Allow account creation requests to be approved in Slack

[jvperrin]

Account creation requires users to be an OP on IRC, but this means that users from Slack cannot approve accounts or do anything that requires OP permissions.

It would be nice (but probably impractical) to have account creation done with action buttons. Then for permissions, have either a list of authorized users that can approve accounts, a separate private channel where accounts are approved (meh), or something that figures out which users are privileged (either in NickServ or in ocfstaff/ocfroot) and allows those users to approve requests.

[chriskuehl]

My original idea was to just have the bridge tag people who are trusted based on their email (for example, add "($username)" to the end of their name field?). Then create can verify if someone is staff by checking that (a) they're from the bridge (verify via ip address?), and (b) their username is staff.

Action buttons also sound fine, but more complicated.

[jvperrin]

Via IP address might be a bit tougher, since it's running on Marathon, but that would be doable. I was thinking just add NickServ to IRC user bots (#6), and then grab their username from their nick (<user>-slack), but that's not the safest since anyone can set their username to anything on Slack, so they could impersonate someone.

The action buttons are honestly an extra thing that will probably never happen since it's unnecessarily complicated when regular create commands could just be used. It is nice to have some large red and green buttons for rejecting and approving an account though, just looks fancier.

[chriskuehl]

NickServ sounds like a good solution.

[chriskuehl]

IP auth is also possible if we made flood a Marathon agent (in a non-standard pool) and pinned the slack bridge to it, but meh.

[kkuehlz]

Now that @redplanks has implemented nickserv auth for slack bots in #31, one possibility is to have ops respective slack bots in a privileged nick group.