Comparison

mod_adhoc_account_management/mod_adhoc_account_management.lua @ 1090:1aa48916eb8b

mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
author Kim Alvefur <zash@zash.se>
date Fri, 28 Jun 2013 03:22:48 +0200
child 3416:c6dd65354db0
comparison
equal deleted inserted replaced
1089:4057f176be7b 1090:1aa48916eb8b
1 local dataforms_new = require "util.dataforms".new;
2 local usermanager_set_password = require "core.usermanager".set_password;
3 local usermanager_test_password = require "core.usermanager".test_password;
4 local jid_split = require"util.jid".split;
5 local close_others = module:get_option_boolean("close_sessions_on_password_change", true)
6 local require_confirm = module:get_option_boolean("require_confirm_password", true)
7 local require_current = module:get_option_boolean("require_current_password", true)
8
9 local change_password_layout = {
10 title = "Changing Your Password";
11 instructions = "Fill out this form to change a your password.";
12
13 {
14 -- This is meta
15 name = "FORM_TYPE",
16 type = "hidden",
17 -- Reuses form type from XEP 77
18 value = "jabber:iq:register:changepassword",
19 };
20 {
21 name = "password",
22 type = "text-private",
23 required = true,
24 label = "New Password",
25 };
26 };
27 if require_confirm then
28 table.insert(change_password_layout, {
29 name = "password-confirm",
30 type = "text-private",
31 required = true,
32 label = "Confirm new password",
33 });
34 end
35 if require_current then
36 table.insert(change_password_layout, 2, {
37 name = "password-current",
38 type = "text-private",
39 required = true,
40 label = "Current password",
41 });
42 end
43 change_password_layout = dataforms_new(change_password_layout);
44
45 function change_password_command_handler(self, data, state)
46 if not state then -- New session, send the form
47 return { status = "executing", actions = { "complete" }, form = change_password_layout }, true;
48 else
49 if data.action == "cancel" then
50 return { status = "canceled" };
51 end
52
53 -- Who are we talking to?
54 local username, hostname = jid_split(data.from);
55 if not username or hostname ~= module.host then
56 return { status = "error", error = { type = "cancel",
57 condition = "forbidden", message = "Invalid user or hostname." } };
58 end
59
60 -- Extract data from the form
61 local fields = change_password_layout:data(data.form);
62
63 -- Validate
64 if require_current then
65 if not fields["password-current"] or #fields["password-current"] == 0 then
66 return { status = "error", error = { type = "modify",
67 condition = "bad-request", message = "Please enter your current password" } };
68 elseif not usermanager_test_password(username, hostname, fields["password-current"]) then
69 return { status = "error", error = { type = "modify",
70 condition = "bad-request", message = "Your current password was incorrect" } };
71 end
72 end
73
74 if require_confirm and fields["password-confirm"] ~= fields["password"] then
75 return { status = "error", error = { type = "modify",
76 condition = "bad-request", message = "New password didn't match the confirmation" } };
77 end
78
79 if not fields.password or #fields.password == 0 then
80 return { status = "error", error = { type = "modify",
81 condition = "bad-request", message = "Please enter a new password" } };
82 end
83
84 -- All is good, so change password.
85 module:log("debug", "About to usermanager.set_password(%q, password, %q)", username, hostname);
86 local ok, err = usermanager_set_password(username, fields.password, hostname);
87 if ok then
88 if close_others then
89 for _, sess in pairs(hosts[hostname].sessions[username].sessions) do
90 if sess.full_jid ~= data.from then
91 sess:close{ condition = "reset", text = "Password changed" }
92 end
93 end
94 end
95 return { status = "completed", info = "Password successfully changed" };
96 else
97 module:log("warn", "%s@%s could not change password: %s", username, hostname, tostring(err));
98 return { status = "error", error = { type = "cancel",
99 condition = "internal-server-error", message = "Could not save new password: "..tostring(err) } };
100 end
101 end
102 end
103
104 -- Feature requests? What could fit under account management?
105
106
107 local adhoc_new = module:require "adhoc".new;
108 local adhoc_passwd = adhoc_new("Change Password", "passwd", change_password_command_handler, "user");
109 module:add_item ("adhoc", adhoc_passwd);