prosody
13a27043cd0f
plugins/mod_user_account_management.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Annotate

plugins/mod_user_account_management.lua @ 13369:13a27043cd0f

mod_user_account_management: Add support for soft-deletion of accounts via IBR When registration_delete_grace_period is set, accounts will be disabled for the specified grace period before they are fully deleted. During the grace period, accounts can be restored with the user:restore() shell command. The primary purpose is to prevent accidental or malicious deletion of a user's account, which is traditionally very easy for any XMPP client to do with a single stanza.
author Matthew Wild <mwild1@gmail.com>
date Thu, 30 Nov 2023 13:48:43 +0000
parent 12977:74b9e05af71e
child 13372:ffbd058bb232
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1523
841d61be198f Remove version number from copyright headers
Matthew Wild <mwild1@gmail.com>
parents: 1189
diff changeset
1 -- Prosody IM
2923
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 2448
diff changeset
2 -- Copyright (C) 2008-2010 Matthew Wild
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 2448
diff changeset
3 -- Copyright (C) 2008-2010 Waqas Hussain
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5763
diff changeset
4 --
758
b1885732e979 GPL->MIT!
Matthew Wild <mwild1@gmail.com>
parents: 691
diff changeset
5 -- This project is MIT/X11 licensed. Please see the
b1885732e979 GPL->MIT!
Matthew Wild <mwild1@gmail.com>
parents: 691
diff changeset
6 -- COPYING file in the source package for more information.
519
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 438
diff changeset
7 --
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 438
diff changeset
8
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 438
diff changeset
9
12977
74b9e05af71e plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 10382
diff changeset
10 local st = require "prosody.util.stanza";
13369
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
11 local usermanager = require "prosody.core.usermanager";
12977
74b9e05af71e plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 10382
diff changeset
12 local nodeprep = require "prosody.util.encodings".stringprep.nodeprep;
13369
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
13 local jid_bare, jid_node = import("prosody.util.jid", "bare", "node");
3995
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
14
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
15 local compat = module:get_option_boolean("registration_compat", true);
13369
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
16 local soft_delete_period = module:get_option_period("registration_delete_grace_period");
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
17 local deleted_accounts = module:open_store("accounts_cleanup");
60
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
18
541
3521e0851c9e Change modules to use the new add_feature module API method.
Waqas Hussain <waqas20@gmail.com>
parents: 519
diff changeset
19 module:add_feature("jabber:iq:register");
421
63be85693710 Modules now sending disco replies
Waqas Hussain <waqas20@gmail.com>
parents: 386
diff changeset
20
8194
ba9cd8447578 mod_register: Add comments saying which section handles password change, account deletion and which is in-band registration
Kim Alvefur <zash@zash.se>
parents: 8192
diff changeset
21 -- Password change and account deletion handler
3995
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
22 local function handle_registration_stanza(event)
3529
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
23 local session, stanza = event.origin, event.stanza;
7017
ff734a602886 mod_register: Use session log instance to ease indentification
Kim Alvefur <zash@zash.se>
parents: 5776
diff changeset
24 local log = session.log or module._log;
3529
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
25
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
26 local query = stanza.tags[1];
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
27 if stanza.attr.type == "get" then
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
28 local reply = st.reply(stanza);
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
29 reply:tag("query", {xmlns = "jabber:iq:register"})
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
30 :tag("registered"):up()
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
31 :tag("username"):text(session.username):up()
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
32 :tag("password"):up();
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
33 session.send(reply);
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
34 else -- stanza.attr.type == "set"
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
35 if query.tags[1] and query.tags[1].name == "remove" then
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
36 local username, host = session.username, session.host;
5098
fca8b5946f6f mod_register: Hijack the session close call to send the final iq reply when deleting
Kim Alvefur <zash@zash.se>
parents: 5096
diff changeset
37
13369
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
38 if host ~= module.host then -- Sanity check for safety
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
39 module:log("error", "Host mismatch on deletion request (a bug): %s ~= %s", host, module.host);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
40 session.send(st.error_reply(stanza, "cancel", "internal-server-error"));
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
41 return true;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
42 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
43
7018
5c3d4254d415 mod_register: Add comment explaining the workaround for replying when the account is being deleted
Kim Alvefur <zash@zash.se>
parents: 7017
diff changeset
44 -- This one weird trick sends a reply to this stanza before the user is deleted
5098
fca8b5946f6f mod_register: Hijack the session close call to send the final iq reply when deleting
Kim Alvefur <zash@zash.se>
parents: 5096
diff changeset
45 local old_session_close = session.close;
7711
c8130995d4d1 mod_register: Rename session reference in wrapped close method [luacheck]
Kim Alvefur <zash@zash.se>
parents: 7710
diff changeset
46 session.close = function(self, ...)
c8130995d4d1 mod_register: Rename session reference in wrapped close method [luacheck]
Kim Alvefur <zash@zash.se>
parents: 7710
diff changeset
47 self.send(st.reply(stanza));
c8130995d4d1 mod_register: Rename session reference in wrapped close method [luacheck]
Kim Alvefur <zash@zash.se>
parents: 7710
diff changeset
48 return old_session_close(self, ...);
5098
fca8b5946f6f mod_register: Hijack the session close call to send the final iq reply when deleting
Kim Alvefur <zash@zash.se>
parents: 5096
diff changeset
49 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5763
diff changeset
50
13369
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
51 if not soft_delete_period then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
52 local ok, err = usermanager.delete_user(username, host);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
53
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
54 if not ok then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
55 log("debug", "Removing user account %s@%s failed: %s", username, host, err);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
56 session.close = old_session_close;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
57 session.send(st.error_reply(stanza, "cancel", "service-unavailable", err));
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
58 return true;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
59 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5763
diff changeset
60
13369
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
61 log("info", "User removed their account: %s@%s (deleted)", username, host);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
62 module:fire_event("user-deregistered", { username = username, host = host, source = "mod_register", session = session });
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
63 else
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
64 local ok, err = usermanager.disable_user(username, host, {
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
65 reason = "ibr";
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
66 comment = "Deletion requested by user";
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
67 when = os.time();
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
68 });
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
69
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
70 if not ok then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
71 log("debug", "Removing (disabling) user account %s@%s failed: %s", username, host, err);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
72 session.close = old_session_close;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
73 session.send(st.error_reply(stanza, "cancel", "service-unavailable", err));
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
74 return true;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
75 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
76
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
77 deleted_accounts:set(username, {
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
78 deleted_at = os.time();
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
79 pending_until = os.time() + soft_delete_period;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
80 client_id = session.client_id;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
81 });
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
82
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
83 log("info", "User removed their account: %s@%s (disabled, pending deletion)", username, host);
3996
7f35b292531b mod_register: Change to use new delete_user auth provider method
Matthew Wild <mwild1@gmail.com>
parents: 3995
diff changeset
84 end
3529
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
85 else
10382
fcdc65bc6697 mod_user_account_management: Apply username normalization later
Kim Alvefur <zash@zash.se>
parents: 8484
diff changeset
86 local username = query:get_child_text("username");
5637
991b47778bf3 mod_register: get_child_text()!
Kim Alvefur <zash@zash.se>
parents: 5500
diff changeset
87 local password = query:get_child_text("password");
3529
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
88 if username and password then
10382
fcdc65bc6697 mod_user_account_management: Apply username normalization later
Kim Alvefur <zash@zash.se>
parents: 8484
diff changeset
89 username = nodeprep(username);
3529
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
90 if username == session.username then
13369
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
91 if usermanager.set_password(username, password, session.host, session.resource) then
3529
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
92 session.send(st.reply(stanza));
60
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
93 else
3529
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
94 -- TODO unable to write file, file may be locked, etc, what's the correct error?
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
95 session.send(st.error_reply(stanza, "wait", "internal-server-error"));
60
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
96 end
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
97 else
311
513bd52e8e19 Fixed mod_register to use session.send for sending stanzas
Waqas Hussain <waqas20@gmail.com>
parents: 85
diff changeset
98 session.send(st.error_reply(stanza, "modify", "bad-request"));
60
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
99 end
3529
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
100 else
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
101 session.send(st.error_reply(stanza, "modify", "bad-request"));
60
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
102 end
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
103 end
3529
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
104 end
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
105 return true;
3995
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
106 end
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
107
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
108 module:hook("iq/self/jabber:iq:register:query", handle_registration_stanza);
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
109 if compat then
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
110 module:hook("iq/host/jabber:iq:register:query", function (event)
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
111 local session, stanza = event.origin, event.stanza;
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
112 if session.type == "c2s" and jid_bare(stanza.attr.to) == session.host then
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
113 return handle_registration_stanza(event);
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
114 end
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
115 end);
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
116 end
60
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
117
13369
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
118 -- This improves UX of soft-deleted accounts by informing the user that the
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
119 -- account has been deleted, rather than just disabled. They can e.g. contact
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
120 -- their admin if this was a mistake.
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
121 module:hook("authentication-failure", function (event)
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
122 if event.condition ~= "account-disabled" then return; end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
123 local session = event.session;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
124 local sasl_handler = session and session.sasl_handler;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
125 if sasl_handler.username then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
126 local status = deleted_accounts:get(sasl_handler.username);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
127 if status then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
128 event.text = "Account deleted";
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
129 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
130 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
131 end, -1000);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
132
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
133 function restore_account(username)
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
134 local pending, pending_err = deleted_accounts:get(username);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
135 if not pending then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
136 return nil, pending_err or "Account not pending deletion";
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
137 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
138 local account_info, err = usermanager.get_account_info(username, module.host);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
139 if not account_info then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
140 return nil, "Couldn't fetch account info: "..err;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
141 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
142 local forget_ok, forget_err = deleted_accounts:set(username, nil);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
143 if not forget_ok then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
144 return nil, "Couldn't remove account from deletion queue: "..forget_err;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
145 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
146 local enable_ok, enable_err = usermanager.enable_user(username, module.host);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
147 if not enable_ok then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
148 return nil, "Removed account from deletion queue, but couldn't enable it: "..enable_err;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
149 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
150 return true, "Account restored";
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
151 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
152
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
153 local cleanup_time = module:measure("cleanup", "times");
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
154
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
155 function cleanup_soft_deleted_accounts()
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
156 local cleanup_done = cleanup_time();
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
157 local success, fail, restored, pending = 0, 0, 0, 0;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
158
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
159 for username in deleted_accounts:users() do
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
160 module:log("debug", "Processing account cleanup for '%s'", username);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
161 local account_info, account_info_err = usermanager.get_account_info(username, module.host);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
162 if not account_info then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
163 module:log("warn", "Unable to process delayed deletion of user '%s': %s", username, account_info_err);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
164 fail = fail + 1;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
165 else
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
166 if account_info.enabled == false then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
167 local meta = deleted_accounts:get(username);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
168 if meta.pending_until <= os.time() then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
169 local ok, err = usermanager.delete_user(username, module.host);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
170 if not ok then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
171 module:log("warn", "Unable to process delayed deletion of user '%s': %s", username, err);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
172 fail = fail + 1;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
173 else
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
174 success = success + 1;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
175 deleted_accounts:set(username, nil);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
176 module:log("debug", "Deleted account '%s' successfully", username);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
177 module:fire_event("user-deregistered", { username = username, host = module.host, source = "mod_register" });
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
178 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
179 else
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
180 pending = pending + 1;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
181 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
182 else
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
183 module:log("warn", "Account '%s' is not disabled, removing from deletion queue", username);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
184 restored = restored + 1;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
185 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
186 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
187 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
188
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
189 module:log("debug", "%d accounts scheduled for future deletion", pending);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
190
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
191 if success > 0 or fail > 0 then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
192 module:log("info", "Completed account cleanup - %d accounts deleted (%d failed, %d restored, %d pending)", success, fail, restored, pending);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
193 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
194 cleanup_done();
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
195 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
196
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
197 module:daily("Remove deleted accounts", cleanup_soft_deleted_accounts);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
198
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
199 --- shell command
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
200 module:add_item("shell-command", {
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
201 section = "user";
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
202 name = "restore";
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
203 desc = "Restore a user account scheduled for deletion";
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
204 args = {
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
205 { name = "jid", type = "string" };
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
206 };
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
207 host_selector = "jid";
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
208 handler = function (self, jid) --luacheck: ignore 212/self
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
209 return restore_account(jid_node(jid));
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
210 end;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
211 });