Software /
code /
prosody-modules
Changeset
1342:0ae065453dc9
Initial commit
author | Luis G.F <luisgf@gmail.com> |
---|---|
date | Mon, 10 Mar 2014 08:22:58 +0000 |
parents | 1341:f5c256a5f209 |
children | 1343:7dbde05b48a9 |
files | mod_email_pass/mod_email_pass.lua mod_email_pass/templates/changepass.html mod_email_pass/templates/resetok.html mod_email_pass/templates/sendmailok.html mod_email_pass/templates/sendtoken.mail mod_email_pass/templates/style.css mod_email_pass/templates/token.html |
diffstat | 7 files changed, 585 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_email_pass/mod_email_pass.lua Mon Mar 10 08:22:58 2014 +0000 @@ -0,0 +1,366 @@ +local dm_load = require "util.datamanager".load; +local st = require "util.stanza"; +local nodeprep = require "util.encodings".stringprep.nodeprep; +local usermanager = require "core.usermanager"; +local http = require "net.http"; +local vcard = module:require "vcard"; +local datetime = require "util.datetime"; +local timer = require "util.timer"; +local jidutil = require "util.jid"; + +-- SMTP related params. Readed from config +local os_time = os.time; +local smtp = require "socket.smtp"; +local smtp_server = module:get_option_string("smtp_server", "localhost"); +local smtp_port = module:get_option_string("smtp_port", "25"); +local smtp_ssl = module:get_option_boolean("smtp_ssl", false); +local smtp_user = module:get_option_string("smtp_username"); +local smtp_pass = module:get_option_string("smtp_password"); +local smtp_address = module:get_option("smtp_from") or ((smtp_user or "no-responder").."@"..(smtp_server or module.host)); +local mail_subject = module:get_option_string("msg_subject") +local mail_body = module:get_option_string("msg_body"); +local url_path = module:get_option_string("url_path", "/resetpass"); + + +-- This table has the tokens submited by the server +tokens_mails = {}; +tokens_expiration = {}; + +-- URL +local https_host = module:get_option_string("https_host"); +local http_host = module:get_option_string("http_host"); +local https_port = module:get_option("https_ports", { 443 }); +local http_port = module:get_option("http_ports", { 80 }); + +local timer_repeat = 120; -- repeat after 120 secs + +function enablessl() + local sock = socket.tcp() + return setmetatable({ + connect = function(_, host, port) + local r, e = sock:connect(host, port) + if not r then return r, e end + sock = ssl.wrap(sock, {mode='client', protocol='tlsv1'}) + return sock:dohandshake() + end + }, { + __index = function(t,n) + return function(_, ...) + return sock[n](sock, ...) + end + end + }) +end + +function template(data) + -- Like util.template, but deals with plain text + return { apply = function(values) return (data:gsub("{([^}]+)}", values)); end } +end + +local function get_template(name, extension) + local fh = assert(module:load_resource("templates/"..name..extension)); + local data = assert(fh:read("*a")); + fh:close(); + return template(data); +end + +local function render(template, data) + return tostring(template.apply(data)); +end + +function send_email(address, smtp_address, message_text, subject) + local rcpt = "<"..address..">"; + + local mesgt = { + headers = { + to = address; + subject = subject or ("Jabber password reset "..jid_bare(from_address)); + }; + body = message_text; + }; + local ok, err = nil; + + if not smtp_ssl then + ok, err = smtp.send{ from = smtp_address, rcpt = rcpt, source = smtp.message(mesgt), + server = smtp_server, user = smtp_user, password = smtp_pass, port = 25 }; + else + ok, err = smtp.send{ from = smtp_address, rcpt = rcpt, source = smtp.message(mesgt), + server = smtp_server, user = smtp_user, password = smtp_pass, port = smtp_port, create = enablessl }; + end + + if not ok then + module:log("error", "Failed to deliver to %s: %s", tostring(address), tostring(err)); + return; + end + return true; +end + +local vCard_mt = { + __index = function(t, k) + if type(k) ~= "string" then return nil end + for i=1,#t do + local t_i = rawget(t, i); + if t_i and t_i.name == k then + rawset(t, k, t_i); + return t_i; + end + end + end +}; + +local function get_user_vcard(user, host) + local vCard = dm_load(user, host or base_host, "vcard"); + if vCard then + vCard = st.deserialize(vCard); + vCard = vcard.from_xep54(vCard); + return setmetatable(vCard, vCard_mt); + end +end + +local changepass_tpl = get_template("changepass",".html"); +local sendmail_success_tpl = get_template("sendmailok",".html"); +local reset_success_tpl = get_template("resetok",".html"); +local token_tpl = get_template("token",".html"); + +function generate_page(event, display_options) + local request = event.request; + + return render(changepass_tpl, { + path = request.path; hostname = module.host; + notice = display_options and display_options.register_error or ""; + }) +end + +function generate_token_page(event, display_options) + local request = event.request; + + return render(token_tpl, { + path = request.path; hostname = module.host; + token = request.url.query; + notice = display_options and display_options.register_error or ""; + }) +end + +function generateToken(address) + math.randomseed(os.time()) + length = 16 + if length < 1 then return nil end + local array = {} + for i = 1, length, 2 do + array[i] = string.char(math.random(48,57)) + array[i+1] = string.char(math.random(97,122)) + end + local token = table.concat(array); + if not tokens_mails[token] then + + tokens_mails[token] = address; + tokens_expiration[token] = os.time(); + return token + else + module:log("error", "Reset password token collision: '%s'", token); + return generateToken(address) + end +end + +function isExpired(token) + if not tokens_expiration[token] then + return nil; + end + if os.difftime(os.time(), tokens_expiration[token]) < 86400 then -- 86400 secs == 24h + -- token is valid yet + return nil; + else + -- token invalid, we can create a fresh one. + return true; + end +end + +-- Expire tokens +expireTokens = function() + for token,value in pairs(tokens_mails) do + if isExpired(token) then + module:log("info","Expiring password reset request from user '%s', not used.", tokens_mails[token]); + tokens_mails[token] = nil; + tokens_expiration[token] = nil; + end + end + return timer_repeat; +end + +-- Check if a user has a active token not used yet. +function hasTokenActive(address) + for token,value in pairs(tokens_mails) do + if address == value and not isExpired(token) then + return token; + end + end + return nil; +end + +function generateUrl(token) + local url; + + if https_host then + url = "https://" .. https_host; + else + url = "http://" .. http_host; + end + + if https_port then + url = url .. ":" .. https_port[1]; + else + url = url .. ":" .. http_port[1]; + end + + url = url .. url_path .. "token.html?" .. token; + + return url; +end + +function sendMessage(jid, subject, message) + local msg = st.message({ from = module.host; to = jid; }): + tag("subject"):text(subject):up(): + tag("body"):text(message); + module:send(msg); +end + +function send_token_mail(form, origin) + local user, host, resource = jidutil.split(form.username); + local prepped_username = nodeprep(user); + local prepped_mail = form.email; + local jid = prepped_username .. "@" .. host; + + if not prepped_username then + return nil, "El usuario contiene caracteres incorrectos"; + end + if #prepped_username == 0 then + return nil, "El campo usuario está vacio"; + end + if not usermanager.user_exists(prepped_username, module.host) then + return nil, "El usuario NO existe"; + end + + if #prepped_mail == 0 then + return nil, "El campo email está vacio"; + end + + local vcarduser = get_user_vcard(prepped_username, module.host); + + if not vcarduser then + return nil, "User has not vCard"; + else + if not vcarduser.EMAIL then + return nil, "Esa cuente no tiene ningún email configurado en su vCard"; + end + + email = string.lower(vcarduser.EMAIL[1]); + + if email ~= string.lower(prepped_mail) then + return nil, "Dirección eMail incorrecta"; + end + + -- Check if has already a valid token, not used yet. + if hasTokenActive(jid) then + local valid_until = tokens_expiration[hasTokenActive(jid)] + 86400; + return nil, "Ya tienes una petición de restablecimiento de clave válida hasta: " .. datetime.date(valid_until) .. " " .. datetime.time(valid_until); + end + + local url_token = generateToken(jid); + local url = generateUrl(url_token); + local email_body = render(get_template("sendtoken",".mail"), {jid = jid, url = url} ); + + module:log("info", "Sending password reset mail to user %s", jid); + send_email(email, smtp_address, email_body, mail_subject); + return "ok"; + end + +end + +function reset_password_with_token(form, origin) + local token = form.token; + local password = form.newpassword; + + if not token then + return nil, "El Token es inválido"; + end + if not tokens_mails[token] then + return nil, "El Token no existe o ya fué usado"; + end + if not password then + return nil, "La campo clave no puede estar vacio"; + end + if #password < 5 then + return nil, "La clave debe tener una longitud de al menos 5 caracteres"; + end + local jid = tokens_mails[token]; + local user, host, resource = jidutil.split(jid); + + usermanager.set_password(user, password, host); + module:log("info", "Password changed with token for user %s", jid); + tokens_mails[token] = nil; + tokens_expiration[token] = nil; + sendMessage(jid, mail_subject, mail_body); + return "ok"; +end + +function generate_success(event, form) + return render(sendmail_success_tpl, { jid = nodeprep(form.username).."@"..module.host }); +end + +function generate_register_response(event, form, ok, err) + local message; + if ok then + return generate_success(event, form); + else + return generate_page(event, { register_error = err }); + end +end + +function handle_form_token(event) + local request, response = event.request, event.response; + local form = http.formdecode(request.body); + + local token_ok, token_err = send_token_mail(form, request); + response:send(generate_register_response(event, form, token_ok, token_err)); + + return true; -- Leave connection open until we respond above +end + +function generate_reset_success(event, form) + return render(reset_success_tpl, { }); +end + +function generate_reset_response(event, form, ok, err) + local message; + if ok then + return generate_reset_success(event, form); + else + return generate_token_page(event, { register_error = err }); + end +end + +function handle_form_reset(event) + local request, response = event.request, event.response; + local form = http.formdecode(request.body); + + local reset_ok, reset_err = reset_password_with_token(form, request); + response:send(generate_reset_response(event, form, reset_ok, reset_err)); + + return true; -- Leave connection open until we respond above + +end + +timer.add_task(timer_repeat, expireTokens); + +module:provides("http", { + default_path = url_path; + route = { + ["GET /style.css"] = render(get_template("style",".css"), {}); + ["GET /token.html"] = generate_token_page; + ["GET /"] = generate_page; + ["POST /token.html"] = handle_form_reset; + ["POST /"] = handle_form_token; + }; +}); + +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_email_pass/templates/changepass.html Mon Mar 10 08:22:58 2014 +0000 @@ -0,0 +1,36 @@ +<!DOCTYPE html> +<html> + <head> + <meta charset="utf-8"> + <link rel="stylesheet" type="text/css" href="style.css" /> + <title>Reseteo de la clave de tu cuenta Jabber</title> + </head> + <body> + <div id="estilo" class="formulario"> + <h1>Reseteo de la clave de tu cuenta Jabber</h1> + <form action="{path}" method="POST"> + <p class="error">{notice}</p> + <label> + Usuario: + <span class="small">Introduce tu usuario</span> + </label> + <input type="text" name="username" required>@{hostname} + <div class="spacer"></div> + <label> + Email: + <span class="small">Introduce tu email</span> + </label> + <input type="text" name="email" required> + <div class="spacer"></div> + + <input id="button" class="button" type="submit" value="Enviar!"> + <div class="spacer"></div> + </form> + <p> + Al pulsar sobre el botón, se enviará a la dirección de correo que figura + en tu vCard un enlace en el que deberás entrar.<br /> + </p> + </div> + </body> +</html> +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_email_pass/templates/resetok.html Mon Mar 10 08:22:58 2014 +0000 @@ -0,0 +1,15 @@ + +<!DOCTYPE html> +<html> + <head> + <link rel="stylesheet" type="text/css" href="style.css" /> + <meta charset="utf-8"> + <title>Clave reseteada!</title> + </head> + <body> + <div id="estilo" class="formulario"> + <h1>Tu clave ha sido cambiada correctamente. Ya puedes iniciar sesión con ella.</h1> + </div> + </body> +</html> +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_email_pass/templates/sendmailok.html Mon Mar 10 08:22:58 2014 +0000 @@ -0,0 +1,15 @@ + +<!DOCTYPE html> +<html> + <head> + <link rel="stylesheet" type="text/css" href="style.css" /> + <meta charset="utf-8"> + <title>Enlace enviado!</title> + </head> + <body> + <div id="estilo" class="formulario"> + <h1>Acabamos de enviarte un email con un enlace que tendrás que visitar.</h1> + </div> + </body> +</html> +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_email_pass/templates/sendtoken.mail Mon Mar 10 08:22:58 2014 +0000 @@ -0,0 +1,14 @@ +Hola: + +Si has recibido este email es porque has solicitado el reseteo de la +clave de tu cuenta Jabber/XMPP {jid} + +Para proceder con el cambio de clave, haz click en el siguiente enlace: + +{url} + +Si no has solicitado resetear tu clave, ignora este mensaje. + +Atentamente, el equipo de mijabber.es + +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_email_pass/templates/style.css Mon Mar 10 08:22:58 2014 +0000 @@ -0,0 +1,109 @@ +body{ + font-family:"Lucida Grande", "Lucida Sans Unicode", Verdana, Arial, Helvetica, sans-serif; + font-size:12px; +} + +p, h1, form, button{border:0; margin:0; padding:0;} +.spacer{clear:both; height:1px;} + +/* ----------- My Form ----------- */ +.formulario{ + margin:0 auto; + width:500px; + padding:14px; +} +/* ----------- stylized ----------- */ +#estilo { + border:solid 2px #b7ddf2; + background:#ebf4fb; +} + +#estilo h1 { + font-size:14px; + font-weight:bold; + margin-bottom:8px; +} + +#estilo p { + font-size:11px; + color:#666666; + margin-bottom:20px; + border-bottom:solid 1px #b7ddf2; + padding-bottom:10px; +} + +#estilo p.error { + font-size:12px; + font-weight:bold; + color:red; + margin-bottom:20px; + border-bottom:solid 1px #b7ddf2; + padding-bottom:10px; +} + +#estilo label{ + display:block; + font-weight:bold; + text-align:right; + width:140px; + float:left; +} + +#estilo .small{ + color:#666666; + display:block; + font-size:11px; + font-weight:normal; + text-align:right; + width:140px; +} + +#estilo input{ + float:left; + font-size:12px; + padding:4px 2px; + border:solid 1px #aacfe4; + width:200px; + margin:2px 0 20px 10px; +} + +.button { + -moz-box-shadow:inset 0px 1px 0px 0px #cae3fc; + -webkit-box-shadow:inset 0px 1px 0px 0px #cae3fc; + box-shadow:inset 0px 1px 0px 0px #cae3fc; + background-color:#79bbff; + -webkit-border-top-left-radius:18px; + -moz-border-radius-topleft:18px; + border-top-left-radius:18px; + -webkit-border-top-right-radius:18px; + -moz-border-radius-topright:18px; + border-top-right-radius:18px; + -webkit-border-bottom-right-radius:18px; + -moz-border-radius-bottomright:18px; + border-bottom-right-radius:18px; + -webkit-border-bottom-left-radius:18px; + -moz-border-radius-bottomleft:18px; + border-bottom-left-radius:18px; + text-indent:0; + border:1px solid #469df5; + display:inline-block; + color:#ffffff; + font-family:Arial; + font-size:15px; + font-weight:bold; + font-style:normal; + height:40px; + line-height:40px; + width:100px; + text-decoration:none; + text-align:center; + text-shadow:1px 1px 0px #287ace; +} +.button:hover { + background-color:#4197ee; +} +.button:active { + position:relative; + top:1px; +} +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_email_pass/templates/token.html Mon Mar 10 08:22:58 2014 +0000 @@ -0,0 +1,30 @@ +<!DOCTYPE html> +<html> + <head> + <link rel="stylesheet" type="text/css" href="style.css" /> + <meta charset="utf-8"> + <title>Reseto de la clave de tu cuenta Jabber</title> + </head> + <body> + <div id="estilo" class="formulario"> + <h1>Reseteo de la clave de tu cuenta Jabber</h1> + <form action="{path}?{token}" method="POST"> + <p class="error">{notice}</p> + <label> + Token: + </label> + <input name="token" value="{token}" required readonly> + <div class="spacer"></div> + + <label> + Contraseña: + </label> + <input name="newpassword" type="password" required size="35"> + <div class="spacer"></div> + <input id="button" class="button" type="submit" value="Cambiar!"> + <div class="spacer"></div> + </form> + </div> + </body> +</html> +