Changeset

723:c26652d055b5

mod_register_json: moved throttling logic so that if there's a failure during nick registration the user can retry and referenced usermanager from prosody's _G instead of req. it.
author Marco Cirillo <maranda@lightwitch.org>
date Mon, 25 Jun 2012 22:20:27 +0000
parents 722:5c7175be532b
children 724:b94010de43f6
files mod_register_json/mod_register_json.lua
diffstat 1 files changed, 16 insertions(+), 14 deletions(-) [+]
line wrap: on
line diff
--- a/mod_register_json/mod_register_json.lua	Mon Jun 25 22:17:40 2012 +0000
+++ b/mod_register_json/mod_register_json.lua	Mon Jun 25 22:20:27 2012 +0000
@@ -6,7 +6,7 @@
 
 local jid_prep = require "util.jid".prep
 local jid_split = require "util.jid".split
-local usermanager = require "core.usermanager"
+local usermanager = usermanager
 local b64_decode = require "util.encodings".base64.decode
 local json_decode = require "util.json".decode
 local os_time = os.time
@@ -78,20 +78,8 @@
 			module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"])
 			return http_response(event, 401, "I obey only to my masters... Have a nice day.")
 		else	
-			-- Checks for both Throttling/Whitelist and Blacklist (basically copycatted from prosody's register.lua code)
+			-- Blacklist can be checked here.
 			if blacklist:contains(req_body["ip"]) then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]) ; return http_response(403, "The specified address is blacklisted, sorry sorry.") end
-			if throttle_time and not whitelist:contains(req_body["ip"]) then
-				if not recent_ips[req_body["ip"]] then
-					recent_ips[req_body["ip"]] = os_time()
-				else
-					if os_time() - recent_ips[req_body["ip"]] < throttle_time then
-						recent_ips[req_body["ip"]] = os_time()
-						module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"])
-						return http_response(event, 503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again.")
-					end
-					recent_ips[req_body["ip"]] = os_time()
-				end
-			end
 
 			-- We first check if the supplied username for registration is already there.
 			-- And nodeprep the username
@@ -101,6 +89,20 @@
 				return http_response(event, 406, "Supplied username contains invalid characters, see RFC 6122.")
 			else
 				if not usermanager.user_exists(username, req_body["host"]) then
+					-- if username fails to register successive requests shouldn't be throttled until one is successful.
+					if throttle_time and not whitelist:contains(req_body["ip"]) then
+						if not recent_ips[req_body["ip"]] then
+							recent_ips[req_body["ip"]] = os_time()
+						else
+							if os_time() - recent_ips[req_body["ip"]] < throttle_time then
+								recent_ips[req_body["ip"]] = os_time()
+								module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"])
+								return http_response(event, 503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again.")
+							end
+							recent_ips[req_body["ip"]] = os_time()
+						end
+					end
+
 					local ok, error = usermanager.create_user(username, req_body["password"], req_body["host"])
 					if ok then 
 						hosts[req_body["host"]].events.fire_event("user-registered", { username = username, host = req_body["host"], source = "mod_register_json", session = { ip = req_body["ip"] } })