Open Bug 1488522 Opened 7 years ago Updated 2 years ago

IRC PASS sent too late

Categories

(Chat Core :: IRC, enhancement)

Product:
Chat Core
Component:
IRC
Platform:
Desktop
Windows 7
Type:
enhancement

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: pingger_github_public, Unassigned)

Details

Attachments

(1 file)

Screenshot from 2019-03-01 20-52-47.png
42.71 KB, image/png
Details
The IRC connection initialization is in the wrong order. According to the RFC 1459 (Chapter 4.1, see attachement), the PASS <password> message HAS TO BE the FIRST message sent. Thunderbird starts with USER or NICK, which causes issues with Servers strictly sticking to the RFC. One of these examples is the twitch.tv IRC Server. Address: irc.chat.twitch.tv. Port: 6667 SSL: off (not supported) Username: 'twitchusername' Password: 'oauth-token in the format "oauth:asdasd234asd234ad234asds23xyz" (without quotes)' The currently wrong implementation causes the response "Improperly formatted auth" and disconnects the Client. The correct implementation would allow connecting without any issues. Attachment: RFC 1459 Chapter 4.1 (only relevant section) The PASS command is used to set a 'connection password'. The password can and must be set before any attempt to register the connection is made. Currently this requires that clients send a PASS command before sending the NICK/USER combination and servers *must* send a PASS command before any SERVER command. The password supplied must match the one contained in the C/N lines (for servers) or I lines (for clients). It is possible to send multiple PASS commands before registering but only the last one sent is used for verification and it may not be changed once registered.
Component: Instant Messaging → IRC
Product: Thunderbird → Chat Core

For what it's worth, I read it as being "recommended" that you send the PASS first, not a requirement.

Anyway, the reasoning we don't do this is because we want to use a mechanism that encrypts the password (e.g. SASL). I couldn't remember the exact timing of what we do, so I pulled a protocol log and essentially we do the following:

c->s: CAP LS
c->s: NICK
c->s: USER

If the serverPassword pref is set on the account we send PASS between CAP LS and NICK.

Note that if you're not setting serverPassword than the PASS command will never be sent. It could be interesting to see a protocol dump (right click on the account > copy debug info).

Martin, do you have any thoughts on this? I know you've done some stuff with Twitch before.

Flags: needinfo?(martin)

TMI (Twitch's IRC network) works just fine in Thunderbird when the password is properly set as server password and not as account password (so with the pref Patrick described). We could add non-standard code to try and detect twitch, however that'd have to happen based on the server URI, and since there are about three aliases that strikes me as rather complicated. Based on my further explanations following this I think it'd be better to treat Twitch as a separate provider.

I've attached my config keys for the (working) Twitch IRC account I have configured.

Note that you'll have a pretty bad IRC experience in Thunderbird with Twitch due to a multitude of reasons, including that you can't send the CAP requests to get JOIN/PART/MODEs, that you won't see any of the special messages like responses to commands or USERNOTICES and many, many more little annoyances.

Most importantly Twitch only losely follows the IRC spec, so arguing that a client doesn't properly follow a spec when you have issues with Twitch is a really slippery slope. Documentation of what Twitch does with IRC can be found at https://dev.twitch.tv/docs/irc/

I wrote a provider for Twitch at one point that I've been keeping up to date data wise, even though it does not run anymore, due to using code that has since been eviscerated from the code base. In order for it to be revived something like https://github.com/thundernest/tb-web-ext-experiments/issues/1 would have to be implemented.

An alternative is to use a Twitch-to-IRC adapter like https://github.com/3ventic/tmi-irc-relay that turns Twitch's messaging interface into something that looks much saner to your average IRC client.

Flags: needinfo?(martin)

Just checked the initial report again: Twitch does support SSL on their TMI service. This is currently under irc://irc.chat.twitch.tv:6697 as documented at https://dev.twitch.tv/docs/irc/guide/#connecting-to-twitch-irc

Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: