1803
|
1 ---
|
|
2 labels:
|
|
3 - 'Stage-Stable'
|
|
4 summary: 'Token based JSON registration & verification servlet.'
|
|
5 ...
|
|
6
|
|
7 Introduction
|
|
8 ------------
|
|
9
|
|
10 This module let's you activate a httpserver interface to handle data
|
|
11 from webforms with POST and Base64 encoded JSON.
|
|
12
|
|
13 Implementation Details
|
|
14 ----------------------
|
|
15
|
|
16 Example Request format:
|
|
17
|
|
18 POST /your_register_base_url HTTP/1.1
|
|
19 Host: yourserveraddress.com:yourchoosenport
|
|
20 Content-Type: application/encoded
|
|
21 Content-Transfer-Encoding: base64
|
|
22
|
|
23 eyJ1c2VybmFtZSI6InVzZXJuYW1lb2ZjaG9pY2UiLCJwYXNzd29yZCI6InRoZXVzZXJwYXNzd29yZCIsImlwIjoidGhlcmVtb3RlYWRkcm9mdGhldXNlciIsIm1haWwiOiJ1c2VybWFpbEB1c2VybWFpbGRvbWFpbi50bGQiLCJhdXRoX3Rva2VuIjoieW91cmF1dGh0b2tlbm9mY2hvaWNlIn0=
|
|
24
|
|
25 Where the encoded content is this (example) JSON Array:
|
|
26
|
|
27 {"username":"usernameofchoice","password":"theuserpassword","ip":"theremoteaddroftheuser","mail":"usermail@usermaildomain.tld","auth\_token":"yourauthtokenofchoice"}\</code\>
|
|
28
|
|
29 Your form implementation needs to pass **all** parameters, the
|
|
30 auth\_token is needed to prevent misuses, if the request is successfull
|
|
31 the server will answer with status code 200 and with the body of the
|
|
32 response containing the token which your web app can send via e-mail to
|
|
33 the user to complete the registration.
|
|
34
|
|
35 Else, it will reply with the following http error codes:
|
|
36
|
|
37 - 400 - if there's an error syntax;
|
|
38 - 401 - whenever an username is already pending registration or the
|
|
39 auth token supplied is invalid;
|
|
40 - 403 - whenever registration is forbidden (blacklist, filtered mail
|
|
41 etc.);
|
|
42 - 406 - if the username supplied fails nodeprepping;
|
|
43 - 409 - if the user already exists, or an user is associated already
|
|
44 with the supplied e-mail;
|
|
45 - 503 - whenever a request is throttled.
|
|
46
|
|
47 The verification URL path to direct the users to will be:
|
|
48 **/your-base-path-of-choice/verify/** - on your Prosody's http server.
|
|
49
|
|
50 The module for now stores a hash of the user's mail address to help slow
|
|
51 down duplicated registrations.
|
|
52
|
|
53 It's strongly encouraged to have the web server communicate with the
|
|
54 servlet via https.
|
|
55
|
|
56 Usage
|
|
57 -----
|
|
58
|
|
59 Copy the module folder and all its contents (register\_json) into your
|
|
60 prosody modules' directory.Add the module your vhost of choice
|
|
61 modules\_enabled.
|
|
62
|
|
63 Hint: pairing with mod\_register\_redirect is helpful, to allow server
|
|
64 registrations only via your webform.
|
|
65
|
|
66 Optional configuration directives:
|
|
67
|
|
68 reg_servlet_base = "/base-path/" -- Base path of the plugin (default is register_account)
|
|
69 reg_servlet_secure = true -- Have the plugin only process requests on https (default is true)
|
|
70 reg_servlet_ttime = seconds -- Specifies the time (in seconds) between each request coming from the same remote address.
|
|
71 reg_servlet_bl = { "1.2.3.4", "4.3.2.1" } -- The ip addresses in this list will be blacklisted and will not be able to submit registrations.
|
|
72 reg_servlet_wl = { "1.2.3.4", "4.3.2.1" } -- The ip addresses in this list will be ignored by the throttling.
|
|
73 reg_servlet_filtered_mails = { ".*banneddomain.tld", ".*deamailprovider.tld" } -- allows filtering of mail addresses via Lua patterns.
|
|
74
|
|
75 Compatibility
|
|
76 -------------
|
|
77
|
|
78 0.9
|