Software `/` code `/` prosody-modules

Annotate

mod_storage_ldap/ldap/vcard.lib.lua @ 5193:2bb29ece216b

mod_http_oauth2: Implement stateless dynamic client registration Replaces previous explicit registration that required either the additional module mod_adhoc_oauth2_client or manually editing the database. That method was enough to have something to test with, but would not probably not scale easily. Dynamic client registration allows creating clients on the fly, which may be even easier in theory. In order to not allow basically unauthenticated writes to the database, we implement a stateless model here. per_host_key := HMAC(config -> oauth2_registration_key, hostname) client_id := JWT { client metadata } signed with per_host_key client_secret := HMAC(per_host_key, client_id) This should ensure everything we need to know is part of the client_id, allowing redirects etc to be validated, and the client_secret can be validated with only the client_id and the per_host_key. A nonce injected into the client_id JWT should ensure nobody can submit the same client metadata and retrieve the same client_secret

author	Kim Alvefur <zash@zash.se>
date	Fri, 03 Mar 2023 21:14:19 +0100
parent	830:f160166612c2

rev	line source
809 1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	1 -- vim:sts=4 sw=4
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	2
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	3 -- Prosody IM
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	4 -- Copyright (C) 2008-2010 Matthew Wild
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	5 -- Copyright (C) 2008-2010 Waqas Hussain
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	6 -- Copyright (C) 2012 Rob Hoelz
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	7 --
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	8 -- This project is MIT/X11 licensed. Please see the
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	9 -- COPYING file in the source package for more information.
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	10 --
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	11
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	12 local st = require 'util.stanza';
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	13
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	14 local VCARD_NS = 'vcard-temp';
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	15
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	16 local builder_methods = {};
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	17
830 f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	18 local base64_encode = require('util.encodings').base64.encode;
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	19
809 1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	20 function builder_methods:addvalue(key, value)
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	21 self.vcard:tag(key):text(value):up();
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	22 end
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	23
830 f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	24 function builder_methods:addphotofield(tagname, format_section)
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	25 local record = self.record;
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	26 local format = self.format;
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	27 local vcard = self.vcard;
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	28 local config = format[format_section];
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	29
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	30 if not config then
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	31 return;
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	32 end
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	33
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	34 if config.extval then
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	35 if record[config.extval] then
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	36 local tag = vcard:tag(tagname);
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	37 tag:tag('EXTVAL'):text(record[config.extval]):up();
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	38 end
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	39 elseif config.type and config.binval then
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	40 if record[config.binval] then
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	41 local tag = vcard:tag(tagname);
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	42 tag:tag('TYPE'):text(config.type):up();
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	43 tag:tag('BINVAL'):text(base64_encode(record[config.binval])):up();
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	44 end
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	45 else
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	46 module:log('error', 'You have an invalid %s config section', tagname);
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	47 return;
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	48 end
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	49
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	50 vcard:up();
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	51 end
f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	52
809 1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	53 function builder_methods:addregularfield(tagname, format_section)
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	54 local record = self.record;
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	55 local format = self.format;
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	56 local vcard = self.vcard;
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	57
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	58 if not format[format_section] then
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	59 return;
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	60 end
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	61
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	62 local tag = vcard:tag(tagname);
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	63
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	64 for k, v in pairs(format[format_section]) do
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	65 tag:tag(string.upper(k)):text(record[v]):up();
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	66 end
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	67
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	68 vcard:up();
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	69 end
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	70
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	71 function builder_methods:addmultisectionedfield(tagname, format_section)
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	72 local record = self.record;
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	73 local format = self.format;
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	74 local vcard = self.vcard;
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	75
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	76 if not format[format_section] then
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	77 return;
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	78 end
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	79
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	80 for k, v in pairs(format[format_section]) do
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	81 local tag = vcard:tag(tagname);
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	82
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	83 if type(k) == 'string' then
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	84 tag:tag(string.upper(k)):up();
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	85 end
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	86
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	87 for k2, v2 in pairs(v) do
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	88 if type(v2) == 'boolean' then
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	89 tag:tag(string.upper(k2)):up();
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	90 else
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	91 tag:tag(string.upper(k2)):text(record[v2]):up();
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	92 end
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	93 end
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	94
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	95 vcard:up();
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	96 end
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	97 end
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	98
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	99 function builder_methods:build()
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	100 local record = self.record;
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	101 local format = self.format;
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	102
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	103 self:addvalue( 'VERSION', '2.0');
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	104 self:addvalue( 'FN', record[format.displayname]);
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	105 self:addregularfield( 'N', 'name');
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	106 self:addvalue( 'NICKNAME', record[format.nickname]);
830 f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	107 self:addphotofield( 'PHOTO', 'photo');
809 1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	108 self:addvalue( 'BDAY', record[format.birthday]);
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	109 self:addmultisectionedfield('ADR', 'address');
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	110 self:addvalue( 'LABEL', nil); -- we don't support LABEL...yet.
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	111 self:addmultisectionedfield('TEL', 'telephone');
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	112 self:addmultisectionedfield('EMAIL', 'email');
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	113 self:addvalue( 'JABBERID', record.jid);
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	114 self:addvalue( 'MAILER', record[format.mailer]);
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	115 self:addvalue( 'TZ', record[format.timezone]);
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	116 self:addregularfield( 'GEO', 'geo');
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	117 self:addvalue( 'TITLE', record[format.title]);
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	118 self:addvalue( 'ROLE', record[format.role]);
830 f160166612c2 Properly handle avatar/logo BINVALs Rob Hoelz <rob@hoelz.ro> parents: 809 diff changeset	119 self:addphotofield( 'LOGO', 'logo');
809 1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	120 self:addvalue( 'AGENT', nil); -- we don't support AGENT...yet.
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	121 self:addregularfield( 'ORG', 'org');
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	122 self:addvalue( 'CATEGORIES', nil); -- we don't support CATEGORIES...yet.
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	123 self:addvalue( 'NOTE', record[format.note]);
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	124 self:addvalue( 'PRODID', nil); -- we don't support PRODID...yet.
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	125 self:addvalue( 'REV', record[format.rev]);
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	126 self:addvalue( 'SORT-STRING', record[format.sortstring]);
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	127 self:addregularfield( 'SOUND', 'sound');
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	128 self:addvalue( 'UID', record[format.uid]);
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	129 self:addvalue( 'URL', record[format.url]);
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	130 self:addvalue( 'CLASS', nil); -- we don't support CLASS...yet.
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	131 self:addregularfield( 'KEY', 'key');
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	132 self:addvalue( 'DESC', record[format.description]);
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	133
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	134 return self.vcard;
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	135 end
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	136
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	137 local function new_builder(params)
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	138 local vcard_tag = st.stanza('vCard', { xmlns = VCARD_NS });
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	139
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	140 local object = {
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	141 vcard = vcard_tag,
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	142 __index = builder_methods,
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	143 };
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	144
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	145 for k, v in pairs(params) do
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	146 object[k] = v;
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	147 end
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	148
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	149 setmetatable(object, object);
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	150
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	151 return object;
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	152 end
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	153
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	154 local _M = {};
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	155
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	156 function _M.create(params)
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	157 local builder = new_builder(params);
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	158
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	159 return builder:build();
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	160 end
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	161
1d51c5e38faa Add LDAP plugin suite rob@hoelz.ro parents: diff changeset	162 return _M;

prosody-modules

2bb29ece216b

mod_storage_ldap/ldap/vcard.lib.lua

Software / code / prosody-modules

Annotate

mod_storage_ldap/ldap/vcard.lib.lua @ 5193:2bb29ece216b

Software `/` code `/` prosody-modules