From e3d7c33bcd18590f4e4e6a0957f9368fad4e56da Mon Sep 17 00:00:00 2001
From: Simon Ser <contact@emersion.fr>
Date: Sun, 21 Nov 2021 16:28:38 +0100
Subject: [PATCH] Remove sasl cap after registration if network doesn't support
 it

This will stop clients from trying to issue AUTHENTICATE requests
after connection registration.
---
 downstream.go |  8 +++++++-
 upstream.go   | 36 ++++++++++++++++++------------------
 2 files changed, 25 insertions(+), 19 deletions(-)

diff --git a/downstream.go b/downstream.go
index 11dd036..f1e607b 100644
--- a/downstream.go
+++ b/downstream.go
@@ -190,7 +190,6 @@ var permanentDownstreamCaps = map[string]string{
 	"echo-message":  "",
 	"invite-notify": "",
 	"message-tags":  "",
-	"sasl":          "PLAIN",
 	"server-time":   "",
 	"setname":       "",
 
@@ -299,6 +298,7 @@ func newDownstreamConn(srv *Server, ic ircConn, id uint64) *downstreamConn {
 	for k, v := range permanentDownstreamCaps {
 		dc.supportedCaps[k] = v
 	}
+	dc.supportedCaps["sasl"] = "PLAIN"
 	// TODO: this is racy, we should only enable chathistory after
 	// authentication and then check that user.msgStore implements
 	// chatHistoryMessageStore
@@ -1038,6 +1038,12 @@ func (dc *downstreamConn) updateSupportedCaps() {
 		}
 	}
 
+	if uc := dc.upstream(); uc != nil && uc.supportsSASL("PLAIN") {
+		dc.setSupportedCap("sasl", "PLAIN")
+	} else if dc.network != nil {
+		dc.unsetSupportedCap("sasl")
+	}
+
 	if _, ok := dc.user.msgStore.(chatHistoryMessageStore); ok && dc.network != nil {
 		dc.setSupportedCap("draft/event-playback", "")
 	} else {
diff --git a/upstream.go b/upstream.go
index 5d1decf..a25b3ed 100644
--- a/upstream.go
+++ b/upstream.go
@@ -1731,30 +1731,30 @@ func (uc *upstreamConn) requestCaps() {
 	})
 }
 
-func (uc *upstreamConn) requestSASL() bool {
-	if uc.network.SASL.Mechanism == "" {
-		return false
-	}
-
+func (uc *upstreamConn) supportsSASL(mech string) bool {
 	v, ok := uc.supportedCaps["sasl"]
 	if !ok {
 		return false
 	}
-	if v != "" {
-		mechanisms := strings.Split(v, ",")
-		found := false
-		for _, mech := range mechanisms {
-			if strings.EqualFold(mech, uc.network.SASL.Mechanism) {
-				found = true
-				break
-			}
-		}
-		if !found {
-			return false
-		}
+
+	if v == "" {
+		return true
 	}
 
-	return true
+	mechanisms := strings.Split(v, ",")
+	for _, mech := range mechanisms {
+		if strings.EqualFold(mech, mech) {
+			return true
+		}
+	}
+	return false
+}
+
+func (uc *upstreamConn) requestSASL() bool {
+	if uc.network.SASL.Mechanism == "" {
+		return false
+	}
+	return uc.supportsSASL(uc.network.SASL.Mechanism)
 }
 
 func (uc *upstreamConn) handleCapAck(name string, ok bool) error {