fix: block PASS/USER/NICK from clients post-registration

All three registration commands are now explicitly intercepted after the client has authenticated. NICK gets a notice pointing to the bouncer command; PASS and USER are silently dropped. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 00:48:03 +01:00
parent ee2175f565
commit e6b1ce4c6d
1 changed files with 8 additions and 7 deletions
--- a/src/bouncer/client.py
+++ b/src/bouncer/client.py
@@ -112,13 +112,14 @@ class Client:
        if msg.command == "QUIT":
            return

-        # Block direct NICK -- must go through /msg *bouncer NICK <network> <nick>
-        if msg.command == "NICK":
-            self._send_msg(IRCMessage(
-                command="NOTICE",
-                params=[self._nick, "Use /msg *bouncer NICK <network> <nick>"],
-                prefix="*bouncer!bouncer@bouncer",
-            ))
+        # Block registration commands -- never forward to networks
+        if msg.command in ("NICK", "PASS", "USER"):
+            if msg.command == "NICK":
+                self._send_msg(IRCMessage(
+                    command="NOTICE",
+                    params=[self._nick, "Use /msg *bouncer NICK <network> <nick>"],
+                    prefix="*bouncer!bouncer@bouncer",
+                ))
            return

        # Intercept bouncer control commands