From 997a4b3ac130e901262afc34c24c55b9f81329b8 Mon Sep 17 00:00:00 2001
From: dgw <dgw@technobabbl.es>
Date: Mon, 27 Sep 2021 01:57:44 -0500
Subject: [PATCH] coretasks: correctly abort SASL PLAIN on invalid server reply

Originally flagged as an unused local variable by LGTM, but turned out
to be a real bug.
---
 sopel/coretasks.py | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/sopel/coretasks.py b/sopel/coretasks.py
index f9f236e1ee..380da14d14 100644
--- a/sopel/coretasks.py
+++ b/sopel/coretasks.py
@@ -1059,14 +1059,17 @@ def auth_proceed(bot, trigger):
     sasl_username = sasl_username or bot.nick
 
     if mech == 'PLAIN':
-        if trigger.args[0] != '+':
-            # not an expected response from the server; abort SASL
-            token = '*'
-        else:
+        if trigger.args[0] == '+':
             sasl_token = _make_sasl_plain_token(sasl_username, sasl_password)
             LOGGER.info("Sending SASL Auth token.")
             send_authenticate(bot, sasl_token)
-        return
+            return
+        else:
+            # Not an expected response from the server
+            # Send `authenticate-abort` command
+            # See https://ircv3.net/specs/extensions/sasl-3.1#the-authenticate-command
+            bot.write(('AUTHENTICATE', '*'))
+            return
 
     # TODO: Implement SCRAM challenges