prosody-modules
e977174082ee
mod_lastlog2/mod_lastlog2.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_lastlog2/mod_lastlog2.lua @ 6193:e977174082ee

mod_invites_register_api: Use set_password() for password resets Previously the code relied on the (weird) behaviour of create_user(), which would update the password for a user account if it already existed. This has several issues, and we plan to deprecate this behaviour of create_user(). The larger issue is that this route does not trigger the user-password-changed event, which can be a security problem. For example, it did not disconnect existing user sessions (this occurs in mod_c2s in response to the event). Switching to set_password() is the right thing to do
author Matthew Wild <mwild1@gmail.com>
date Thu, 06 Feb 2025 10:24:30 +0000
parent 5900:c5df6d53f17f
child 6195:886c985ece61
child 6208:e20901443eae
line wrap: on
line source

local jid = require "util.jid";
local time = os.time;
local log_ip = module:get_option_boolean("lastlog_ip_address", false);

local store;
if module.host ~= "*" then -- workaround for prosodyctl loading into global context
	store = module:open_store(nil, "map");
end

module:hook("authentication-success", function(event)
	local session = event.session;
	if session.username then
		store:set(session.username, "login", {
			timestamp = time(),
			ip = log_ip and session and session.ip or nil,
		});
	end
end);

module:hook("resource-unbind", function(event)
	local session = event.session;
	if session.username then
		store:set(session.username, "logout", {
			timestamp = time(),
			ip = log_ip and session and session.ip or nil,
		});
	end
end);

module:hook("user-registered", function(event)
	local session = event.session;
	store:set(event.username, "registered", {
		timestamp = time(),
		ip = log_ip and session and session.ip or nil,
	});
end);


if module:get_host_type() == "component" then
	module:hook("message/bare", function(event)
		local room = jid.split(event.stanza.attr.to);
		if room then
			store:set(room, module.host, "message", {
				timestamp = time(),
			});
		end
	end);
end

do
	local user_sessions = prosody.hosts[module.host].sessions;
	local kv_store = module:open_store();
	function get_last_active(username) --luacheck: ignore 131/get_last_active
		if user_sessions[username] then
			return os.time(); -- Currently connected
		else
			local last_activity = kv_store:get(username);
			if not last_activity then return nil; end
			local last_login = last_activity.login;
			local last_logout = last_activity.logout;
			local latest = math.max(last_login and last_login.timestamp or 0, last_logout and last_logout.timestamp or 0);
			if latest == 0 then
				return nil; -- Never logged in
			end
			return latest;
		end
	end
end

function module.command(arg)
	if not arg[1] or arg[1] == "--help" then
		require"util.prosodyctl".show_usage([[mod_lastlog2 <user@host>]], [[Show when user last logged in or out]]);
		return 1;
	end
	local user, host = jid.prepped_split(table.remove(arg, 1));
	require"core.storagemanager".initialize_host(host);
	store = module:context(host):open_store();
	local lastlog = store:get(user);
	if lastlog then
		for event, data in pairs(lastlog) do
			print(("Last %s: %s"):format(event,
				data.timestamp and os.date("%Y-%m-%d %H:%M:%S", data.timestamp) or "<unknown>"));
			if data.ip then
				print("IP address: "..data.ip);
			end
		end
	else
		print("No record found");
		return 1;
	end
	return 0;
end