Software /
code /
prosody
Annotate
core/usermanager.lua @ 12947:14a44b1a51d0
prosody.loader: Allow loading modules under 'prosody' namespace (#1223)
Actually `hg mv`-ing all the files is disruptive, basically breaking
everything from rebasing all my WIP draft commits to the package
building. So instead, what if we didn't and instead rewrote package
names as they are `require()`-d?
Debian packages produced by the Prosody are already installed into this
structure so much will Just Work if all require calls are updated.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 17 Mar 2023 13:51:43 +0100 |
parent | 12920:cdb996637b08 |
child | 12972:ead41e25ebc0 |
rev | line source |
---|---|
1523
841d61be198f
Remove version number from copyright headers
Matthew Wild <mwild1@gmail.com>
parents:
896
diff
changeset
|
1 -- Prosody IM |
2923
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
2032
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
2032
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1523
diff
changeset
|
4 -- |
758 | 5 -- This project is MIT/X11 licensed. Please see the |
6 -- COPYING file in the source package for more information. | |
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
449
diff
changeset
|
7 -- |
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
449
diff
changeset
|
8 |
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
9 local modulemanager = require "core.modulemanager"; |
53
14ea0fe6ca86
Session destruction fixes, some debugging code while we fix the rest. Also change logger to be more useful.
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
10 local log = require "util.logger".init("usermanager"); |
890
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
11 local type = type; |
12658
7ca5645f46cd
usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents:
12657
diff
changeset
|
12 local jid_split = require "util.jid".split; |
890
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
13 local config = require "core.configmanager"; |
3362
90bf162303f3
usermanager: Return a non-nil SASL handler from the null auth provider (fixes a traceback).
Waqas Hussain <waqas20@gmail.com>
parents:
3336
diff
changeset
|
14 local sasl_new = require "util.sasl".new; |
5042
ce823b32225e
usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents:
4943
diff
changeset
|
15 local storagemanager = require "core.storagemanager"; |
0 | 16 |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
17 local prosody = _G.prosody; |
8717
9ddd0fbbe53a
core: Use prosody.hosts instead of _G.hosts for consistency
Kim Alvefur <zash@zash.se>
parents:
8555
diff
changeset
|
18 local hosts = prosody.hosts; |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
19 |
3161
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
20 local setmetatable = setmetatable; |
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
21 |
12333
ed8a4f8dfd27
usermanager, mod_saslauth: Default to internal_hashed if no auth module specified
Matthew Wild <mwild1@gmail.com>
parents:
12020
diff
changeset
|
22 local default_provider = "internal_hashed"; |
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
23 |
12659
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
24 local debug = debug; |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
25 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
26 local _ENV = nil; |
8555
4f0f5b49bb03
vairious: Add annotation when an empty environment is set [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8192
diff
changeset
|
27 -- luacheck: std none |
0 | 28 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
29 local function new_null_provider() |
3991
2b86d7705f4e
usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents:
3982
diff
changeset
|
30 local function dummy() return nil, "method not implemented"; end; |
3362
90bf162303f3
usermanager: Return a non-nil SASL handler from the null auth provider (fixes a traceback).
Waqas Hussain <waqas20@gmail.com>
parents:
3336
diff
changeset
|
31 local function dummy_get_sasl_handler() return sasl_new(nil, {}); end |
3991
2b86d7705f4e
usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents:
3982
diff
changeset
|
32 return setmetatable({name = "null", get_sasl_handler = dummy_get_sasl_handler}, { |
6663
d3023dd07cb6
portmanager, s2smanager, sessionmanager, stanza_router, storagemanager, usermanager, util.xml: Add luacheck annotations
Matthew Wild <mwild1@gmail.com>
parents:
6628
diff
changeset
|
33 __index = function(self, method) return dummy; end --luacheck: ignore 212 |
3991
2b86d7705f4e
usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents:
3982
diff
changeset
|
34 }); |
3161
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
35 end |
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
36 |
12658
7ca5645f46cd
usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents:
12657
diff
changeset
|
37 local fallback_authz_provider = { |
12664
05d5f25a3c61
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents:
12663
diff
changeset
|
38 -- luacheck: ignore 212 |
05d5f25a3c61
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents:
12663
diff
changeset
|
39 get_jids_with_role = function (role) end; |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
40 |
12664
05d5f25a3c61
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents:
12663
diff
changeset
|
41 get_user_role = function (user) end; |
12667
0278987b8687
core.usermanager: Update argument name in authz fallback method
Kim Alvefur <zash@zash.se>
parents:
12666
diff
changeset
|
42 set_user_role = function (user, role_name) end; |
12653
e4a412a54462
core.usermanager: Add missing stub authz methods to global authz provider
Kim Alvefur <zash@zash.se>
parents:
12648
diff
changeset
|
43 |
12665
314bad8907fd
core.usermanager: Add missing methods to fallback authz provider
Kim Alvefur <zash@zash.se>
parents:
12664
diff
changeset
|
44 get_user_secondary_roles = function (user) end; |
12664
05d5f25a3c61
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents:
12663
diff
changeset
|
45 add_user_secondary_role = function (user, host, role_name) end; |
05d5f25a3c61
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents:
12663
diff
changeset
|
46 remove_user_secondary_role = function (user, host, role_name) end; |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
47 |
12665
314bad8907fd
core.usermanager: Add missing methods to fallback authz provider
Kim Alvefur <zash@zash.se>
parents:
12664
diff
changeset
|
48 user_can_assume_role = function(user, role_name) end; |
314bad8907fd
core.usermanager: Add missing methods to fallback authz provider
Kim Alvefur <zash@zash.se>
parents:
12664
diff
changeset
|
49 |
12664
05d5f25a3c61
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents:
12663
diff
changeset
|
50 get_jid_role = function (jid) end; |
05d5f25a3c61
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents:
12663
diff
changeset
|
51 set_jid_role = function (jid, role) end; |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
52 |
12664
05d5f25a3c61
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents:
12663
diff
changeset
|
53 get_users_with_role = function (role_name) end; |
05d5f25a3c61
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents:
12663
diff
changeset
|
54 add_default_permission = function (role_name, action, policy) end; |
05d5f25a3c61
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents:
12663
diff
changeset
|
55 get_role_by_name = function (role_name) end; |
12920
cdb996637b08
authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents:
12906
diff
changeset
|
56 get_all_roles = function () end; |
10633
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
57 }; |
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
58 |
3992
73075b004e77
usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents:
3991
diff
changeset
|
59 local provider_mt = { __index = new_null_provider() }; |
73075b004e77
usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents:
3991
diff
changeset
|
60 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
61 local function initialize_host(host) |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
62 local host_session = hosts[host]; |
10634
c9e1cb7a38b8
usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents:
10633
diff
changeset
|
63 |
10659
8f95308c3c45
usermanager, mod_authz_*: Merge mod_authz_config and mod_authz_internal into the latter
Matthew Wild <mwild1@gmail.com>
parents:
10640
diff
changeset
|
64 local authz_provider_name = config.get(host, "authorization") or "internal"; |
10634
c9e1cb7a38b8
usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents:
10633
diff
changeset
|
65 |
c9e1cb7a38b8
usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents:
10633
diff
changeset
|
66 local authz_mod = modulemanager.load(host, "authz_"..authz_provider_name); |
12658
7ca5645f46cd
usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents:
12657
diff
changeset
|
67 host_session.authz = authz_mod or fallback_authz_provider; |
10634
c9e1cb7a38b8
usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents:
10633
diff
changeset
|
68 |
3612
5547acd18a9f
usermanager: Don't load auth modules for components.
Waqas Hussain <waqas20@gmail.com>
parents:
3608
diff
changeset
|
69 if host_session.type ~= "local" then return; end |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5377
diff
changeset
|
70 |
3163 | 71 host_session.events.add_handler("item-added/auth-provider", function (event) |
72 local provider = event.item; | |
5377
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
73 local auth_provider = config.get(host, "authentication") or default_provider; |
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
74 if config.get(host, "anonymous_login") then |
4773
ee55956597f4
usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents:
4459
diff
changeset
|
75 log("error", "Deprecated config option 'anonymous_login'. Use authentication = 'anonymous' instead."); |
ee55956597f4
usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents:
4459
diff
changeset
|
76 auth_provider = "anonymous"; |
ee55956597f4
usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents:
4459
diff
changeset
|
77 end -- COMPAT 0.7 |
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
78 if provider.name == auth_provider then |
3992
73075b004e77
usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents:
3991
diff
changeset
|
79 host_session.users = setmetatable(provider, provider_mt); |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
80 end |
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
3163
diff
changeset
|
81 if host_session.users ~= nil and host_session.users.name ~= nil then |
6628
8495734da243
usermanager: Capitalize log message
Kim Alvefur <zash@zash.se>
parents:
5795
diff
changeset
|
82 log("debug", "Host '%s' now set to use user provider '%s'", host, host_session.users.name); |
3163 | 83 end |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
84 end); |
3163 | 85 host_session.events.add_handler("item-removed/auth-provider", function (event) |
86 local provider = event.item; | |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
87 if host_session.users == provider then |
3161
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
88 host_session.users = new_null_provider(); |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
89 end |
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
90 end); |
3540
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3466
diff
changeset
|
91 host_session.users = new_null_provider(); -- Start with the default usermanager provider |
5377
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
92 local auth_provider = config.get(host, "authentication") or default_provider; |
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
93 if config.get(host, "anonymous_login") then auth_provider = "anonymous"; end -- COMPAT 0.7 |
3540
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3466
diff
changeset
|
94 if auth_provider ~= "null" then |
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3466
diff
changeset
|
95 modulemanager.load(host, "auth_"..auth_provider); |
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3466
diff
changeset
|
96 end |
10633
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
97 |
3176
f77759710324
usermanager: Add hunk that got missed in a merge
Matthew Wild <mwild1@gmail.com>
parents:
3167
diff
changeset
|
98 end; |
3293
4ce9d569a99c
usermanager: Expose host_handler() as initialize_host()
Matthew Wild <mwild1@gmail.com>
parents:
3285
diff
changeset
|
99 prosody.events.add_handler("host-activated", initialize_host, 100); |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
100 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
101 local function test_password(username, host, password) |
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
102 return hosts[host].users.test_password(username, password); |
0 | 103 end |
38 | 104 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
105 local function get_password(username, host) |
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
106 return hosts[host].users.get_password(username); |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1523
diff
changeset
|
107 end |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
108 |
8192
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
109 local function set_password(username, password, host, resource) |
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
110 local ok, err = hosts[host].users.set_password(username, password); |
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
111 if ok then |
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
112 prosody.events.fire_event("user-password-changed", { username = username, host = host, resource = resource }); |
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
113 end |
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
114 return ok, err; |
2934
060bb8217fea
usermanager: Added function set_password.
Waqas Hussain <waqas20@gmail.com>
parents:
2929
diff
changeset
|
115 end |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1523
diff
changeset
|
116 |
12646
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
12642
diff
changeset
|
117 local function get_account_info(username, host) |
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
12642
diff
changeset
|
118 local method = hosts[host].users.get_account_info; |
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
12642
diff
changeset
|
119 if not method then return nil, "method-not-supported"; end |
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
12642
diff
changeset
|
120 return method(username); |
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
12642
diff
changeset
|
121 end |
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
12642
diff
changeset
|
122 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
123 local function user_exists(username, host) |
7177
1295e14614f4
usermanager: Shortcircuit user existence check if they have existing sessions
Kim Alvefur <zash@zash.se>
parents:
6979
diff
changeset
|
124 if hosts[host].sessions[username] then return true; end |
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
125 return hosts[host].users.user_exists(username); |
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
126 end |
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
127 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
128 local function create_user(username, password, host) |
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
129 return hosts[host].users.create_user(username, password); |
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
130 end |
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
131 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
132 local function delete_user(username, host) |
5042
ce823b32225e
usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents:
4943
diff
changeset
|
133 local ok, err = hosts[host].users.delete_user(username); |
ce823b32225e
usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents:
4943
diff
changeset
|
134 if not ok then return nil, err; end |
5094
e646c849d72f
core.usermanager: Don't close sessions ourselves when deleting users. Instead, fire an event that modules can hook.
Kim Alvefur <zash@zash.se>
parents:
5042
diff
changeset
|
135 prosody.events.fire_event("user-deleted", { username = username, host = host }); |
5129
e8253c931166
storagemanager: Add purge() for purging user data from all backends in use
Kim Alvefur <zash@zash.se>
parents:
5094
diff
changeset
|
136 return storagemanager.purge(username, host); |
3993
b71e5ecc694b
usermanager: Add delete_user method
Matthew Wild <mwild1@gmail.com>
parents:
3992
diff
changeset
|
137 end |
b71e5ecc694b
usermanager: Add delete_user method
Matthew Wild <mwild1@gmail.com>
parents:
3992
diff
changeset
|
138 |
12905
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
139 local function user_is_enabled(username, host) |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
140 local method = hosts[host].users.is_enabled; |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
141 if method then return method(username); end |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
142 |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
143 -- Fallback |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
144 local info, err = get_account_info(username, host); |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
145 if info and info.enabled ~= nil then |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
146 return info.enabled; |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
147 elseif err ~= "method-not-implemented" then |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
148 -- Storage issues etetc |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
149 return info, err; |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
150 end |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
151 |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
152 -- API unsupported implies users are always enabled |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
153 return true; |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
154 end |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
155 |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
156 local function enable_user(username, host) |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
157 local method = hosts[host].users.enable; |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
158 if not method then return nil, "method-not-supported"; end |
12906
e282c92ded0e
core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12905
diff
changeset
|
159 local ret, err = method(username); |
e282c92ded0e
core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12905
diff
changeset
|
160 if ret then |
e282c92ded0e
core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12905
diff
changeset
|
161 prosody.events.fire_event("user-enabled", { username = username, host = host }); |
e282c92ded0e
core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12905
diff
changeset
|
162 end |
e282c92ded0e
core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12905
diff
changeset
|
163 return ret, err; |
12905
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
164 end |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
165 |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
166 local function disable_user(username, host) |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
167 local method = hosts[host].users.disable; |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
168 if not method then return nil, "method-not-supported"; end |
12906
e282c92ded0e
core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12905
diff
changeset
|
169 local ret, err = method(username); |
e282c92ded0e
core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12905
diff
changeset
|
170 if ret then |
e282c92ded0e
core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12905
diff
changeset
|
171 prosody.events.fire_event("user-disabled", { username = username, host = host }); |
e282c92ded0e
core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12905
diff
changeset
|
172 end |
e282c92ded0e
core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12905
diff
changeset
|
173 return ret, err; |
12905
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
174 end |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
175 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
176 local function users(host) |
5157
0e1686f334b8
usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5129
diff
changeset
|
177 return hosts[host].users.users(); |
0e1686f334b8
usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5129
diff
changeset
|
178 end |
0e1686f334b8
usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5129
diff
changeset
|
179 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
180 local function get_sasl_handler(host, session) |
4943
50f63f07245f
usermanager: Pass session on to auth provider (missing half of commit 0545a574667b) (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
4773
diff
changeset
|
181 return hosts[host].users.get_sasl_handler(session); |
228
875842235836
Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents:
60
diff
changeset
|
182 end |
875842235836
Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents:
60
diff
changeset
|
183 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
184 local function get_provider(host) |
3167
546695e80e0a
Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents:
3166
diff
changeset
|
185 return hosts[host].users; |
546695e80e0a
Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents:
3166
diff
changeset
|
186 end |
546695e80e0a
Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents:
3166
diff
changeset
|
187 |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
188 local function get_user_role(user, host) |
4237
6b0d7d94eb7f
usermanager: Check host exists before trying to look up admins for it
Matthew Wild <mwild1@gmail.com>
parents:
3993
diff
changeset
|
189 if host and not hosts[host] then return false; end |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
190 if type(user) ~= "string" then return false; end |
4237
6b0d7d94eb7f
usermanager: Check host exists before trying to look up admins for it
Matthew Wild <mwild1@gmail.com>
parents:
3993
diff
changeset
|
191 |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
192 return hosts[host].authz.get_user_role(user); |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
193 end |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
194 |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
195 local function set_user_role(user, host, role_name) |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
196 if host and not hosts[host] then return false; end |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
197 if type(user) ~= "string" then return false; end |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
198 |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
199 local role, err = hosts[host].authz.set_user_role(user, role_name); |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
200 if role then |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
201 prosody.events.fire_event("user-role-changed", { |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
202 username = user, host = host, role = role; |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
203 }); |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
204 end |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
205 return role, err; |
10640
5622eda7c5c5
usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents:
10635
diff
changeset
|
206 end |
5622eda7c5c5
usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents:
10635
diff
changeset
|
207 |
12663
cf88f6b03942
mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents:
12662
diff
changeset
|
208 local function user_can_assume_role(user, host, role_name) |
cf88f6b03942
mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents:
12662
diff
changeset
|
209 if host and not hosts[host] then return false; end |
cf88f6b03942
mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents:
12662
diff
changeset
|
210 if type(user) ~= "string" then return false; end |
cf88f6b03942
mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents:
12662
diff
changeset
|
211 |
cf88f6b03942
mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents:
12662
diff
changeset
|
212 return hosts[host].authz.user_can_assume_role(user, role_name); |
cf88f6b03942
mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents:
12662
diff
changeset
|
213 end |
cf88f6b03942
mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents:
12662
diff
changeset
|
214 |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
215 local function add_user_secondary_role(user, host, role_name) |
11473
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
216 if host and not hosts[host] then return false; end |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
217 if type(user) ~= "string" then return false; end |
11473
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
218 |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
219 local role, err = hosts[host].authz.add_user_secondary_role(user, role_name); |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
220 if role then |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
221 prosody.events.fire_event("user-role-added", { |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
222 username = user, host = host, role = role; |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
223 }); |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
224 end |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
225 return role, err; |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
226 end |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
227 |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
228 local function remove_user_secondary_role(user, host, role_name) |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
229 if host and not hosts[host] then return false; end |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
230 if type(user) ~= "string" then return false; end |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
231 |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
232 local ok, err = hosts[host].authz.remove_user_secondary_role(user, role_name); |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
233 if ok then |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
234 prosody.events.fire_event("user-role-removed", { |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
235 username = user, host = host, role_name = role_name; |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
236 }); |
11473
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
237 end |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
238 return ok, err; |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
239 end |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
240 |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
241 local function get_user_secondary_roles(user, host) |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
242 if host and not hosts[host] then return false; end |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
243 if type(user) ~= "string" then return false; end |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
244 |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
245 return hosts[host].authz.get_user_secondary_roles(user); |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
246 end |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
247 |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
248 local function get_jid_role(jid, host) |
12654
f3dbbc7655e6
usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents:
12653
diff
changeset
|
249 local jid_node, jid_host = jid_split(jid); |
f3dbbc7655e6
usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents:
12653
diff
changeset
|
250 if host == jid_host and jid_node then |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
251 return hosts[host].authz.get_user_role(jid_node); |
12654
f3dbbc7655e6
usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents:
12653
diff
changeset
|
252 end |
12658
7ca5645f46cd
usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents:
12657
diff
changeset
|
253 return hosts[host].authz.get_jid_role(jid); |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
254 end |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
255 |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
256 local function set_jid_role(jid, host, role_name) |
12654
f3dbbc7655e6
usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents:
12653
diff
changeset
|
257 local _, jid_host = jid_split(jid); |
f3dbbc7655e6
usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents:
12653
diff
changeset
|
258 if host == jid_host then |
f3dbbc7655e6
usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents:
12653
diff
changeset
|
259 return nil, "unexpected-local-jid"; |
f3dbbc7655e6
usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents:
12653
diff
changeset
|
260 end |
12658
7ca5645f46cd
usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents:
12657
diff
changeset
|
261 return hosts[host].authz.set_jid_role(jid, role_name) |
11473
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
262 end |
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
263 |
12659
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
264 local strict_deprecate_is_admin; |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
265 local legacy_admin_roles = { ["prosody:admin"] = true, ["prosody:operator"] = true }; |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
266 local function is_admin(jid, host) |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
267 if strict_deprecate_is_admin == nil then |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
268 strict_deprecate_is_admin = (config.get("*", "strict_deprecate_is_admin") == true); |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
269 end |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
270 if strict_deprecate_is_admin then |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
271 log("error", "Attempt to use deprecated is_admin() API: %s", debug.traceback()); |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
272 return false; |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
273 end |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
274 log("warn", "Usage of legacy is_admin() API, which will be disabled in a future build: %s", debug.traceback()); |
12683
75f0c69eba71
core.usermanager: Link to docs for new role API to make warning more actionable
Kim Alvefur <zash@zash.se>
parents:
12667
diff
changeset
|
275 log("warn", "See https://prosody.im/doc/developers/permissions about the new permissions API"); |
12659
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
276 return legacy_admin_roles[get_jid_role(jid, host)] or false; |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
277 end |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
278 |
11745
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
279 local function get_users_with_role(role, host) |
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
280 if not hosts[host] then return false; end |
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
281 if type(role) ~= "string" then return false; end |
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
282 return hosts[host].authz.get_users_with_role(role); |
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
283 end |
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
284 |
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
285 local function get_jids_with_role(role, host) |
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
286 if host and not hosts[host] then return false; end |
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
287 if type(role) ~= "string" then return false; end |
12658
7ca5645f46cd
usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents:
12657
diff
changeset
|
288 return hosts[host].authz.get_jids_with_role(role); |
11745
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
289 end |
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
290 |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
291 local function get_role_by_name(role_name, host) |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
292 if host and not hosts[host] then return false; end |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
293 if type(role_name) ~= "string" then return false; end |
12658
7ca5645f46cd
usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents:
12657
diff
changeset
|
294 return hosts[host].authz.get_role_by_name(role_name); |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
295 end |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
296 |
12920
cdb996637b08
authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents:
12906
diff
changeset
|
297 local function get_all_roles(host) |
cdb996637b08
authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents:
12906
diff
changeset
|
298 if host and not hosts[host] then return false; end |
cdb996637b08
authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents:
12906
diff
changeset
|
299 return hosts[host].authz.get_all_roles(); |
cdb996637b08
authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents:
12906
diff
changeset
|
300 end |
cdb996637b08
authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents:
12906
diff
changeset
|
301 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
302 return { |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
303 new_null_provider = new_null_provider; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
304 initialize_host = initialize_host; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
305 test_password = test_password; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
306 get_password = get_password; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
307 set_password = set_password; |
12646
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
12642
diff
changeset
|
308 get_account_info = get_account_info; |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
309 user_exists = user_exists; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
310 create_user = create_user; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
311 delete_user = delete_user; |
12905
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
312 user_is_enabled = user_is_enabled; |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
313 enable_user = enable_user; |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
314 disable_user = disable_user; |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
315 users = users; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
316 get_sasl_handler = get_sasl_handler; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
317 get_provider = get_provider; |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
318 get_user_role = get_user_role; |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
319 set_user_role = set_user_role; |
12663
cf88f6b03942
mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents:
12662
diff
changeset
|
320 user_can_assume_role = user_can_assume_role; |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
321 add_user_secondary_role = add_user_secondary_role; |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
322 remove_user_secondary_role = remove_user_secondary_role; |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
323 get_user_secondary_roles = get_user_secondary_roles; |
11745
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
324 get_users_with_role = get_users_with_role; |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
325 get_jid_role = get_jid_role; |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
326 set_jid_role = set_jid_role; |
11745
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
327 get_jids_with_role = get_jids_with_role; |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
328 get_role_by_name = get_role_by_name; |
12920
cdb996637b08
authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents:
12906
diff
changeset
|
329 get_all_roles = get_all_roles; |
12659
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
330 |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
331 -- Deprecated |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
332 is_admin = is_admin; |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
333 }; |