Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reject relay init commands with totp when totp is not enabled #1435

Closed
AStove opened this issue Dec 19, 2019 · 1 comment
Closed

Reject relay init commands with totp when totp is not enabled #1435

AStove opened this issue Dec 19, 2019 · 1 comment
Assignees
Labels
Milestone

Comments

@AStove
Copy link

@AStove AStove commented Dec 19, 2019

Feature description

Reject relay init commands that have a totp argument when no totp is required by weechat. https://weechat.org/files/doc/stable/weechat_relay_protocol.en.html#command_init

If you don't reject this, the user gets a false sense of security. And the relay client has no way of knowing if totp is required or not.
Also it would probably be even better to first do an init command without totp, and then having weechat send back a request for a totp, but this would be breaking.

@AStove AStove added the feature label Dec 19, 2019
@AStove AStove mentioned this issue Dec 19, 2019
@flashcode

This comment has been minimized.

Copy link
Member

@flashcode flashcode commented Dec 21, 2019

You're right, I'll implement that.
And I'll do the same for the password: if a client sends a password but the password is empty in WeeChat (really not recommended!), it will be rejected.

@flashcode flashcode self-assigned this Dec 21, 2019
@flashcode flashcode added this to the 2.8 milestone Dec 21, 2019
@flashcode flashcode closed this in 330149b Dec 21, 2019
@flashcode flashcode removed the in progress label Dec 21, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.