remove SCRAM-SHA-256 from advertised SASL mechanisms

Advertising SCRAM-SHA-256 breaks irccloud, which doesn't fall back to PLAIN if it sees SCRAM advertised but SCRAM then fails (as is the case for any account password hashed on Ergo 2.7 or lower). Leave a config option for irctest to enable it in the controller.
2021-08-25 15:57:41 -04:00 · 2021-08-25 15:57:41 -04:00 · 12947644e2
commit 12947644e2
parent 9c77f89bc2
1 changed files with 7 additions and 1 deletions
--- a/irc/config.go
+++ b/irc/config.go
@ -303,6 +303,7 @@ func (t *ThrottleConfig) UnmarshalYAML(unmarshal func(interface{}) error) (err e
 type AccountConfig struct {
 	Registration          AccountRegistrationConfig
 	AuthenticationEnabled bool `yaml:"authentication-enabled"`
+	AdvertiseSCRAM        bool `yaml:"advertise-scram"` // undocumented, see #1782
 	RequireSasl           struct {
 		Enabled      bool
 		Exempted     []string
@ -1379,7 +1380,12 @@ func LoadConfig(filename string) (config *Config, err error) {
 		config.Accounts.VHosts.validRegexp = defaultValidVhostRegex
 	}

-	config.Server.capValues[caps.SASL] = "PLAIN,EXTERNAL,SCRAM-SHA-256"
+	saslCapValue := "PLAIN,EXTERNAL,SCRAM-SHA-256"
+	// TODO(#1782) clean this up:
+	if !config.Accounts.AdvertiseSCRAM {
+		saslCapValue = "PLAIN,EXTERNAL"
+	}
+	config.Server.capValues[caps.SASL] = saslCapValue
 	if !config.Accounts.AuthenticationEnabled {
 		config.Server.supportedCaps.Disable(caps.SASL)
 	}