Add "AuthOnlyViaModule" global/user setting

Setting AuthOnlyViaModule on a user causes CheckPass to never return true, causing all authentication attempts using the configured password to fail, both on IRC connections and for webadmin. This is useful in situations where an external module (cyrusauth, certauth, imapauth) handles authentication. Setting the global AuthOnlyViaModule option causes similar behavior across every user. If AuthOnlyViaModule is set to true globally, it cannot be overridden per-user. Close #1474 Close #331
2026-03-28 17:42:41 +01:00 · 2017-12-18 23:00:40 -05:00
parent 3d874f6fe4
commit 42939c998f
9 changed files with 89 additions and 0 deletions
--- a/test/UserTest.cpp
+++ b/test/UserTest.cpp
@@ -119,3 +119,33 @@ TEST_F(UserTest, IsHostAllowed) {
            << "Allow-host is " << h.sMask;
    }
 }
+
+TEST_F(UserTest, TestAuthOnlyViaModule) {
+    CUser user("user");
+    user.SetPass("password", CUser::HASH_NONE);
+
+    bool bAuthOnlyViaModuleDefault = CZNC::Get().GetAuthOnlyViaModule();
+
+    CZNC::Get().SetAuthOnlyViaModule(false);
+    user.SetAuthOnlyViaModule(false);
+
+    EXPECT_TRUE(user.CheckPass("password"));
+
+    // user-level only
+    user.SetAuthOnlyViaModule(true);
+    EXPECT_FALSE(user.CheckPass("password"));
+
+    // re-enabling built-in authentication
+    user.SetAuthOnlyViaModule(false);
+    EXPECT_TRUE(user.CheckPass("password"));
+
+    // on at global level, off at user level
+    CZNC::Get().SetAuthOnlyViaModule(true);
+    EXPECT_FALSE(user.CheckPass("password"));
+
+    // on at both levels
+    user.SetAuthOnlyViaModule(true);
+    EXPECT_FALSE(user.CheckPass("password"));
+
+    CZNC::Get().SetAuthOnlyViaModule(bAuthOnlyViaModuleDefault);
+}