prosody-modules
c539334dd01a
mod_adhoc_account_management/mod_adhoc_account_management.lua
Software / code / prosody-modules
File
mod_adhoc_account_management/mod_adhoc_account_management.lua @ 4260:c539334dd01a
mod_http_oauth2: Rescope oauth client config into users' storage
This produces client_id of the form owner@host/random and prevents
clients from being deleted by registering an account with the same name
and then deleting the account, as well as having the client
automatically be deleted when the owner account is removed.
On one hand, this leaks the bare JID of the creator to users. On the
other hand, it makes it obvious who made the oauth application.
This module is experimental and only for developers, so this can be
changed if a better method comes up.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 21 Nov 2020 23:55:10 +0100 |
| parent | 3416:c6dd65354db0 |
| child | 4909:6ce42aacad42 |
line wrap: on
line source
local dataforms_new = require "util.dataforms".new; local usermanager_set_password = require "core.usermanager".set_password; local usermanager_test_password = require "core.usermanager".test_password; local jid_split = require"util.jid".split; local close_others = module:get_option_boolean("close_sessions_on_password_change", true) local require_confirm = module:get_option_boolean("require_confirm_password", true) local require_current = module:get_option_boolean("require_current_password", true) local change_password_layout = { title = "Changing Your Password"; instructions = "Fill out this form to change a your password."; { -- This is meta name = "FORM_TYPE", type = "hidden", -- Reuses form type from XEP 77 value = "jabber:iq:register:changepassword", }; { name = "password", type = "text-private", required = true, label = "New Password", }; }; if require_confirm then table.insert(change_password_layout, { name = "password-confirm", type = "text-private", required = true, label = "Confirm new password", }); end if require_current then table.insert(change_password_layout, 2, { name = "password-current", type = "text-private", required = true, label = "Current password", }); end change_password_layout = dataforms_new(change_password_layout); function change_password_command_handler(self, data, state) if not state then -- New session, send the form return { status = "executing", actions = { "complete" }, form = change_password_layout }, true; end if data.action == "cancel" then return { status = "canceled" }; end -- Who are we talking to? local username, hostname = jid_split(data.from); if not username or hostname ~= module.host then return { status = "error", error = { type = "cancel", condition = "forbidden", message = "Invalid user or hostname." } }; end -- Extract data from the form local fields = change_password_layout:data(data.form); -- Validate if require_current then if not fields["password-current"] or #fields["password-current"] == 0 then return { status = "error", error = { type = "modify", condition = "bad-request", message = "Please enter your current password" } }; elseif not usermanager_test_password(username, hostname, fields["password-current"]) then return { status = "error", error = { type = "modify", condition = "bad-request", message = "Your current password was incorrect" } }; end end if require_confirm and fields["password-confirm"] ~= fields["password"] then return { status = "error", error = { type = "modify", condition = "bad-request", message = "New password didn't match the confirmation" } }; end if not fields.password or #fields.password == 0 then return { status = "error", error = { type = "modify", condition = "bad-request", message = "Please enter a new password" } }; end -- All is good, so change password. module:log("debug", "About to usermanager.set_password(%q, password, %q)", username, hostname); local ok, err = usermanager_set_password(username, fields.password, hostname); if ok then if close_others then for _, sess in pairs(hosts[hostname].sessions[username].sessions) do if sess.full_jid ~= data.from then sess:close{ condition = "reset", text = "Password changed" } end end end return { status = "completed", info = "Password successfully changed" }; else module:log("warn", "%s@%s could not change password: %s", username, hostname, tostring(err)); return { status = "error", error = { type = "cancel", condition = "internal-server-error", message = "Could not save new password: "..tostring(err) } }; end end -- Feature requests? What could fit under account management? local adhoc_new = module:require "adhoc".new; local adhoc_passwd = adhoc_new("Change Password", "passwd", change_password_command_handler, "user"); module:add_item ("adhoc", adhoc_passwd);
