prosody-modules
e977174082ee
mod_firewall/marks.lib.lua
Software / code / prosody-modules
File
mod_firewall/marks.lib.lua @ 6193:e977174082ee
mod_invites_register_api: Use set_password() for password resets
Previously the code relied on the (weird) behaviour of create_user(), which
would update the password for a user account if it already existed. This has
several issues, and we plan to deprecate this behaviour of create_user().
The larger issue is that this route does not trigger the user-password-changed
event, which can be a security problem. For example, it did not disconnect
existing user sessions (this occurs in mod_c2s in response to the event).
Switching to set_password() is the right thing to do
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 06 Feb 2025 10:24:30 +0000 |
| parent | 5542:048284447643 |
line wrap: on
line source
local mark_storage = module:open_store("firewall_marks"); local mark_map_storage = module:open_store("firewall_marks", "map"); local user_sessions = prosody.hosts[module.host].sessions; module:hook("firewall/marked/user", function (event) local user = user_sessions[event.username]; local marks = user and user.firewall_marks; if user and not marks then -- Load marks from storage to cache on the user object marks = mark_storage:get(event.username) or {}; user.firewall_marks = marks; --luacheck: ignore 122 end if marks then marks[event.mark] = event.timestamp; end local ok, err = mark_map_storage:set(event.username, event.mark, event.timestamp); if not ok then module:log("error", "Failed to mark user %q with %q: %s", event.username, event.mark, err); end return true; end, -1); module:hook("firewall/unmarked/user", function (event) local user = user_sessions[event.username]; local marks = user and user.firewall_marks; if marks then marks[event.mark] = nil; end local ok, err = mark_map_storage:set(event.username, event.mark, nil); if not ok then module:log("error", "Failed to unmark user %q with %q: %s", event.username, event.mark, err); end return true; end, -1);
