq nick (erc-current-nick)))
+  (let ((password (erc-nickserv-get-password nick)))
+    (if password
+        (erc-nickserv-send-identify nick password)
+      (erc-error "Cannot find a password for nickname %s"
+                 nick)
+      nil)))
 
 (provide 'erc-services)
 
-- 
2.30.0


^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#46777: 28.0.50; ERC: NickServ identification: Prompt for password after other sources, overall simplifications
  2021-02-25 17:33 bug#46777: 28.0.50; ERC: NickServ identification: Prompt for password after other sources, overall simplifications Olivier Certner
  2021-02-25 17:38 ` Olivier Certner
@ 2021-06-08  2:23 ` J.P.
       [not found] ` <878s3l6qms.fsf@neverwas.me>
  2 siblings, 0 replies; 7+ messages in thread
From: J.P. @ 2021-06-08  2:23 UTC (permalink / raw)
  To: Olivier Certner; +Cc: emacs-erc, 46777

Hi Olivier,

I'm sure you know this, but for others, both files have changed since
this patch was created. It applies cleanly for me atop this commit:

  297c0e0306f111c1e7564b2bb49a7e1a925a55bb

Okay, the layout of this module is a bit confusing to me. Perhaps that's
because it's regarded as an entry point of some kind and therefore
special? In the commentary, it says to enable it explicitly using the
minor mode interface (rather than add it to erc-modules). However, I
notice that the :set function for the option erc-nickserv-identify-mode
goes ahead and activates it in all the ways that matter (but the minor-
mode variable).

So no matter what, the function of the same name is called, which then
sets the same custom option (possibly again). I guess that's what that
comment about avoiding "recursive load at startup" is all about? For
now, I'll just assume something fancy's going on I don't yet comprehend.
(Maybe I'll check the old mailing list for clues.)

In general, I'm somewhat inclined to regard this module as nonessential
and legacy focused because it's not loaded by default and because these
days, things seem to be trending toward fewer interactions with nick
services beyond initial setup (where manual piloting is required
anyway). However, I think this module receives a fair amount of
attention on #emacs and elsewhere, so we might as well abide. Because I
don't use it myself, I'll spare you any dubious hands on feedback and
stick to the self-interested stuff affecting those improvements I'd like
to see in ERC for this coming release.

So, despite its specialness, I'm rather confident this module and your
changes to it will be spared the brunt of the library-wide modifications
I have in store. Basically, this would be a reorienting of ERC's notion
of connection identities toward a more network-centric view.

This module already depends on erc-networks, which is good. This means
most of what I'll be tweaking will be auth-source related. But I won't
touch any options concerning the when and the why of it all, which is
what you and Leon have addressed. I'll instead likely only be messing
with the arguments to the one auth-source-search invocation. If you're
interested in details, please follow bug #48598.

A couple specifics. In erc-nickserv-get-password,

    (erc-with-server-buffer
     (setq network erc-network
                   ^~~~~~~~~~~~
           server erc-session-server
           port erc-session-port))

would you mind using the function form of erc-network instead? I'm
focusing a lot on that one symbol in particular, and it'd be nice to
keep things consistent for now, if it's all the same to you.

My other note concerns erc-nickserv-identify. Assuming debug-on-error is
nil, it looks like this dings whenever erc-nickserv-get-password comes
up empty, which I guess can only happen when the three main
password-related user options are all nil (or the prompt gets
dismissed).

So, worst case scenario, people get dinged a few times straight away:
maybe once just after MOTD and once just before, in the case of an
initial re-NICK, and maybe again from a "please identify"/"nick taken"
NOTICE. But being Emacs users, they'd know to check *Messages* for
details (is that the idea?). If there's a realistic chance of a more
intense onslaught, I suppose one alternative might be to print something
to the active buffer using erc-display-error-notice instead. But you
know better than I, having actually used this.

Not sure if you're aware, but there's a bit of an integration going on
between erc-join.el and this module via erc-nickserv-identified-hook.
The autojoin module is pretty confusing, and my current bug addresses
some of that. My question for you is: do networks punish folks for
repeated failed JOIN attempts while unauthed? IOW, any clue whether
major IRCds or service daemons auto-TKLINE (or similar) for such
behavior? If there *is* a risk, I'd rather fix things on the autojoin
side because inhibiting timers during read-passwd would affect PONGs and
the outgoing flood queue, etc.

BTW, have you considered maybe generalizing this entire module (while
preserving the interface) to make it work with *any* services bot, e.g.,
FooServ, and not just nick-related stuff?

So, yeah, now comes the part where I admit to not having actually fired
this up and put it through its paces. But I'm certainly willing to if
you'd like the extra peace of mind. Shouldn't take more than a couple
days (i.e., nanoseconds to the yogi you've surely become by now). Let me
know, and thanks.

J.P.





^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#46777: 28.0.50; ERC: NickServ identification: Prompt for password after other sources, overall simplifications
       [not found] ` <878s3l6qms.fsf@neverwas.me>
@ 2021-06-09 13:30   ` Olivier Certner
  2021-06-10  3:59     ` J.P.
  0 siblings, 1 reply; 7+ messages in thread
From: Olivier Certner @ 2021-06-09 13:30 UTC (permalink / raw)
  To: J.P.; +Cc: emacs-erc, 46777

Hi,

> I'm sure you know this, but for others, both files have changed since
> this patch was created. It applies cleanly for me atop this commit: 
>   297c0e0306f111c1e7564b2bb49a7e1a925a55bb

I didn't check for a long time because of the legal part taking so long (more 
than 7 months, I opted for public domain first but switched to regular 
copyright assignment thanks to the grant back) and because I'm maintaining 
private patches over Emacs 27.1.

I have very limited time at the moment, so I'm sure I'm not going to be able 
to look at it before next week, and perhaps even before next month. Are you 
(or is someone) aware of the expected release cycle for 28.1?

> Okay, the layout of this module is a bit confusing to me. Perhaps that's
> because it's regarded as an entry point of some kind and therefore
> special? In the commentary, it says to enable it explicitly using the
> minor mode interface (rather than add it to erc-modules). However, I
> notice that the :set function for the option erc-nickserv-identify-mode
> goes ahead and activates it in all the ways that matter (but the minor-
> mode variable).

Didn't dig that, but can tell you "services" indeed works when added to `erc-
modules', since this is how I'm using it. If I don't put it there, no autojoin 
happens when NickServ responds.

> In general, I'm somewhat inclined to regard this module as nonessential
> and legacy focused because it's not loaded by default and because these
> days, things seem to be trending toward fewer interactions with nick
> services beyond initial setup (where manual piloting is required
> anyway). However, I think this module receives a fair amount of
> attention on #emacs and elsewhere, so we might as well abide. Because I
> don't use it myself, I'll spare you any dubious hands on feedback and
> stick to the self-interested stuff affecting those improvements I'd like
> to see in ERC for this coming release.

I've seen you sent a big mail entitled "buffer-naming collisions involving 
bouncers in ERC" but only had time for a quick glance.

As for interaction with NickServ, every new direct connection to servers need 
to authenticate with NickServ when using a registered nick. I don't know how 
bouncers work, but I suspect they do authentication differently, so I suspect 
your view is that of a user of bouncers.

Architecturally, I don't know (yet) if having this module separate is a good 
thing going ahead, but on the other hand I think the need for auto-joining is 
very real (again, may be wrong with bouncers; do they automatically forward 
all messages from all channels they are in to clients connecting to them? or 
is there a specific mechanism to obtain the messages from specific channels?).
And autojoining cannot work effectively if users are not automatically 
identified before (when using registered nicks). So the module/architecture 
may be obsolete, but I don't think the needs themselves are.
 
> This module already depends on erc-networks, which is good. This means
> most of what I'll be tweaking will be auth-source related. But I won't
> touch any options concerning the when and the why of it all, which is
> what you and Leon have addressed. I'll instead likely only be messing
> with the arguments to the one auth-source-search invocation. If you're
> interested in details, please follow bug #48598.

Given my limited time at the moment, yes, it would be best that your changes 
are quite small if you want me to review them.

I'll follow up with #48598 when I can.

So here's a first proposal:
1. I rebase the changes on current master.
2. We address what needs to be addressed with respect to your other patches.

Provided, indeed, that I have time to do it quickly enough for 28.1's release. 
If not we'll have to find another plan.
 
> A couple specifics. In erc-nickserv-get-password,
> 
>     (erc-with-server-buffer
>      (setq network erc-network
>                    ^~~~~~~~~~~~
>            server erc-session-server
>            port erc-session-port))
> 
> would you mind using the function form of erc-network instead? I'm
> focusing a lot on that one symbol in particular, and it'd be nice to
> keep things consistent for now, if it's all the same to you.

In principle I don't mind. But I also prefer simplicity as much as possible. 
If I chose this, it's probably because using the function had no added value. 
If the buffer-local variable and the function are indeed going to differ 
(hopefully you have good reasons for this) in your plans, of course we can 
switch.

In ERC in general, I've found that there are too many buffer-local variables 
and accessor functions in the sense that they are redundant, that you don't 
necessarily know in which buffer to look for which variable (current buffer? 
server buffer? other?), and that multiple variables seem to contain 
approximately the same information (but not exactly, that would be too 
simple). Proper accessors could solve part of these problems (doing that with 
a minimal amount of buffer switching is more work, but can wait for later).

> My other note concerns erc-nickserv-identify. Assuming debug-on-error is
> nil, it looks like this dings whenever erc-nickserv-get-password comes
> up empty, which I guess can only happen when the three main
> password-related user options are all nil (or the prompt gets
> dismissed).
> 
> So, worst case scenario, people get dinged a few times straight away:
> maybe once just after MOTD and once just before, in the case of an
> initial re-NICK, and maybe again from a "please identify"/"nick taken"
> NOTICE. But being Emacs users, they'd know to check *Messages* for
> details (is that the idea?). If there's a realistic chance of a more
> intense onslaught, I suppose one alternative might be to print something
> to the active buffer using erc-display-error-notice instead. But you
> know better than I, having actually used this.

I get prompted once only (in fact, now not at all, since I use auth-source). I 
never re-NICK. What are re-NICKs used for? To wear cloaks after regular log 
in? In this case, I assume NickServ authentication is needed for logging in, 
but not to switch to the cloak? Sorry, I'm not yet very versed in the 
subtleties of IRC, contrary to what you may think.

I don't think a priori that there is a problem in dinging the user per se, 
even a few times. The problem is rather whether the process should take place 
or not (i.e., should NickServ identification happen in the first place? see 
questions on re-NICK above) and when (dinging is OK if close to an event 
triggered by the user, which if I remember correctly is the case now except 
for delayed autojoining, if the delay is too long).

> Not sure if you're aware, but there's a bit of an integration going on
> between erc-join.el and this module via erc-nickserv-identified-hook.
> The autojoin module is pretty confusing, and my current bug addresses
> some of that. My question for you is: do networks punish folks for
> repeated failed JOIN attempts while unauthed? IOW, any clue whether
> major IRCds or service daemons auto-TKLINE (or similar) for such
> behavior? If there *is* a risk, I'd rather fix things on the autojoin
> side because inhibiting timers during read-passwd would affect PONGs and
> the outgoing flood queue, etc.

Not sure what you are referring to here. Maybe after fully reading bugs and 
mails, things will get clear, but for now they are rather obscure. Trying 
anyway:
1. I can't answer your question about being banned if attempting too much to 
join while not authenticated. But why is this even a problem? In which case 
are we going to repeatedly join some channel after a failed attempt?
2. `read-passwd' doesn't inhibit timers (AFAIK). Why would you want to inhibit 
timers there? Having a time out in `erc-nickserv-identify' would be great yes. 
Is this what you are talking about?

> BTW, have you considered maybe generalizing this entire module (while
> preserving the interface) to make it work with *any* services bot, e.g.,
> FooServ, and not just nick-related stuff?

Not at this point, because I don't know IRC enough, and I'm not using other 
services bot. What would doing this buy us? I can't answer that now.

That said, I think we (at least, I) should rather focus on needs and 
mechanisms (e.g., such as authentication), and then deal with actual 
implementations, possibly involving bots (e.g., NickServ for auth).

-- 
Olivier Certner







^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#46777: 28.0.50; ERC: NickServ identification: Prompt for password after other sources, overall simplifications
  2021-06-09 13:30   ` Olivier Certner
@ 2021-06-10  3:59     ` J.P.
  0 siblings, 0 replies; 7+ messages in thread
From: J.P. @ 2021-06-10  3:59 UTC (permalink / raw)
  To: Olivier Certner; +Cc: emacs-erc, 46777

> I have very limited time at the moment, so I'm sure I'm not going to be able 
> to look at it before next week, and perhaps even before next month. Are you 
> (or is someone) aware of the expected release cycle for 28.1?

Thanks for the time window. It would be nice to get the patches you have
open into ERC before the next release, but I'm clueless as to when
that's slated to occur.

> Didn't dig that, but can tell you "services" indeed works when added to `erc-
> modules', since this is how I'm using it. If I don't put it there, no autojoin 
> happens when NickServ responds.

I wasn't worried about it not supporting the modules interface. I was
concerned that setting `erc-nickserv-identify-mode' in a config via
`set-variable' or similar would effectively turn it "on" by registering
its hooks even though `erc-services-mode' (the variable) would still be
nil (because this module isn't loaded by default). Regardless, shouldn't
we try to keep those in sync? If not, and module-based minor modes
shouldn't be used to detect whether a module is active and its features
enabled, then we've got to fix that in the code (right?), perhaps
starting with

  (unless erc-networks-mode
    ;; Force-enable networks module, because we need it to set
    ;; erc-network for us.
    (erc-networks-enable))

in (the function) `erc-nickserv-identify-mode' itself.

> I've seen you sent a big mail entitled "buffer-naming collisions involving 
> bouncers in ERC" but only had time for a quick glance.
>
> As for interaction with NickServ, every new direct connection to servers need 
> to authenticate with NickServ when using a registered nick. I don't know how 
> bouncers work, but I suspect they do authentication differently, so I suspect 
> your view is that of a user of bouncers.

I should apologize for not de-emphasizing "bouncer" in reference to my
concerns being influenced by that bug (#48598), which for me is merely a
convenient means of addressing larger fundamental problems in ERC.

> Architecturally, I don't know (yet) if having this module separate is a good 
> thing going ahead, but on the other hand I think the need for auto-joining is 
> very real (again, may be wrong with bouncers; do they automatically forward 
> all messages from all channels they are in to clients connecting to them? or 
> is there a specific mechanism to obtain the messages from specific channels?).
> And autojoining cannot work effectively if users are not automatically 
> identified before (when using registered nicks). So the module/architecture 
> may be obsolete, but I don't think the needs themselves are.

The real problem (to my knowledge) is that there's no consensus around
how an IRC server should tell a client it's been authenticated (work may
be ongoing in this area). For now though, since there's no formal
concept of "accounts," you're either granted the nick you requested
during opening introductions or you're not.

How one goes about creating the conditions for such "granting" to occur
successfully depends on the various methods available to the client and
the server. Extensions like SASL support (part of the v3 initiative) and
Cert FP, which uses client certificates, are two examples of methods
currently employed by networks and servers to address this.

Personally, I wouldn't like to see this module loaded by default unless
we can state confidently that the way in which it goes about solving
this problem, namely engaging nick services with heuristics-driven,
TCL-expect style exchanges (which is fine) is the right thing for most
users (it very well may be).

More on this general topic of what determines a session in my bug's
thread (#48598).

> Given my limited time at the moment, yes, it would be best that your changes 
> are quite small if you want me to review them.

For this module, that's looking likely.

> I'll follow up with #48598 when I can.
>
> So here's a first proposal:
> 1. I rebase the changes on current master.
> 2. We address what needs to be addressed with respect to your other patches.

Step 2 isn't really necessary unless you feel up to it. I'm fine with
just dropping it rather than having us waste time coordinating around
something that's still mostly fluid.

>> A couple specifics. In erc-nickserv-get-password,
>> [...]
>> would you mind using the function form of erc-network instead?

Don't bother with this. I shouldn't have brought it up.

> In ERC in general, I've found that there are too many buffer-local variables 
> and accessor functions in the sense that they are redundant, that you don't 
> necessarily know in which buffer to look for which variable (current buffer? 
> server buffer? other?), and that multiple variables seem to contain 
> approximately the same information (but not exactly, that would be too 
> simple). Proper accessors could solve part of these problems (doing that with 
> a minimal amount of buffer switching is more work, but can wait for later).

We definitely agree on this point. At the moment though, I'm trying to
resist refactoring in this area in full. Instead, I'd like to turn this
corner in stages, the first adding whatever's necessary to tackle #48598
(which again, has to do with much more than just bouncers).

> I get prompted once only (in fact, now not at all, since I use auth-source). I 
> never re-NICK. What are re-NICKs used for? To wear cloaks after regular log 
> in? In this case, I assume NickServ authentication is needed for logging in, 
> but not to switch to the cloak? Sorry, I'm not yet very versed in the 
> subtleties of IRC, contrary to what you may think.

By re-NICK, I meant the server sending you a

  :you`!~you@yours NICK :you

once you've been authenticated. Do you not get these?

In terms of dinging, I wasn't really referring to your personal
experience but rather a worst case for an unlucky user. As long as the
error message and how it's displayed is sufficient for getting someone
on their way toward fixing the issue, then fine by me.

> 1. I can't answer your question about being banned if attempting too much to 
> join while not authenticated. But why is this even a problem? In which case 
> are we going to repeatedly join some channel after a failed attempt?

Don't worry about the ban thing. This was based on my carelessly missing
the fact that `erc-nickserv-identified-hook' only runs after you're
successfully authenticated. For whatever reason, I thought it ran on 376
when `erc-nickserv-identify-on-connect' fires, but that's not the case.

Currently, the first autojoin timer is only set on 376 and fires after
30 seconds. In the most unlikely scenario, an unlucky user with no auth
source and no options configured and who can't get their act together
before the timer runs will only log a single failed attempt. Clearly not
something to worry about. I doubt any public network would consider that
an infraction.

Also fueling my original concern was this phenomenon we've been seeing
of various networks enacting stricter policies for some IP ranges and
individuals. That this would somehow involve attempts to use the network
before being auth'd was unfounded speculation on my part.

> 2. `read-passwd' doesn't inhibit timers (AFAIK). Why would you want to inhibit 
> timers there? Having a time out in `erc-nickserv-identify' would be great yes. 
> Is this what you are talking about?

Sorry, that wasn't clear. I didn't mean to imply `read-passwd' inhibited
timers while running. I meant we shouldn't do that as a sad workaround
for postponing JOIN timers.





^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2021-06-10  3:59 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-25 17:33 bug#46777: 28.0.50; ERC: NickServ identification: Prompt for password after other sources, overall simplifications Olivier Certner
2021-02-25 17:38 ` Olivier Certner
2021-02-25 17:47   ` Basil L. Contovounesios
2021-02-25 18:22     ` Olivier Certner
2021-06-08  2:23 ` J.P.
     [not found] ` <878s3l6qms.fsf@neverwas.me>
2021-06-09 13:30   ` Olivier Certner
2021-06-10  3:59     ` J.P.

unofficial mirror of bug-gnu-emacs@gnu.org 

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://yhetil.org/emacs-bugs/0 emacs-bugs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 emacs-bugs emacs-bugs/ https://yhetil.org/emacs-bugs \
		bug-gnu-emacs@gnu.org
	public-inbox-index emacs-bugs

Example config snippet for mirrors.
Newsgroups are available over NNTP:
	nntp://news.yhetil.org/yhetil.emacs.bugs
	nntp://news.gmane.io/gmane.emacs.bugs


code repositories for project(s) associated with this inbox:

	https://git.savannah.gnu.org/cgit/emacs.git

AGPL code for this site: git clone http://ou63pmih66umazou.onion/public-inbox.git