]>
Commit | Line | Data |
---|---|---|
d76ed9a9 AS |
1 | EMAIL COOKIE AUTHENTICATION |
2 | --------------------------- | |
3 | ||
4 | NickServ can use email authentication for various things, offloading | |
5 | some human support. If email cookies are enabled, each handle can | |
6 | have an associated email address (if they're not enabled, current | |
7 | email addresses are preserved, but not displayed or used.) If email | |
8 | cookies are disabled, the rest of this section does not apply. | |
9 | ||
10 | Cookies (10-character case-sensitive alphanumeric strings; they are | |
11 | base64-encoded random numbers) are used for the following things: | |
12 | ||
13 | - Handle activation. When a new handle is registered, its password is | |
14 | set to an unusable string. A cookie is sent to that email address, | |
15 | and can later be used to auth and change the password (as for | |
16 | forgotten password changes, below). | |
17 | ||
18 | - Changing email addresses. When an authed user requests that their | |
19 | email address be changed, half of the cookie is sent to each; both | |
20 | halves must be presented to complete the change. | |
21 | ||
22 | - Allowauth (in addition to the normal staff allowauth command). A | |
23 | cookie is sent to the handle's address, and if the user responds | |
24 | with that cookie, they are allowauth'ed. | |
25 | ||
26 | - Changing forgotten passwords. A user may request a cookie be sent | |
27 | to their email address; this will allow them to auth and change | |
28 | their password. | |
29 | ||
30 | The following limitations apply: | |
31 | ||
32 | - Only one cookie will be issued per handle at a time. The current | |
33 | cookie must be used or time out before another one is issued. | |
34 | ||
35 | - Cookies time out after a configurable amount of time (defaults to 24 | |
36 | hours). | |
37 | ||
38 | - Only one un-activated handle is allowed per email address. | |
39 | ||
40 | The following commands are provided (overriding non-cookie commands of | |
41 | the same name, if there is overlap): | |
42 | ||
43 | - REGISTER <handle> <password> [<email_addr>] | |
44 | - Registers the handle. If email address provided, emails user with | |
45 | a cookie that allows them to activate their handle. Otherwise, | |
46 | sets password to what they request. | |
47 | - SET EMAIL <new_email> | |
48 | - Mails cookie to new email address (if one already exists, mails | |
49 | half to new, half to old). | |
50 | - AUTHCOOKIE <handle> | |
51 | - Emails cookie for authentication. | |
52 | - RESETPASS <handle> <newpass> | |
53 | - Begins password reset process for a handle. | |
54 | - COOKIE [<handle>] <cookie> | |
55 | - If handle's cookie type is REGSTER, activates a handle that was | |
56 | registered using REGISTER, setting handle's password to what is | |
57 | specified. | |
58 | - If handle's cookie type is EMAIL_CHANGE, changes email address. | |
59 | - If handle's cookie type is PASSWORD_CHANGE, changes password. | |
60 | - If handle's cookie type is ALLOWAUTH, allows user to auth if | |
61 | password matches. |