Software / code / prosody-modules
Annotate
mod_invites_register_web/README.md @ 6193:e977174082ee
mod_invites_register_api: Use set_password() for password resets
Previously the code relied on the (weird) behaviour of create_user(), which
would update the password for a user account if it already existed. This has
several issues, and we plan to deprecate this behaviour of create_user().
The larger issue is that this route does not trigger the user-password-changed
event, which can be a security problem. For example, it did not disconnect
existing user sessions (this occurs in mod_c2s in response to the event).
Switching to set_password() is the right thing to do
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 06 Feb 2025 10:24:30 +0000 |
| parent | 6090:2e358c105f64 |
| child | 6211:750d64c47ec6 |
| rev | line source |
|---|---|
|
4093
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 --- |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 labels: |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 - 'Stage-Beta' |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 summary: 'Register accounts via the web using invite tokens' |
|
4104
476afcbfb3e9
various: Add some dependency metadata
Kim Alvefur <zash@zash.se>
parents:
4093
diff
changeset
|
5 rockspec: |
|
476afcbfb3e9
various: Add some dependency metadata
Kim Alvefur <zash@zash.se>
parents:
4093
diff
changeset
|
6 dependencies: |
|
4105
233e170eb027
various: Dependency metadata needs the mod_ prefix
Kim Alvefur <zash@zash.se>
parents:
4104
diff
changeset
|
7 - mod_invites_page |
|
4833
15cf32e666da
mod_invites_register_web: Add mod_password_policy checks for web registration
Matthew Wild <mwild1@gmail.com>
parents:
4224
diff
changeset
|
8 - mod_password_policy |
|
4105
233e170eb027
various: Dependency metadata needs the mod_ prefix
Kim Alvefur <zash@zash.se>
parents:
4104
diff
changeset
|
9 - mod_register_apps |
|
4135
ed0c7044b00f
mod_invites_register_web: Include html resources in rock
Kim Alvefur <zash@zash.se>
parents:
4109
diff
changeset
|
10 build: |
|
ed0c7044b00f
mod_invites_register_web: Include html resources in rock
Kim Alvefur <zash@zash.se>
parents:
4109
diff
changeset
|
11 copy_directories: |
|
ed0c7044b00f
mod_invites_register_web: Include html resources in rock
Kim Alvefur <zash@zash.se>
parents:
4109
diff
changeset
|
12 - html |
|
4093
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 ... |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 Introduction |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 ============ |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 This module is part of the suite of modules that implement invite-based |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 account registration for Prosody. The other modules are: |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 |
|
4223
4ec755c13e9b
mod_invites*: Link to each other
Kim Alvefur <zash@zash.se>
parents:
4167
diff
changeset
|
21 - [mod_invites] |
|
4ec755c13e9b
mod_invites*: Link to each other
Kim Alvefur <zash@zash.se>
parents:
4167
diff
changeset
|
22 - [mod_invites_adhoc] |
|
4ec755c13e9b
mod_invites*: Link to each other
Kim Alvefur <zash@zash.se>
parents:
4167
diff
changeset
|
23 - [mod_invites_page] |
|
4ec755c13e9b
mod_invites*: Link to each other
Kim Alvefur <zash@zash.se>
parents:
4167
diff
changeset
|
24 - [mod_invites_register] |
|
4224
816c2fa1ca84
mod_invites*: Also link to mod_invites_api
Kim Alvefur <zash@zash.se>
parents:
4223
diff
changeset
|
25 - [mod_invites_api] |
|
4223
4ec755c13e9b
mod_invites*: Link to each other
Kim Alvefur <zash@zash.se>
parents:
4167
diff
changeset
|
26 - [mod_register_apps] |
|
4093
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 |
|
4223
4ec755c13e9b
mod_invites*: Link to each other
Kim Alvefur <zash@zash.se>
parents:
4167
diff
changeset
|
28 For details and a full overview, start with the [mod_invites] documentation. |
|
4093
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 Details |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 ======= |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 mod_invites_register_web implements a web-based registration form that |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 validates invite tokens. It also supports guiding the user through client |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 download and configuration via mod_register_apps. |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 There is no specific configuration for this module (though it uses the |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 optional `site_name` to override the displayed site name. |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 |
|
4167
3a03ae9a0882
mod_invites_register_web: Support linking to a web chat after successful registration
Matthew Wild <mwild1@gmail.com>
parents:
4135
diff
changeset
|
40 You may also set `webchat_url` to the URL of a web chat that will be linked |
|
3a03ae9a0882
mod_invites_register_web: Support linking to a web chat after successful registration
Matthew Wild <mwild1@gmail.com>
parents:
4135
diff
changeset
|
41 to after successful registration. If not specified but mod_conversejs is loaded |
|
3a03ae9a0882
mod_invites_register_web: Support linking to a web chat after successful registration
Matthew Wild <mwild1@gmail.com>
parents:
4135
diff
changeset
|
42 on the current host, it will default to the URL of that module. |
|
3a03ae9a0882
mod_invites_register_web: Support linking to a web chat after successful registration
Matthew Wild <mwild1@gmail.com>
parents:
4135
diff
changeset
|
43 |
|
4093
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 This module depends on mod_invites_page solely for the case where an invalid |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 invite token is received - it will redirect to mod_invites_page so that an |
|
a2116f5a7c8f
mod_invites_register_web: New module to allow web registration with an invite token
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 appropriate error can be served to the user. |
|
4833
15cf32e666da
mod_invites_register_web: Add mod_password_policy checks for web registration
Matthew Wild <mwild1@gmail.com>
parents:
4224
diff
changeset
|
47 |
|
15cf32e666da
mod_invites_register_web: Add mod_password_policy checks for web registration
Matthew Wild <mwild1@gmail.com>
parents:
4224
diff
changeset
|
48 The module also depends on [mod_password_policy] (which will be automatically |
|
15cf32e666da
mod_invites_register_web: Add mod_password_policy checks for web registration
Matthew Wild <mwild1@gmail.com>
parents:
4224
diff
changeset
|
49 loaded). As a consequence of this module being loaded, the default password |
|
15cf32e666da
mod_invites_register_web: Add mod_password_policy checks for web registration
Matthew Wild <mwild1@gmail.com>
parents:
4224
diff
changeset
|
50 policies will be enforced for all registrations on the server if not |
|
15cf32e666da
mod_invites_register_web: Add mod_password_policy checks for web registration
Matthew Wild <mwild1@gmail.com>
parents:
4224
diff
changeset
|
51 explicitly loaded or configured. |
|
6090
2e358c105f64
mod_invites_register_web: Add compability-section
Menel <menel@snikket.de>
parents:
6003
diff
changeset
|
52 |
|
2e358c105f64
mod_invites_register_web: Add compability-section
Menel <menel@snikket.de>
parents:
6003
diff
changeset
|
53 Compatibility |
|
2e358c105f64
mod_invites_register_web: Add compability-section
Menel <menel@snikket.de>
parents:
6003
diff
changeset
|
54 ============= |
|
2e358c105f64
mod_invites_register_web: Add compability-section
Menel <menel@snikket.de>
parents:
6003
diff
changeset
|
55 |
|
2e358c105f64
mod_invites_register_web: Add compability-section
Menel <menel@snikket.de>
parents:
6003
diff
changeset
|
56 Prosody-Version Status |
|
2e358c105f64
mod_invites_register_web: Add compability-section
Menel <menel@snikket.de>
parents:
6003
diff
changeset
|
57 --------------- --------------------- |
|
2e358c105f64
mod_invites_register_web: Add compability-section
Menel <menel@snikket.de>
parents:
6003
diff
changeset
|
58 trunk Works as of 24-12-08 |
|
2e358c105f64
mod_invites_register_web: Add compability-section
Menel <menel@snikket.de>
parents:
6003
diff
changeset
|
59 0.12 Works |
