prosody-modules
94399ad6b5ab
mod_email/mod_email.lua
Software / code / prosody-modules
File
mod_email/mod_email.lua @ 6191:94399ad6b5ab
mod_invites_register_api: Use set_password() for password resets
Previously the code relied on the (weird) behaviour of create_user(), which
would update the password for a user account if it already existed. This has
several issues, and we plan to deprecate this behaviour of create_user().
The larger issue is that this route does not trigger the user-password-changed
event, which can be a security problem. For example, it did not disconnect
existing user sessions (this occurs in mod_c2s in response to the event).
Switching to set_password() is the right thing to do.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 06 Feb 2025 10:13:39 +0000 |
| parent | 3836:070faeaf51bc |
line wrap: on
line source
module:set_global(); local moduleapi = require "core.moduleapi"; local smtp = require"socket.smtp"; local config = module:get_option("smtp", { origin = "prosody", exec = "sendmail" }); local function send_email(to, headers, content) if type(headers) == "string" then -- subject headers = { Subject = headers; From = config.origin; }; end headers.To = to; if not headers["Content-Type"] then headers["Content-Type"] = 'text/plain; charset="utf-8"'; end local message = smtp.message{ headers = headers; body = content; }; if config.exec then local pipe = io.popen(config.exec .. " '"..to:gsub("'", "'\\''").."'", "w"); for str in message do pipe:write(str); end return pipe:close(); end return smtp.send({ user = config.user; password = config.password; server = config.server; port = config.port; domain = config.domain; from = config.origin; rcpt = to; source = message; }); end assert(not moduleapi.send_email, "another email module is already loaded"); function moduleapi:send_email(email) --luacheck: ignore 212/self return send_email(email.to, email.headers or email.subject, email.body); end
