Bot user (matrixirc) is not configurable

[eqyiel]

Right now it's not possible to connect to chat.freenode.net from an EC2 instance because the initial connection requries SASL (to prevent abuse?), and authentication will fail for this

matrix-appservice-irc/lib/bridge/IrcBridge.js

Line 837 in 4b17e2e

var uname = "matrixirc";

Despite SASL being supported, the user that connects is not configurable, so SASL auth will fail for matrixirc.

I was able to connect by setting a breakpoint here and changing connectionOpts.userName to my own (registered) username:

matrix-appservice-irc/lib/irc/ConnectionInstance.js

Line 342 in 4b17e2e

let nodeClient = new irc.Client(

With the following config:

homeserver:
  url: "http://matrix.maher.fyi:8008"
  domain: "matrix.maher.fyi"
ircService:
  ident:
    enabled: false
    port: 1113
    address: 0.0.0.0
  logging:
    level: "debug"
    toConsole: true
    maxFileSizeBytes: 134217728
    maxFiles: 5
  databaseUri: "nedb:///data/var/lib/matrix-appservice-irc/data"
  servers: {
    "chat.freenode.net": {
      port: 6697,
      ssl: true,
      sslselfsign: false,
      sasl: true,
      password: "...",
  
      sendConnectionMessages: true,
      botConfig: {
        enabled: false,
        nick: "eqyiel",
        password: "...",
  
        joinChannelsIfNoUsers: true
      },
      privateMessages: {
        enabled: true
      },
      dynamicChannels: {
        enabled: true,
        createAlias: true,
        published: true,
        joinRule: "invite",
        federate: false,
        aliasTemplate: "#irc_$SERVER_$CHANNEL",
        whitelist: ["@eqyiel:maher.fyi"],
        exclude: []
      },
      membershipLists: {
        enabled: true,
        global: {
          ircToMatrix: {
            initial: true,
            incremental: true
          },
          matrixToIrc: {
            initial: true,
            incremental: true
          }
        },
        rooms: [  ],
        channels: [  ]
      },
      mappings: {},
      matrixClients: {
        userTemplate: "@irc_$NICK",
        displayName: "$NICK (IRC)"
      },
      ircClients: {
        nickTemplate: "$DISPLAY",
        allowNickChanges: true,
        maxClients: 30,
        idleTimeout: 172800
      }
    }
  }

And running current master: ffc4882

Somewhat related to #447

[eqyiel]

I think the real problem here might be that the AS bot tries to connect to IRC even if botConfig.enabled === false?

[Half-Shot]

@eqyiel We still use it for some stuff. The real boneheaded move was me not also writing a PR for configurable usernames, I'm making a point to do that soon.

[Asara]

This actually makes the AS unusable for multiple people as far as I can tell. Users aren't able to log into IRC via the AS. So it makes the bridge pretty much read only on the matrix side.

[Asara]

So I was able to fix this using these changes:

index fa09f03..e70af69 100644
--- a/lib/bridge/IrcBridge.js
+++ b/lib/bridge/IrcBridge.js
@@ -834,7 +834,7 @@ IrcBridge.prototype.connectToIrcNetworks = function() {
 };

 IrcBridge.prototype._loginToServer = Promise.coroutine(function*(server) {
-    var uname = "matrixirc";
+    var uname = "NAMEOFBOT";
     var bridgedClient = this.getIrcUserFromCache(server, uname);
     if (!bridgedClient) {
         var botIrcConfig = server.createBotIrcClientConfig(uname);
diff --git a/lib/irc/BridgedClient.js b/lib/irc/BridgedClient.js
index 016e103..834314a 100644
--- a/lib/irc/BridgedClient.js
+++ b/lib/irc/BridgedClient.js
@@ -128,8 +128,8 @@ BridgedClient.prototype.connect = Promise.coroutine(function*() {

         let connInst = yield ConnectionInstance.create(server, {
             nick: this.nick,
-            username: nameInfo.username,
-            realname: nameInfo.realname,
+            username: this.nick,
+            realname: this.nick,
             password: this.password,
             // Don't use stored IPv6 addresses unless they have a prefix else they
             // won't be able to turn off IPv6!

I am sure there is a more elegant solution but I don't know nodejs, and so far these changes have worked for me.

[Asara]

Still having this issue. Now its fixed with just this:

@@ -852,7 +852,7 @@ IrcBridge.prototype.connectToIrcNetworks = function() {
 };
 IrcBridge.prototype._loginToServer = Promise.coroutine(function*(server) {
-    var uname = "matrixirc";
+    var uname = "NAMEOFBOT";
     var bridgedClient = this.getIrcUserFromCache(server, uname);
     if (!bridgedClient) {
         var botIrcConfig = server.createBotIrcClientConfig(uname);

[Francesco149]

would be nice to upstream the fix. at the moment there's no way to connect to freenode from amazon ec2 servers

[Francesco149]

I figured out how to auth to freenode from blocked ip ranges. you have to use EXTERNAL sasl auth and provide a cert. i have forked node-irc to add EXTERNAL and here's an example on how to attach the cert: https://github.com/Francesco149/node-irc/blob/sasl-external/example/externalSasl.js

I suspect it might still auth me correctly even with the wrong username and no proper sasl external request because it recognizes the fingerprint and auths me even with sasl disabled, so maybe it could work even with stock node-irc. will test in a bit

[Francesco149]

so I just tested the above. explicit EXTERNAL sasl is required from a blocked ip range. but yeah, that connects fine

[Francesco149]

this pull request and the node-irc one fix the issue by adding support for external sasl auth: #1062

[jaller94]

Allegedly fixed by the referenced PRs.