Changeset

361:146496a3be78

mod_register_json: Failed at JSON successful decode check, fixed with a code refactor.
author Marco Cirillo <maranda@lightwitch.org>
date Tue, 12 Apr 2011 20:41:57 +0000
parents 360:81528ffa0b76
children 362:bd0a8c032163
files mod_register_json/mod_register_json.lua
diffstat 1 files changed, 35 insertions(+), 30 deletions(-) [+]
line wrap: on
line diff
--- a/mod_register_json/mod_register_json.lua	Tue Apr 12 19:13:16 2011 +0000
+++ b/mod_register_json/mod_register_json.lua	Tue Apr 12 20:41:57 2011 +0000
@@ -4,6 +4,8 @@
 -- A Good chunk of the code is from mod_data_access.lua by Kim Alvefur
 -- aka Zash.
 
+local jid_prep = require "util.jid".prep;
+local jid_split = require "util.jid".split;
 local usermanager = require "core.usermanager";
 local b64_decode = require "util.encodings".base64.decode;
 local json_decode = require "util.json".decode;
@@ -53,41 +55,44 @@
 		return http_response(401, "Who the hell are you?! Guards!");
 	end
 	
-	local req_body; pcall(function() req_body = json.decode(body) end);
-	-- Check if user is an admin of said host
-	if not usermanager.is_admin(user, req_body["host"]) then
-		module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"])
-		return http_response(401, "I obey only to my masters... Have a nice day.");
+	local req_body; 
+	-- We check that what we have is valid JSON wise else we throw an error...
+	if not pcall(function() req_body = json_decode(body) end) then
+		module:log("debug", "JSON data submitted for user registration by %s failed to Decode.", user); 
+		return http_response(400, "JSON Decoding failed.");
 	else
-		-- Various sanity checks.
-		if req_body == nil then module:log("debug", "JSON data submitted for user registration by %s failed to Decode.", user); return http_response(400, "JSON Decoding failed."); end
-		
-		-- Checks for both Throttling/Whitelist and Blacklist (basically copycatted from prosody's register.lua code)
-		if blacklist[req_body["ip"]] then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]); return http_response(403, "The specified address is blacklisted, sorry sorry."); end
-		if throttle_time and not whitelist[req_body["ip"]] then
-			if not recent_ips[req_body["ip"]] then
-				recent_ips[req_body["ip"]] = { time = os_time(), count = 1 };
-			else
-				local ip = recent_ips[req_body["ip"]];
-				ip.count = ip.count + 1;
+		-- Check if user is an admin of said host
+		if not usermanager.is_admin(user, req_body["host"]) then
+			module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"]);
+			return http_response(401, "I obey only to my masters... Have a nice day.");
+		else	
+			-- Checks for both Throttling/Whitelist and Blacklist (basically copycatted from prosody's register.lua code)
+			if blacklist[req_body["ip"]] then then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]); return http_response(403, "The specified address is blacklisted, sorry sorry."); end
+			if throttle_time and not whitelist[req_body["ip"]] then
+				if not recent_ips[req_body["ip"]] then
+					recent_ips[req_body["ip"]] = { time = os_time(), count = 1 };
+				else
+					local ip = recent_ips[req_body["ip"]];
+					ip.count = ip.count + 1;
 
-				if os_time() - ip.time < throttle_time then
+					if os_time() - ip.time < throttle_time then
+						ip.time = os_time();
+						module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"]);
+						return http_response(503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again.");
+					end
 					ip.time = os_time();
-					module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"]);
-					return http_response(503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again.");
 				end
-				ip.time = os_time();
 			end
-		end
-		
-		-- We first check if the supplied username for registration is already there.
-		if not usermanager.user_exists(req_body["username"], req_body["host"]) then
-			usermanager.create_user(req_body["username"], req_body["password"], req_body["host"]);
-			module:log("debug", "%s registration data submission for %s is successful", user, req_body["user"]);
-			return http_response(200, "Done.");
-		else
-			module:log("debug", "%s registration data submission for %s failed (user already exists)", user, req_body["user"]);
-			return http_response(409, "User already exists.");
+
+			-- We first check if the supplied username for registration is already there.
+			if not usermanager.user_exists(req_body["username"], req_body["host"]) then
+				usermanager.create_user(req_body["username"], req_body["password"], req_body["host"]);
+				module:log("debug", "%s registration data submission for %s is successful", user, req_body["user"]);
+				return http_response(200, "Done.");
+			else
+				module:log("debug", "%s registration data submission for %s failed (user already exists)", user, req_body["user"]);
+				return http_response(409, "User already exists.");
+			end
 		end
 	end
 end