docs/cookies.txt

   1 EMAIL COOKIE AUTHENTICATION
   2 ---------------------------
   3
   4 NickServ can use email authentication for various things, offloading
   5 some human support.  If email cookies are enabled, each handle can
   6 have an associated email address (if they're not enabled, current
   7 email addresses are preserved, but not displayed or used.)  If email
   8 cookies are disabled, the rest of this section does not apply.
   9
  10 Cookies (10-character case-sensitive alphanumeric strings; they are
  11 base64-encoded random numbers) are used for the following things:
  12
  13 - Handle activation.  When a new handle is registered, its password is
  14   set to an unusable string.  A cookie is sent to that email address,
  15   and can later be used to auth and change the password (as for
  16   forgotten password changes, below).
  17
  18 - Changing email addresses.  When an authed user requests that their
  19   email address be changed, half of the cookie is sent to each; both
  20   halves must be presented to complete the change.
  21
  22 - Allowauth (in addition to the normal staff allowauth command).  A
  23   cookie is sent to the handle's address, and if the user responds
  24   with that cookie, they are allowauth'ed.
  25
  26 - Changing forgotten passwords.  A user may request a cookie be sent
  27   to their email address; this will allow them to auth and change
  28   their password.
  29
  30 The following limitations apply:
  31
  32 - Only one cookie will be issued per handle at a time.  The current
  33   cookie must be used or time out before another one is issued.
  34
  35 - Cookies time out after a configurable amount of time (defaults to 24
  36   hours).
  37
  38 - Only one un-activated handle is allowed per email address.
  39
  40 The following commands are provided (overriding non-cookie commands of
  41 the same name, if there is overlap):
  42
  43 - REGISTER <handle> <password> [<email_addr>]
  44   - Registers the handle.  If email address provided, emails user with
  45     a cookie that allows them to activate their handle.  Otherwise,
  46     sets password to what they request.
  47 - SET EMAIL <new_email>
  48   - Mails cookie to new email address (if one already exists, mails
  49     half to new, half to old).
  50 - AUTHCOOKIE <handle>
  51   - Emails cookie for authentication.
  52 - RESETPASS <handle> <newpass>
  53   - Begins password reset process for a handle.
  54 - COOKIE [<handle>] <cookie>
  55   - If handle's cookie type is REGSTER, activates a handle that was
  56     registered using REGISTER, setting handle's password to what is
  57     specified.
  58   - If handle's cookie type is EMAIL_CHANGE, changes email address.
  59   - If handle's cookie type is PASSWORD_CHANGE, changes password.
  60   - If handle's cookie type is ALLOWAUTH, allows user to auth if
  61     password matches.