Software `/` code `/` prosody-modules

Annotate

mod_client_management/mod_client_management.lua @ 6120:bd3ff802d883

mod_anti_spam: Fix another traceback for origin sessions without an IP This is likely to be the case for stanzas originating from local hosts, for example (so not true s2s). It should be safe to bypass the IP check for those.

author	Matthew Wild <mwild1@gmail.com>
date	Sat, 28 Dec 2024 21:02:08 +0000
parent	5902:13094c707414

rev	line source
5294 385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	1 local modulemanager = require "core.modulemanager";
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	2 local usermanager = require "core.usermanager";
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	3
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	4 local array = require "util.array";
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	5 local dt = require "util.datetime";
5294 385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	6 local id = require "util.id";
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	7 local it = require "util.iterators";
5294 385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	8 local jid = require "util.jid";
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	9 local st = require "util.stanza";
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	10
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	11 local strict = module:get_option_boolean("enforce_client_ids", false);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	12
5582 825c6fb76c48 Multiple modules: Update for split prosody:user role (prosody 082c7d856e61) Matthew Wild <mwild1@gmail.com> parents: 5516 diff changeset	13 module:default_permission("prosody:registered", ":list-clients");
825c6fb76c48 Multiple modules: Update for split prosody:user role (prosody 082c7d856e61) Matthew Wild <mwild1@gmail.com> parents: 5516 diff changeset	14 module:default_permission("prosody:registered", ":manage-clients");
5312 22e6b9f09439 mod_client_management: Add list-clients + manage-clients permissions to users Matthew Wild <mwild1@gmail.com> parents: 5311 diff changeset	15
5294 385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	16 local tokenauth = module:depends("tokenauth");
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	17 local mod_fast = module:depends("sasl2_fast");
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	18
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	19 local client_store = assert(module:open_store("clients", "keyval+"));
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	20 --[[{
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	21 id = id;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	22 first_seen =
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	23 last_seen =
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	24 user_agent = {
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	25 name =
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	26 os =
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	27 }
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	28 --}]]
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	29
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	30 local xmlns_sasl2 = "urn:xmpp:sasl:2";
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	31
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	32 local function get_user_agent(sasl_handler, token_info)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	33 local sasl_agent = sasl_handler and sasl_handler.user_agent;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	34 local token_agent = token_info and token_info.data and token_info.data.oauth2_client;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	35 if not (sasl_agent or token_agent) then return; end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	36 return {
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	37 software = sasl_agent and sasl_agent.software or token_agent and token_agent.name or nil;
5516 f25df3af02c1 mod_client_management: Include client software version number in listing Kim Alvefur <zash@zash.se> parents: 5374 diff changeset	38 software_id = token_agent and token_agent.id or nil;
f25df3af02c1 mod_client_management: Include client software version number in listing Kim Alvefur <zash@zash.se> parents: 5374 diff changeset	39 software_version = token_agent and token_agent.version or nil;
5294 385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	40 uri = token_agent and token_agent.uri or nil;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	41 device = sasl_agent and sasl_agent.device or nil;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	42 };
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	43 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	44
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	45 module:hook("sasl2/c2s/success", function (event)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	46 local session = event.session;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	47 local username, client_id = session.username, session.client_id;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	48 local mechanism = session.sasl_handler.selected;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	49 local token_info = session.sasl_handler.token_info;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	50 local token_id = token_info and token_info.id or nil;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	51
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	52 local now = os.time();
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	53 if client_id then -- SASL2, have client identifier
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	54 local is_new_client;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	55
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	56 local client_state = client_store:get_key(username, client_id);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	57 if not client_state then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	58 is_new_client = true;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	59 client_state = {
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	60 id = client_id;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	61 first_seen = now;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	62 user_agent = get_user_agent(session.sasl_handler, token_info);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	63 full_jid = nil;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	64 last_seen = nil;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	65 mechanisms = {};
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	66 };
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	67 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	68 -- Update state
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	69 client_state.full_jid = session.full_jid;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	70 client_state.last_seen = now;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	71 client_state.mechanisms[mechanism] = now;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	72 if session.sasl_handler.fast_auth then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	73 client_state.fast_auth = now;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	74 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	75 if token_id then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	76 client_state.auth_token_id = token_id;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	77 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	78 -- Store updated state
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	79 client_store:set_key(username, client_id, client_state);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	80
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	81 if is_new_client then
5776 3730992d0c7c mod_client_management: Include session in new-client event Kim Alvefur <zash@zash.se> parents: 5717 diff changeset	82 module:fire_event("client_management/new-client", { client = client_state; session = session });
5294 385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	83 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	84 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	85 end);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	86
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	87 local function find_client_by_resource(username, resource)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	88 local full_jid = jid.join(username, module.host, resource);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	89 local clients = client_store:get(username);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	90 if not clients then return; end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	91
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	92 for _, client_state in pairs(clients) do
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	93 if client_state.full_jid == full_jid then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	94 return client_state;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	95 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	96 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	97 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	98
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	99 module:hook("resource-bind", function (event)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	100 local session = event.session;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	101 if session.client_id then return; end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	102 local is_new_client;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	103 local client_state = find_client_by_resource(event.session.username, event.session.resource);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	104 local now = os.time();
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	105 if not client_state then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	106 is_new_client = true;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	107 client_state = {
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	108 id = id.short();
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	109 first_seen = now;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	110 user_agent = nil;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	111 full_jid = nil;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	112 last_seen = nil;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	113 mechanisms = {};
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	114 legacy = true;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	115 };
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	116 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	117
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	118 -- Update state
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	119 client_state.full_jid = session.full_jid;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	120 client_state.last_seen = now;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	121
5902 13094c707414 mod_client_management: Prevent exception on missing client info Kim Alvefur <zash@zash.se> parents: 5779 diff changeset	122 local legacy_info = session.client_management_info;
13094c707414 mod_client_management: Prevent exception on missing client info Kim Alvefur <zash@zash.se> parents: 5779 diff changeset	123 if legacy_info then
13094c707414 mod_client_management: Prevent exception on missing client info Kim Alvefur <zash@zash.se> parents: 5779 diff changeset	124 client_state.mechanisms[legacy_info.mechanism] = now;
13094c707414 mod_client_management: Prevent exception on missing client info Kim Alvefur <zash@zash.se> parents: 5779 diff changeset	125 if legacy_info.fast_auth then
13094c707414 mod_client_management: Prevent exception on missing client info Kim Alvefur <zash@zash.se> parents: 5779 diff changeset	126 client_state.fast_auth = now;
13094c707414 mod_client_management: Prevent exception on missing client info Kim Alvefur <zash@zash.se> parents: 5779 diff changeset	127 end
13094c707414 mod_client_management: Prevent exception on missing client info Kim Alvefur <zash@zash.se> parents: 5779 diff changeset	128
13094c707414 mod_client_management: Prevent exception on missing client info Kim Alvefur <zash@zash.se> parents: 5779 diff changeset	129 local token_id = legacy_info.token_info and legacy_info.token_info.id;
13094c707414 mod_client_management: Prevent exception on missing client info Kim Alvefur <zash@zash.se> parents: 5779 diff changeset	130 if token_id then
13094c707414 mod_client_management: Prevent exception on missing client info Kim Alvefur <zash@zash.se> parents: 5779 diff changeset	131 client_state.auth_token_id = token_id;
13094c707414 mod_client_management: Prevent exception on missing client info Kim Alvefur <zash@zash.se> parents: 5779 diff changeset	132 end
13094c707414 mod_client_management: Prevent exception on missing client info Kim Alvefur <zash@zash.se> parents: 5779 diff changeset	133 else
13094c707414 mod_client_management: Prevent exception on missing client info Kim Alvefur <zash@zash.se> parents: 5779 diff changeset	134 session.log("warn", "Missing client management info")
5294 385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	135 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	136
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	137 -- Store updated state
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	138 client_store:set_key(session.username, client_state.id, client_state);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	139
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	140 if is_new_client then
5779 e199f33f7a2e mod_client_management: Include session in the other new-client event too Kim Alvefur <zash@zash.se> parents: 5776 diff changeset	141 module:fire_event("client_management/new-client", { client = client_state; session = session });
5294 385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	142 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	143 end);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	144
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	145 if strict then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	146 module:hook_tag(xmlns_sasl2, "authenticate", function (session, auth)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	147 local user_agent = auth:get_child("user-agent");
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	148 if not user_agent or not user_agent.attr.id then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	149 local failure = st.stanza("failure", { xmlns = xmlns_sasl2 })
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	150 :tag("malformed-request", { xmlns = "urn:ietf:params:xml:ns:xmpp-sasl" }):up()
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	151 :text_tag("text", "Client identifier required but not supplied");
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	152 session.send(failure);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	153 return true;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	154 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	155 end, 500);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	156
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	157 if modulemanager.get_modules_for_host(module.host):contains("saslauth") then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	158 module:log("error", "mod_saslauth is enabled, but enforce_client_ids is enabled and will prevent it from working");
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	159 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	160
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	161 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:auth", function (event)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	162 -- Block legacy SASL, if for some reason it is being used (either mod_saslauth is loaded,
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	163 -- or clients try it without advertisement)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	164 module:log("warn", "Blocking legacy SASL authentication because enforce_client_ids is enabled");
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	165 local failure = st.stanza("failure", { xmlns = xmlns_sasl2 })
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	166 :tag("malformed-request", { xmlns = "urn:ietf:params:xml:ns:xmpp-sasl" }):up()
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	167 :text_tag("text", "Legacy SASL authentication is not available on this server");
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	168 event.session.send(failure);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	169 return true;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	170 end);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	171 else
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	172 -- Legacy client compat code
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	173 module:hook("authentication-success", function (event)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	174 local session = event.session;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	175 if session.client_id then return; end -- SASL2 client
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	176
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	177 local sasl_handler = session.sasl_handler;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	178 session.client_management_info = {
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	179 mechanism = sasl_handler.selected;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	180 token_info = sasl_handler.token_info;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	181 fast_auth = sasl_handler.fast_auth;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	182 };
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	183 end);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	184 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	185
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	186 local function is_password_mechanism(mech_name)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	187 if mech_name == "OAUTHBEARER" then return false; end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	188 if mech_name:match("^HT%-") then return false; end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	189 return true;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	190 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	191
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	192 local function is_client_active(client)
5706 c69320fc438b mod_client_management: Bail out retrieving tokens for user Kim Alvefur <zash@zash.se> parents: 5668 diff changeset	193 if not client.full_jid then
c69320fc438b mod_client_management: Bail out retrieving tokens for user Kim Alvefur <zash@zash.se> parents: 5668 diff changeset	194 return nil;
c69320fc438b mod_client_management: Bail out retrieving tokens for user Kim Alvefur <zash@zash.se> parents: 5668 diff changeset	195 end
5294 385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	196 local username, host = jid.split(client.full_jid);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	197 local account_info = usermanager.get_account_info(username, host);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	198 local last_password_change = account_info and account_info.password_updated;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	199
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	200 local status = {};
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	201
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	202 -- Check for an active token grant that has been previously used by this client
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	203 if client.auth_token_id then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	204 local grant = tokenauth.get_grant_info(client.auth_token_id);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	205 if grant then
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	206 status.grant = grant;
5294 385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	207 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	208 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	209
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	210 -- Check for active FAST tokens
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	211 if client.fast_auth then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	212 if mod_fast.is_client_fast(username, client.id, last_password_change) then
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	213 status.fast = client.fast_auth;
5294 385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	214 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	215 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	216
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	217 -- Client has access if any password-based SASL mechanisms have been used since last password change
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	218 for mech, mech_last_used in pairs(client.mechanisms) do
5369 1a58a11407ac mod_client_management: Fix error when last password change is unknown (or never) Kim Alvefur <zash@zash.se> parents: 5343 diff changeset	219 if is_password_mechanism(mech) and (not last_password_change or mech_last_used >= last_password_change) then
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	220 status.password = mech_last_used;
5294 385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	221 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	222 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	223
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	224 if prosody.full_sessions[client.full_jid] then
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	225 status.connected = true;
5294 385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	226 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	227
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	228 if next(status) == nil then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	229 return nil;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	230 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	231 return status;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	232 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	233
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	234 -- Public API
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	235 --luacheck: ignore 131
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	236 function get_active_clients(username)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	237 local clients = client_store:get(username);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	238 local active_clients = {};
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	239 local used_grants = {};
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	240
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	241 -- Go through known clients, check whether they could possibly log in
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	242 for client_id, client in pairs(clients or {}) do --luacheck: ignore 213/client_id
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	243 local active = is_client_active(client);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	244 if active then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	245 client.type = "session";
5305 9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	246 client.id = "client/"..client.id;
5294 385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	247 client.active = active;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	248 table.insert(active_clients, client);
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	249 if active.grant then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	250 used_grants[active.grant.id] = true;
5294 385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	251 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	252 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	253 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	254
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	255 -- Next, account for any grants that have been issued, but never actually logged in
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	256 for grant_id, grant in pairs(tokenauth.get_user_grants(username) or {}) do
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	257 if not used_grants[grant_id] then -- exclude grants already accounted for
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	258 table.insert(active_clients, {
5307 2bb27dfd10d5 mod_client_management: Use grant id from key Matthew Wild <mwild1@gmail.com> parents: 5306 diff changeset	259 id = "grant/"..grant_id;
5294 385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	260 type = "access";
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	261 first_seen = grant.created;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	262 last_seen = grant.accessed;
5668 f16edebb1305 mod_client_management: Show grant expiry in shell command Kim Alvefur <zash@zash.se> parents: 5650 diff changeset	263 expires = grant.expires;
5294 385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	264 active = {
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	265 grant = grant;
5294 385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	266 };
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	267 user_agent = get_user_agent(nil, grant);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	268 });
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	269 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	270 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	271
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	272 table.sort(active_clients, function (a, b)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	273 if a.last_seen and b.last_seen then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	274 return a.last_seen < b.last_seen;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	275 elseif not (a.last_seen or b.last_seen) then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	276 if a.first_seen and b.first_seen then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	277 return a.first_seen < b.first_seen;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	278 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	279 elseif b.last_seen then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	280 return true;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	281 elseif a.last_seen then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	282 return false;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	283 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	284 return a.id < b.id;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	285 end);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	286
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	287 return active_clients;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients Matthew Wild <mwild1@gmail.com> parents: diff changeset	288 end
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	289
5603 d2561c1d26f5 mod_client_management: Allow revoking a specific client version Kim Alvefur <zash@zash.se> parents: 5602 diff changeset	290 local function user_agent_tostring(user_agent)
d2561c1d26f5 mod_client_management: Allow revoking a specific client version Kim Alvefur <zash@zash.se> parents: 5602 diff changeset	291 if user_agent then
d2561c1d26f5 mod_client_management: Allow revoking a specific client version Kim Alvefur <zash@zash.se> parents: 5602 diff changeset	292 if user_agent.software then
d2561c1d26f5 mod_client_management: Allow revoking a specific client version Kim Alvefur <zash@zash.se> parents: 5602 diff changeset	293 if user_agent.software_version then
d2561c1d26f5 mod_client_management: Allow revoking a specific client version Kim Alvefur <zash@zash.se> parents: 5602 diff changeset	294 return user_agent.software .. "/" .. user_agent.software_version;
d2561c1d26f5 mod_client_management: Allow revoking a specific client version Kim Alvefur <zash@zash.se> parents: 5602 diff changeset	295 end
d2561c1d26f5 mod_client_management: Allow revoking a specific client version Kim Alvefur <zash@zash.se> parents: 5602 diff changeset	296 return user_agent.software;
d2561c1d26f5 mod_client_management: Allow revoking a specific client version Kim Alvefur <zash@zash.se> parents: 5602 diff changeset	297 end
d2561c1d26f5 mod_client_management: Allow revoking a specific client version Kim Alvefur <zash@zash.se> parents: 5602 diff changeset	298 end
d2561c1d26f5 mod_client_management: Allow revoking a specific client version Kim Alvefur <zash@zash.se> parents: 5602 diff changeset	299 end
d2561c1d26f5 mod_client_management: Allow revoking a specific client version Kim Alvefur <zash@zash.se> parents: 5602 diff changeset	300
5305 9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	301 function revoke_client_access(username, client_selector)
5370 d9d52ad8c1ae mod_client_management: Fix type confusion Kim Alvefur <zash@zash.se> parents: 5369 diff changeset	302 if client_selector then
d9d52ad8c1ae mod_client_management: Fix type confusion Kim Alvefur <zash@zash.se> parents: 5369 diff changeset	303 local c_type, c_id = client_selector:match("^(%w+)/(.+)$");
5305 9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	304 if c_type == "client" then
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	305 local client = client_store:get_key(username, c_id);
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	306 if not client then
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	307 return nil, "item-not-found";
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	308 end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	309 local status = is_client_active(client);
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	310 if status.connected then
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	311 local ok, err = prosody.full_sessions[client.full_jid]:close();
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	312 if not ok then return ok, err; end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	313 end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	314 if status.fast then
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	315 local ok = mod_fast.revoke_fast_tokens(username, client.id);
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	316 if not ok then return nil, "internal-server-error"; end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	317 end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	318 if status.grant then
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	319 local ok = tokenauth.revoke_grant(username, status.grant.id);
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	320 if not ok then return nil, "internal-server-error"; end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	321 end
5306 210aeb5afe42 mod_client_management: Fail to revoke clients that have used passwords Matthew Wild <mwild1@gmail.com> parents: 5305 diff changeset	322 if status.password then
210aeb5afe42 mod_client_management: Fail to revoke clients that have used passwords Matthew Wild <mwild1@gmail.com> parents: 5305 diff changeset	323 return nil, "password-reset-required";
210aeb5afe42 mod_client_management: Fail to revoke clients that have used passwords Matthew Wild <mwild1@gmail.com> parents: 5305 diff changeset	324 end
5305 9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	325 return true;
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	326 elseif c_type == "grant" then
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	327 local grant = tokenauth.get_grant_info(username, c_id);
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	328 if not grant then
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	329 return nil, "item-not-found";
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	330 end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	331 local ok = tokenauth.revoke_grant(username, c_id);
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	332 if not ok then return nil, "internal-server-error"; end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	333 return true;
5602 eae5599bc0b4 mod_client_management: Add way to revoke (one) client by software Kim Alvefur <zash@zash.se> parents: 5601 diff changeset	334 elseif c_type == "software" then
eae5599bc0b4 mod_client_management: Add way to revoke (one) client by software Kim Alvefur <zash@zash.se> parents: 5601 diff changeset	335 local active_clients = get_active_clients(username);
eae5599bc0b4 mod_client_management: Add way to revoke (one) client by software Kim Alvefur <zash@zash.se> parents: 5601 diff changeset	336 for _, client in ipairs(active_clients) do
5604 5ade45d93908 mod_client_management: Fix missing equality check Kim Alvefur <zash@zash.se> parents: 5603 diff changeset	337 if client.user_agent and client.user_agent.software == c_id or user_agent_tostring(client.user_agent) == c_id then
5602 eae5599bc0b4 mod_client_management: Add way to revoke (one) client by software Kim Alvefur <zash@zash.se> parents: 5601 diff changeset	338 return revoke_client_access(username, client.id);
eae5599bc0b4 mod_client_management: Add way to revoke (one) client by software Kim Alvefur <zash@zash.se> parents: 5601 diff changeset	339 end
eae5599bc0b4 mod_client_management: Add way to revoke (one) client by software Kim Alvefur <zash@zash.se> parents: 5601 diff changeset	340 end
5305 9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	341 end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	342 end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	343
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	344 return nil, "item-not-found";
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	345 end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible) Matthew Wild <mwild1@gmail.com> parents: 5304 diff changeset	346
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	347 -- Protocol
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	348
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	349 local xmlns_manage_clients = "xmpp:prosody.im/protocol/manage-clients";
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	350
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	351 module:hook("iq-get/self/xmpp:prosody.im/protocol/manage-clients:list", function (event)
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	352 local origin, stanza = event.origin, event.stanza;
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	353
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	354 if not module:may(":list-clients", event) then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	355 origin.send(st.error_reply(stanza, "auth", "forbidden"));
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	356 return true;
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	357 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	358
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	359 local reply = st.reply(stanza)
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	360 :tag("clients", { xmlns = xmlns_manage_clients });
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	361
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	362 local active_clients = get_active_clients(event.origin.username);
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	363 for _, client in ipairs(active_clients) do
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	364 local auth_type = st.stanza("auth");
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	365 if client.active then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	366 if client.active.password then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	367 auth_type:text_tag("password");
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	368 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	369 if client.active.grant then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	370 auth_type:text_tag("bearer-token");
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	371 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	372 if client.active.fast then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	373 auth_type:text_tag("fast");
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	374 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	375 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	376
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	377 local user_agent = st.stanza("user-agent");
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	378 if client.user_agent then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	379 if client.user_agent.software then
5516 f25df3af02c1 mod_client_management: Include client software version number in listing Kim Alvefur <zash@zash.se> parents: 5374 diff changeset	380 user_agent:text_tag("software", client.user_agent.software, { id = client.user_agent.software_id; version = client.user_agent.software_version });
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	381 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	382 if client.user_agent.device then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	383 user_agent:text_tag("device", client.user_agent.device);
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	384 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	385 if client.user_agent.uri then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	386 user_agent:text_tag("uri", client.user_agent.uri);
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	387 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	388 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	389
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	390 local connected = client.active and client.active.connected;
5304 717ff9468464 mod_client_management: Include client type in XML response listing Matthew Wild <mwild1@gmail.com> parents: 5301 diff changeset	391 reply:tag("client", { id = client.id, connected = connected and "true" or "false", type = client.type })
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	392 :text_tag("first-seen", dt.datetime(client.first_seen))
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	393 :text_tag("last-seen", dt.datetime(client.last_seen))
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	394 :add_child(auth_type)
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	395 :add_child(user_agent)
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	396 :up();
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	397 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	398 reply:up();
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	399
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	400 origin.send(reply);
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	401 return true;
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	402 end);
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	403
5343 5c1c70e52635 mod_client_management: Fix import of util.error (not errors) Kim Alvefur <zash@zash.se> parents: 5312 diff changeset	404 local revocation_errors = require "util.error".init(module.name, xmlns_manage_clients, {
5311 d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	405 ["item-not-found"] = { "cancel", "item-not-found", "Client not found" };
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	406 ["internal-server-error"] = { "wait", "internal-server-error", "Unable to revoke client access" };
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	407 ["password-reset-required"] = { "cancel", "service-unavailable", "Password reset required", "password-reset-required" };
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	408 });
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	409
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	410 module:hook("iq-set/self/xmpp:prosody.im/protocol/manage-clients:revoke", function (event)
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	411 local origin, stanza = event.origin, event.stanza;
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	412
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	413 if not module:may(":manage-clients", event) then
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	414 origin.send(st.error_reply(stanza, "auth", "forbidden"));
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	415 return true;
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	416 end
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	417
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	418 local client_id = stanza.tags[1].attr.id;
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	419
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	420 local ok, err = revocation_errors.coerce(revoke_client_access(origin.username, client_id));
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	421 if not ok then
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	422 origin.send(st.error_reply(stanza, err));
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	423 return true;
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	424 end
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	425
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	426 origin.send(st.reply(stanza));
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	427 return true;
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	428 end);
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	429
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP Matthew Wild <mwild1@gmail.com> parents: 5310 diff changeset	430
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	431 -- Command
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	432
5779 e199f33f7a2e mod_client_management: Include session in the other new-client event too Kim Alvefur <zash@zash.se> parents: 5776 diff changeset	433 module:on_ready(function ()
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	434 local console_env = module:shared("/*/admin_shell/env");
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	435 if not console_env.user then return; end -- admin_shell probably not loaded
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	436
5308 f370ccb15f05 mod_client_management: Fix user:clients() shell command to take a JID Matthew Wild <mwild1@gmail.com> parents: 5307 diff changeset	437 function console_env.user:clients(user_jid)
f370ccb15f05 mod_client_management: Fix user:clients() shell command to take a JID Matthew Wild <mwild1@gmail.com> parents: 5307 diff changeset	438 local username, host = jid.split(user_jid);
f370ccb15f05 mod_client_management: Fix user:clients() shell command to take a JID Matthew Wild <mwild1@gmail.com> parents: 5307 diff changeset	439 local mod = prosody.hosts[host] and prosody.hosts[host].modules.client_management;
f370ccb15f05 mod_client_management: Fix user:clients() shell command to take a JID Matthew Wild <mwild1@gmail.com> parents: 5307 diff changeset	440 if not mod then
5372 2d8076577e14 mod_client_management: Fix error when called against host without this module Kim Alvefur <zash@zash.se> parents: 5371 diff changeset	441 return false, ("Host does not exist on this server, or does not have mod_client_management loaded");
5308 f370ccb15f05 mod_client_management: Fix user:clients() shell command to take a JID Matthew Wild <mwild1@gmail.com> parents: 5307 diff changeset	442 end
f370ccb15f05 mod_client_management: Fix user:clients() shell command to take a JID Matthew Wild <mwild1@gmail.com> parents: 5307 diff changeset	443
f370ccb15f05 mod_client_management: Fix user:clients() shell command to take a JID Matthew Wild <mwild1@gmail.com> parents: 5307 diff changeset	444 local clients = mod.get_active_clients(username);
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	445 if not clients or #clients == 0 then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	446 return true, "No clients associated with this account";
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	447 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	448
5650 1571c280aaef mod_client_management: Show timestamp of first client appearance Kim Alvefur <zash@zash.se> parents: 5607 diff changeset	449 local function date_or_time(last_seen)
5668 f16edebb1305 mod_client_management: Show grant expiry in shell command Kim Alvefur <zash@zash.se> parents: 5650 diff changeset	450 return last_seen and os.date(math.abs(os.difftime(os.time(), last_seen)) >= 86400 and "%Y-%m-%d" or "%H:%M:%S", last_seen);
5650 1571c280aaef mod_client_management: Show timestamp of first client appearance Kim Alvefur <zash@zash.se> parents: 5607 diff changeset	451 end
1571c280aaef mod_client_management: Show timestamp of first client appearance Kim Alvefur <zash@zash.se> parents: 5607 diff changeset	452
5668 f16edebb1305 mod_client_management: Show grant expiry in shell command Kim Alvefur <zash@zash.se> parents: 5650 diff changeset	453 local date_or_time_width = math.max(#os.date("%Y-%m-%d"), #os.date("%H:%M:%S"));
f16edebb1305 mod_client_management: Show grant expiry in shell command Kim Alvefur <zash@zash.se> parents: 5650 diff changeset	454
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	455 local colspec = {
5607 c799b460f9f0 mod_client_management: Make ID column dynamically sized Kim Alvefur <zash@zash.se> parents: 5606 diff changeset	456 { title = "ID"; key = "id"; width = "1p" };
5371 b2d51c6ae89a mod_client_management: Move table cell formatting into column specification Kim Alvefur <zash@zash.se> parents: 5370 diff changeset	457 {
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification Kim Alvefur <zash@zash.se> parents: 5370 diff changeset	458 title = "Software";
5373 93d6ed7dc779 mod_client_management: Fix changed column cell "key" Kim Alvefur <zash@zash.se> parents: 5372 diff changeset	459 key = "user_agent";
5371 b2d51c6ae89a mod_client_management: Move table cell formatting into column specification Kim Alvefur <zash@zash.se> parents: 5370 diff changeset	460 width = "1p";
5603 d2561c1d26f5 mod_client_management: Allow revoking a specific client version Kim Alvefur <zash@zash.se> parents: 5602 diff changeset	461 mapper = user_agent_tostring;
5371 b2d51c6ae89a mod_client_management: Move table cell formatting into column specification Kim Alvefur <zash@zash.se> parents: 5370 diff changeset	462 };
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification Kim Alvefur <zash@zash.se> parents: 5370 diff changeset	463 {
5650 1571c280aaef mod_client_management: Show timestamp of first client appearance Kim Alvefur <zash@zash.se> parents: 5607 diff changeset	464 title = "First seen";
1571c280aaef mod_client_management: Show timestamp of first client appearance Kim Alvefur <zash@zash.se> parents: 5607 diff changeset	465 key = "first_seen";
5668 f16edebb1305 mod_client_management: Show grant expiry in shell command Kim Alvefur <zash@zash.se> parents: 5650 diff changeset	466 width = date_or_time_width;
5650 1571c280aaef mod_client_management: Show timestamp of first client appearance Kim Alvefur <zash@zash.se> parents: 5607 diff changeset	467 align = "right";
1571c280aaef mod_client_management: Show timestamp of first client appearance Kim Alvefur <zash@zash.se> parents: 5607 diff changeset	468 mapper = date_or_time;
1571c280aaef mod_client_management: Show timestamp of first client appearance Kim Alvefur <zash@zash.se> parents: 5607 diff changeset	469 };
1571c280aaef mod_client_management: Show timestamp of first client appearance Kim Alvefur <zash@zash.se> parents: 5607 diff changeset	470 {
5371 b2d51c6ae89a mod_client_management: Move table cell formatting into column specification Kim Alvefur <zash@zash.se> parents: 5370 diff changeset	471 title = "Last seen";
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification Kim Alvefur <zash@zash.se> parents: 5370 diff changeset	472 key = "last_seen";
5668 f16edebb1305 mod_client_management: Show grant expiry in shell command Kim Alvefur <zash@zash.se> parents: 5650 diff changeset	473 width = date_or_time_width;
f16edebb1305 mod_client_management: Show grant expiry in shell command Kim Alvefur <zash@zash.se> parents: 5650 diff changeset	474 align = "right";
f16edebb1305 mod_client_management: Show grant expiry in shell command Kim Alvefur <zash@zash.se> parents: 5650 diff changeset	475 mapper = date_or_time;
f16edebb1305 mod_client_management: Show grant expiry in shell command Kim Alvefur <zash@zash.se> parents: 5650 diff changeset	476 };
f16edebb1305 mod_client_management: Show grant expiry in shell command Kim Alvefur <zash@zash.se> parents: 5650 diff changeset	477 {
f16edebb1305 mod_client_management: Show grant expiry in shell command Kim Alvefur <zash@zash.se> parents: 5650 diff changeset	478 title = "Expires";
5717 8afa0fb8a73e mod_client_management: Report on longest lived token when grant does not expire Kim Alvefur <zash@zash.se> parents: 5706 diff changeset	479 key = "active";
5668 f16edebb1305 mod_client_management: Show grant expiry in shell command Kim Alvefur <zash@zash.se> parents: 5650 diff changeset	480 width = date_or_time_width;
5374 d9397d6a5513 mod_client_management: Show time for recent timestamps in shell command Kim Alvefur <zash@zash.se> parents: 5373 diff changeset	481 align = "right";
5717 8afa0fb8a73e mod_client_management: Report on longest lived token when grant does not expire Kim Alvefur <zash@zash.se> parents: 5706 diff changeset	482 mapper = function(active, client)
8afa0fb8a73e mod_client_management: Report on longest lived token when grant does not expire Kim Alvefur <zash@zash.se> parents: 5706 diff changeset	483 local grant = active and active.grant;
8afa0fb8a73e mod_client_management: Report on longest lived token when grant does not expire Kim Alvefur <zash@zash.se> parents: 5706 diff changeset	484 local expires = client and client.expires;
8afa0fb8a73e mod_client_management: Report on longest lived token when grant does not expire Kim Alvefur <zash@zash.se> parents: 5706 diff changeset	485 local tokens = grant and grant.tokens;
8afa0fb8a73e mod_client_management: Report on longest lived token when grant does not expire Kim Alvefur <zash@zash.se> parents: 5706 diff changeset	486 if expires or not tokens then
8afa0fb8a73e mod_client_management: Report on longest lived token when grant does not expire Kim Alvefur <zash@zash.se> parents: 5706 diff changeset	487 return date_or_time(expires);
8afa0fb8a73e mod_client_management: Report on longest lived token when grant does not expire Kim Alvefur <zash@zash.se> parents: 5706 diff changeset	488 end
8afa0fb8a73e mod_client_management: Report on longest lived token when grant does not expire Kim Alvefur <zash@zash.se> parents: 5706 diff changeset	489
8afa0fb8a73e mod_client_management: Report on longest lived token when grant does not expire Kim Alvefur <zash@zash.se> parents: 5706 diff changeset	490 for _, token in pairs(tokens) do
8afa0fb8a73e mod_client_management: Report on longest lived token when grant does not expire Kim Alvefur <zash@zash.se> parents: 5706 diff changeset	491 if token.expires and (not expires or token.expires > expires) then
8afa0fb8a73e mod_client_management: Report on longest lived token when grant does not expire Kim Alvefur <zash@zash.se> parents: 5706 diff changeset	492 expires = token.expires;
8afa0fb8a73e mod_client_management: Report on longest lived token when grant does not expire Kim Alvefur <zash@zash.se> parents: 5706 diff changeset	493 end
8afa0fb8a73e mod_client_management: Report on longest lived token when grant does not expire Kim Alvefur <zash@zash.se> parents: 5706 diff changeset	494 end
8afa0fb8a73e mod_client_management: Report on longest lived token when grant does not expire Kim Alvefur <zash@zash.se> parents: 5706 diff changeset	495 return date_or_time(expires);
8afa0fb8a73e mod_client_management: Report on longest lived token when grant does not expire Kim Alvefur <zash@zash.se> parents: 5706 diff changeset	496 end;
5371 b2d51c6ae89a mod_client_management: Move table cell formatting into column specification Kim Alvefur <zash@zash.se> parents: 5370 diff changeset	497 };
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification Kim Alvefur <zash@zash.se> parents: 5370 diff changeset	498 {
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification Kim Alvefur <zash@zash.se> parents: 5370 diff changeset	499 title = "Authentication";
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification Kim Alvefur <zash@zash.se> parents: 5370 diff changeset	500 key = "active";
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification Kim Alvefur <zash@zash.se> parents: 5370 diff changeset	501 width = "2p";
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification Kim Alvefur <zash@zash.se> parents: 5370 diff changeset	502 mapper = function(active)
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification Kim Alvefur <zash@zash.se> parents: 5370 diff changeset	503 return array.collect(it.keys(active)):sort():concat(", ");
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification Kim Alvefur <zash@zash.se> parents: 5370 diff changeset	504 end;
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification Kim Alvefur <zash@zash.se> parents: 5370 diff changeset	505 };
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	506 };
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	507
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	508 local row = require "util.human.io".table(colspec, self.session.width);
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	509
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	510 local print = self.session.print;
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	511 print(row());
5309 09656e2b4927 mod_client_management: Improve table output Matthew Wild <mwild1@gmail.com> parents: 5308 diff changeset	512 print(string.rep("-", self.session.width));
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	513 for _, client in ipairs(clients) do
5371 b2d51c6ae89a mod_client_management: Move table cell formatting into column specification Kim Alvefur <zash@zash.se> parents: 5370 diff changeset	514 print(row(client));
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	515 end
5309 09656e2b4927 mod_client_management: Improve table output Matthew Wild <mwild1@gmail.com> parents: 5308 diff changeset	516 print(string.rep("-", self.session.width));
09656e2b4927 mod_client_management: Improve table output Matthew Wild <mwild1@gmail.com> parents: 5308 diff changeset	517 return true, ("%d clients"):format(#clients);
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	518 end
5601 e9af6abf2b1e mod_client_management: Add shell command to revoke client access Kim Alvefur <zash@zash.se> parents: 5600 diff changeset	519
e9af6abf2b1e mod_client_management: Add shell command to revoke client access Kim Alvefur <zash@zash.se> parents: 5600 diff changeset	520 function console_env.user:revoke_client(user_jid, selector) -- luacheck: ignore 212/self
e9af6abf2b1e mod_client_management: Add shell command to revoke client access Kim Alvefur <zash@zash.se> parents: 5600 diff changeset	521 local username, host = jid.split(user_jid);
e9af6abf2b1e mod_client_management: Add shell command to revoke client access Kim Alvefur <zash@zash.se> parents: 5600 diff changeset	522 local mod = prosody.hosts[host] and prosody.hosts[host].modules.client_management;
e9af6abf2b1e mod_client_management: Add shell command to revoke client access Kim Alvefur <zash@zash.se> parents: 5600 diff changeset	523 if not mod then
e9af6abf2b1e mod_client_management: Add shell command to revoke client access Kim Alvefur <zash@zash.se> parents: 5600 diff changeset	524 return false, ("Host does not exist on this server, or does not have mod_client_management loaded");
e9af6abf2b1e mod_client_management: Add shell command to revoke client access Kim Alvefur <zash@zash.se> parents: 5600 diff changeset	525 end
e9af6abf2b1e mod_client_management: Add shell command to revoke client access Kim Alvefur <zash@zash.se> parents: 5600 diff changeset	526
e9af6abf2b1e mod_client_management: Add shell command to revoke client access Kim Alvefur <zash@zash.se> parents: 5600 diff changeset	527 local revoked, err = revocation_errors.coerce(mod.revoke_client_access(username, selector));
e9af6abf2b1e mod_client_management: Add shell command to revoke client access Kim Alvefur <zash@zash.se> parents: 5600 diff changeset	528 if not revoked then
e9af6abf2b1e mod_client_management: Add shell command to revoke client access Kim Alvefur <zash@zash.se> parents: 5600 diff changeset	529 return false, err.text or err;
e9af6abf2b1e mod_client_management: Add shell command to revoke client access Kim Alvefur <zash@zash.se> parents: 5600 diff changeset	530 end
e9af6abf2b1e mod_client_management: Add shell command to revoke client access Kim Alvefur <zash@zash.se> parents: 5600 diff changeset	531 return true, "Client access revoked";
e9af6abf2b1e mod_client_management: Add shell command to revoke client access Kim Alvefur <zash@zash.se> parents: 5600 diff changeset	532 end
5301 8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list Matthew Wild <mwild1@gmail.com> parents: 5294 diff changeset	533 end);

prosody-modules

bd3ff802d883

mod_client_management/mod_client_management.lua

Software / code / prosody-modules

Annotate

mod_client_management/mod_client_management.lua @ 6120:bd3ff802d883

Software `/` code `/` prosody-modules