From 68c0488a3fa19254563a4385dfde223695eb5ebd Mon Sep 17 00:00:00 2001 From: EuAndreh Date: Fri, 8 May 2026 18:14:52 -0300 Subject: Default REGISTER-before-connect and email-required to ON These knobs were opt-in (env unset = off) for the irctest harness' benefit; the harness exercises both branches and is happy to set the env explicitly. But for the hosted papod deployment that papoweb is moving towards, we definitely want both: - REGISTER before connect: web clients can create an account in one CAP/NICK/USER round-trip instead of completing the IRC handshake twice (register, disconnect, log in). - Email required: enables password recovery and abuse signal; cost is one extra field at signup. Invert the env-var sense so production picks up the secure defaults with no env tweaks; tests that need the old behavior pin PAPOD_REG_BEFORE_CONNECT=0 / PAPOD_REG_EMAIL_REQUIRED=0. The irctest controller and papoweb's integration harness are updated separately to pin "0" explicitly so a future default flip doesn't silently change which branches they exercise. --- src/papod.clj | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/papod.clj b/src/papod.clj index ca2a5df..f886ae2 100644 --- a/src/papod.clj +++ b/src/papod.clj @@ -493,11 +493,15 @@ (def- +server-password+ (System/getenv "PAPOD_PASSWORD")) +;; Defaults intended for a hosted-service deployment: register +;; before completing the connection (one round-trip account creation +;; for web clients) and require an email (recovery, abuse mitigation). +;; Tests opt out by setting the env to "0". (def- +reg-before-connect?+ - (= "1" (System/getenv "PAPOD_REG_BEFORE_CONNECT"))) + (not= "0" (System/getenv "PAPOD_REG_BEFORE_CONNECT"))) (def- +reg-email-required?+ - (= "1" (System/getenv "PAPOD_REG_EMAIL_REQUIRED"))) + (not= "0" (System/getenv "PAPOD_REG_EMAIL_REQUIRED"))) (defconst- +version+ "0.1.0") -- cgit v1.3