fix: buffer server SASL challenges across 400-byte chunks

Server-to-client AUTHENTICATE follows the same 400-byte chunking
rule as the client-to-server direction: a challenge is a sequence
of 400-byte chunks, terminated by either a short chunk or a
trailing AUTHENTICATE +. Responding to the first non-"+" line
could desynchronize the exchange when an RFC 7628 JSON error
spans multiple chunks.

Track saslResponseSent to distinguish the initial prompt from
post-response challenges, and accumulate challenge chunks until
the challenge is complete. OAUTHBEARER's AQ== ack now fires only
once the full challenge has arrived.

Adds two tests: multi-chunk challenge (400-byte chunk then short
tail) and 400-byte-multiple challenge terminated by trailing "+".
Both verify the client holds off on AQ== until the challenge is
complete.

Author: silverbucket

irc-socket.js

@@ -168,6 +168,12 @@ class IrcSocket extends EventEmitter {
             this.emit("connect");
             timeout = setTimeout(onSilence, timeoutPeriod);
             let serverCapabilities, acknowledgedCapabilities, sentRequests, respondedRequests, allRequestsSent, nickname;
+            // SASL challenge state: saslResponseSent flips once we've replied to
+            // the initial AUTHENTICATE + prompt; saslChallenge accumulates
+            // server-sent challenge chunks per IRCv3 SASL 3.1 (400-byte chunks,
+            // terminated by a short chunk or a trailing AUTHENTICATE +).
+            let saslResponseSent = false;
+            let saslChallenge = '';
 
             if (this.capabilities) {
                 this.capabilities.requires = this.capabilities.requires || [];
@@ -288,13 +294,16 @@ class IrcSocket extends EventEmitter {
                     }
 
                 } else if (parts[0] === "AUTHENTICATE") {
-                    if (parts[1] === '+') {
-                        // Server prompt: send our credential in 400-byte AUTHENTICATE
-                        // chunks. If the final chunk is exactly 400 bytes (or the
-                        // payload is empty), send a trailing AUTHENTICATE + per
-                        // IRCv3 SASL 3.1.
+                    const chunkSize = 400;
+                    if (!saslResponseSent) {
+                        // Initial server prompt. Send our credential in 400-byte
+                        // AUTHENTICATE chunks; if the final chunk is exactly 400
+                        // bytes (or the payload is empty), append a trailing
+                        // AUTHENTICATE + per IRCv3 SASL 3.1.
+                        if (parts[1] !== '+') {
+                            return;
+                        }
                         const payload = encodeSaslCredential(this.saslMechanism, this.saslUsername, this.saslPassword);
-                        const chunkSize = 400;
                         if (payload.length === 0) {
                             this.raw(['AUTHENTICATE', '+']);
                         } else {
@@ -305,12 +314,28 @@ class IrcSocket extends EventEmitter {
                                 this.raw(['AUTHENTICATE', '+']);
                             }
                         }
-                    } else if (this.saslMechanism === 'OAUTHBEARER') {
-                        // RFC 7628 §3.2.3: on failure the server sends a base64
-                        // error challenge; the client must reply with
-                        // AUTHENTICATE AQ== (base64 of \x01) so the server can
-                        // emit the failure numeric.
-                        this.raw(['AUTHENTICATE', 'AQ==']);
+                        saslResponseSent = true;
+                    } else {
+                        // Post-response server challenge. Accumulate chunks until
+                        // we see either a short chunk or a trailing "+" (after
+                        // 400-byte chunks). For OAUTHBEARER, RFC 7628 §3.2.3
+                        // requires AUTHENTICATE AQ== to ack the error challenge
+                        // before the server emits 904/905.
+                        let challengeComplete = false;
+                        if (parts[1] === '+') {
+                            challengeComplete = true;
+                        } else {
+                            saslChallenge += parts[1];
+                            if (parts[1].length < chunkSize) {
+                                challengeComplete = true;
+                            }
+                        }
+                        if (challengeComplete) {
+                            saslChallenge = '';
+                            if (this.saslMechanism === 'OAUTHBEARER') {
+                                this.raw(['AUTHENTICATE', 'AQ==']);
+                            }
+                        }
                     }
                 } else if (numeric === '903') {
                     // RPL_SASLSUCCESS — advance past CAP. 900 RPL_LOGGEDIN is

test/irc-socket.js

@@ -69,6 +69,11 @@ const messages = {
     rpl_loggedin_900: ":irc.test.net 900 testbot nick!user@host testbot :You are now logged in as testbot\r\n",
     // Simulated RFC 7628 failure challenge (base64 of '{"status":"invalid_token"}')
     auth_challenge_oauth: "AUTHENTICATE eyJzdGF0dXMiOiJpbnZhbGlkX3Rva2VuIn0=\r\n",
+    // Multi-chunk challenge: a 400-byte chunk (must continue), then a short chunk (end).
+    auth_challenge_chunk_400: "AUTHENTICATE " + "A".repeat(400) + "\r\n",
+    auth_challenge_chunk_tail: "AUTHENTICATE " + "B".repeat(20) + "\r\n",
+    // 400-byte-multiple challenge: 400-byte chunk then trailing "+".
+    auth_challenge_terminator: "AUTHENTICATE +\r\n",
     cap_ack_a: ":irc.test.net CAP * ACK :a\r\n",
     cap_nak_a: ":irc.test.net CAP * NAK :a\r\n",
     cap_nak_b: ":irc.test.net CAP * NAK :b\r\n",
@@ -745,6 +750,78 @@ describe("IRC Sockets", function () {
             return promise;
         });
 
+        it("SASL OAUTHBEARER waits for multi-chunk challenge before acking", function () {
+            const config = merge(baseConfig, {
+                socket: MockSocket(logfn),
+                saslUsername: 'foo',
+                saslPassword: 'bad-token',
+                saslMechanism: 'OAUTHBEARER',
+                capabilities: { requires: ['sasl'] }
+            });
+            const socket = new IrcSocket(config);
+
+            const promise = socket.connect().then(function (res) {
+                assert(res.isFail());
+                assert(res.fail() === IrcSocket.connectFailures.saslAuthenticationFailed);
+            });
+
+            socket.impl.acceptConnect();
+            socket.impl.acceptData(messages.cap_sasl_only);
+            socket.impl.acceptData(messages.cap_ack_sasl);
+            socket.impl.acceptData(messages.auth_plus);
+
+            // First 400-byte challenge chunk — client must NOT ack yet.
+            const callsBeforeTail = socket.impl.write.callCount;
+            socket.impl.acceptData(messages.auth_challenge_chunk_400);
+            const writesMid = socket.impl.write.getCalls().map(function (c) { return c.args[0]; });
+            assert(writesMid.indexOf("AUTHENTICATE AQ==\r\n") === -1);
+            assert(socket.impl.write.callCount === callsBeforeTail);
+
+            // Short terminating chunk — now the client acks.
+            socket.impl.acceptData(messages.auth_challenge_chunk_tail);
+            const writesAfter = socket.impl.write.getCalls().map(function (c) { return c.args[0]; });
+            assert(writesAfter.indexOf("AUTHENTICATE AQ==\r\n") !== -1);
+
+            socket.impl.acceptData(messages.rpl_saslfail_904);
+
+            return promise;
+        });
+
+        it("SASL OAUTHBEARER acks when 400-byte chunks end with trailing +", function () {
+            const config = merge(baseConfig, {
+                socket: MockSocket(logfn),
+                saslUsername: 'foo',
+                saslPassword: 'bad-token',
+                saslMechanism: 'OAUTHBEARER',
+                capabilities: { requires: ['sasl'] }
+            });
+            const socket = new IrcSocket(config);
+
+            const promise = socket.connect().then(function (res) {
+                assert(res.isFail());
+                assert(res.fail() === IrcSocket.connectFailures.saslAuthenticationFailed);
+            });
+
+            socket.impl.acceptConnect();
+            socket.impl.acceptData(messages.cap_sasl_only);
+            socket.impl.acceptData(messages.cap_ack_sasl);
+            socket.impl.acceptData(messages.auth_plus);
+
+            // Exactly-400-byte chunk — not terminal on its own.
+            const callsBeforeTerm = socket.impl.write.callCount;
+            socket.impl.acceptData(messages.auth_challenge_chunk_400);
+            assert(socket.impl.write.callCount === callsBeforeTerm);
+
+            // Trailing "+" terminates the 400-byte-multiple challenge; ack now.
+            socket.impl.acceptData(messages.auth_challenge_terminator);
+            const writesAfter = socket.impl.write.getCalls().map(function (c) { return c.args[0]; });
+            assert(writesAfter.indexOf("AUTHENTICATE AQ==\r\n") !== -1);
+
+            socket.impl.acceptData(messages.rpl_saslfail_904);
+
+            return promise;
+        });
+
         it("SASL rejects an unknown mechanism at construction", function () {
             const config = merge(baseConfig, {
                 socket: MockSocket(logfn),