prosody
2db7b3b65363
plugins/mod_user_account_management.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Annotate

plugins/mod_user_account_management.lua @ 13627:2db7b3b65363

core.configmanager: Add function for getting secrets from separate files Idea is to enable easily retrieving of secret values from files outside of the config, e.g. via the method used by systemd credentials. CREDENTIALS_DIRECTORY is expected to be set by the process manager invoking Prosody, so being unset and unavailable from prosodyctl is going to be normal and a warning is reported in that case. Care will have to be taken to make it clear that prosodyctl check will not work with such values. An error is thrown if the directory is unavailable when running under Prosody.
author Kim Alvefur <zash@zash.se>
date Thu, 16 Jan 2025 15:21:34 +0100
parent 13387:e5ddae99faa8
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1523
841d61be198f Remove version number from copyright headers
Matthew Wild <mwild1@gmail.com>
parents: 1189
diff changeset
1 -- Prosody IM
2923
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 2448
diff changeset
2 -- Copyright (C) 2008-2010 Matthew Wild
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 2448
diff changeset
3 -- Copyright (C) 2008-2010 Waqas Hussain
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5763
diff changeset
4 --
758
b1885732e979 GPL->MIT!
Matthew Wild <mwild1@gmail.com>
parents: 691
diff changeset
5 -- This project is MIT/X11 licensed. Please see the
b1885732e979 GPL->MIT!
Matthew Wild <mwild1@gmail.com>
parents: 691
diff changeset
6 -- COPYING file in the source package for more information.
519
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 438
diff changeset
7 --
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 438
diff changeset
8
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 438
diff changeset
9
12977
74b9e05af71e plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 10382
diff changeset
10 local st = require "prosody.util.stanza";
13369
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
11 local usermanager = require "prosody.core.usermanager";
12977
74b9e05af71e plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 10382
diff changeset
12 local nodeprep = require "prosody.util.encodings".stringprep.nodeprep;
13369
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
13 local jid_bare, jid_node = import("prosody.util.jid", "bare", "node");
3995
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
14
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
15 local compat = module:get_option_boolean("registration_compat", true);
13369
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
16 local soft_delete_period = module:get_option_period("registration_delete_grace_period");
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
17 local deleted_accounts = module:open_store("accounts_cleanup");
60
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
18
541
3521e0851c9e Change modules to use the new add_feature module API method.
Waqas Hussain <waqas20@gmail.com>
parents: 519
diff changeset
19 module:add_feature("jabber:iq:register");
421
63be85693710 Modules now sending disco replies
Waqas Hussain <waqas20@gmail.com>
parents: 386
diff changeset
20
13372
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
21 -- Allow us to 'freeze' a session and retrieve properties even after it is
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
22 -- destroyed
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
23 local function capture_session_properties(session)
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
24 return setmetatable({
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
25 id = session.id;
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
26 ip = session.ip;
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
27 type = session.type;
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
28 client_id = session.client_id;
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
29 }, { __index = session });
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
30 end
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
31
8194
ba9cd8447578 mod_register: Add comments saying which section handles password change, account deletion and which is in-band registration
Kim Alvefur <zash@zash.se>
parents: 8192
diff changeset
32 -- Password change and account deletion handler
3995
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
33 local function handle_registration_stanza(event)
3529
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
34 local session, stanza = event.origin, event.stanza;
7017
ff734a602886 mod_register: Use session log instance to ease indentification
Kim Alvefur <zash@zash.se>
parents: 5776
diff changeset
35 local log = session.log or module._log;
3529
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
36
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
37 local query = stanza.tags[1];
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
38 if stanza.attr.type == "get" then
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
39 local reply = st.reply(stanza);
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
40 reply:tag("query", {xmlns = "jabber:iq:register"})
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
41 :tag("registered"):up()
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
42 :tag("username"):text(session.username):up()
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
43 :tag("password"):up();
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
44 session.send(reply);
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
45 else -- stanza.attr.type == "set"
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
46 if query.tags[1] and query.tags[1].name == "remove" then
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
47 local username, host = session.username, session.host;
5098
fca8b5946f6f mod_register: Hijack the session close call to send the final iq reply when deleting
Kim Alvefur <zash@zash.se>
parents: 5096
diff changeset
48
13369
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
49 if host ~= module.host then -- Sanity check for safety
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
50 module:log("error", "Host mismatch on deletion request (a bug): %s ~= %s", host, module.host);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
51 session.send(st.error_reply(stanza, "cancel", "internal-server-error"));
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
52 return true;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
53 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
54
7018
5c3d4254d415 mod_register: Add comment explaining the workaround for replying when the account is being deleted
Kim Alvefur <zash@zash.se>
parents: 7017
diff changeset
55 -- This one weird trick sends a reply to this stanza before the user is deleted
5098
fca8b5946f6f mod_register: Hijack the session close call to send the final iq reply when deleting
Kim Alvefur <zash@zash.se>
parents: 5096
diff changeset
56 local old_session_close = session.close;
7711
c8130995d4d1 mod_register: Rename session reference in wrapped close method [luacheck]
Kim Alvefur <zash@zash.se>
parents: 7710
diff changeset
57 session.close = function(self, ...)
c8130995d4d1 mod_register: Rename session reference in wrapped close method [luacheck]
Kim Alvefur <zash@zash.se>
parents: 7710
diff changeset
58 self.send(st.reply(stanza));
c8130995d4d1 mod_register: Rename session reference in wrapped close method [luacheck]
Kim Alvefur <zash@zash.se>
parents: 7710
diff changeset
59 return old_session_close(self, ...);
5098
fca8b5946f6f mod_register: Hijack the session close call to send the final iq reply when deleting
Kim Alvefur <zash@zash.se>
parents: 5096
diff changeset
60 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5763
diff changeset
61
13372
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
62 local old_session = capture_session_properties(session);
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
63
13369
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
64 if not soft_delete_period then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
65 local ok, err = usermanager.delete_user(username, host);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
66
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
67 if not ok then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
68 log("debug", "Removing user account %s@%s failed: %s", username, host, err);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
69 session.close = old_session_close;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
70 session.send(st.error_reply(stanza, "cancel", "service-unavailable", err));
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
71 return true;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
72 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5763
diff changeset
73
13369
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
74 log("info", "User removed their account: %s@%s (deleted)", username, host);
13372
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
75 module:fire_event("user-deregistered", { username = username, host = host, source = "mod_register", session = old_session });
13369
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
76 else
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
77 local ok, err = usermanager.disable_user(username, host, {
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
78 reason = "ibr";
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
79 comment = "Deletion requested by user";
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
80 when = os.time();
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
81 });
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
82
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
83 if not ok then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
84 log("debug", "Removing (disabling) user account %s@%s failed: %s", username, host, err);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
85 session.close = old_session_close;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
86 session.send(st.error_reply(stanza, "cancel", "service-unavailable", err));
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
87 return true;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
88 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
89
13372
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
90 local status = {
13369
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
91 deleted_at = os.time();
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
92 pending_until = os.time() + soft_delete_period;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
93 client_id = session.client_id;
13372
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
94 };
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
95 deleted_accounts:set(username, status);
13369
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
96
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
97 log("info", "User removed their account: %s@%s (disabled, pending deletion)", username, host);
13372
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
98 module:fire_event("user-deregistered-pending", {
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
99 username = username;
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
100 host = host;
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
101 source = "mod_register";
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
102 session = old_session;
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
103 status = status;
ffbd058bb232 mod_user_account_management: Fire events with a fake (not destroyed) session
Matthew Wild <mwild1@gmail.com>
parents: 13369
diff changeset
104 });
3996
7f35b292531b mod_register: Change to use new delete_user auth provider method
Matthew Wild <mwild1@gmail.com>
parents: 3995
diff changeset
105 end
3529
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
106 else
10382
fcdc65bc6697 mod_user_account_management: Apply username normalization later
Kim Alvefur <zash@zash.se>
parents: 8484
diff changeset
107 local username = query:get_child_text("username");
5637
991b47778bf3 mod_register: get_child_text()!
Kim Alvefur <zash@zash.se>
parents: 5500
diff changeset
108 local password = query:get_child_text("password");
3529
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
109 if username and password then
10382
fcdc65bc6697 mod_user_account_management: Apply username normalization later
Kim Alvefur <zash@zash.se>
parents: 8484
diff changeset
110 username = nodeprep(username);
3529
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
111 if username == session.username then
13369
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
112 if usermanager.set_password(username, password, session.host, session.resource) then
3529
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
113 session.send(st.reply(stanza));
60
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
114 else
3529
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
115 -- TODO unable to write file, file may be locked, etc, what's the correct error?
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
116 session.send(st.error_reply(stanza, "wait", "internal-server-error"));
60
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
117 end
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
118 else
311
513bd52e8e19 Fixed mod_register to use session.send for sending stanzas
Waqas Hussain <waqas20@gmail.com>
parents: 85
diff changeset
119 session.send(st.error_reply(stanza, "modify", "bad-request"));
60
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
120 end
3529
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
121 else
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
122 session.send(st.error_reply(stanza, "modify", "bad-request"));
60
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
123 end
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
124 end
3529
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
125 end
3f9cc12308aa mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3394
diff changeset
126 return true;
3995
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
127 end
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
128
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
129 module:hook("iq/self/jabber:iq:register:query", handle_registration_stanza);
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
130 if compat then
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
131 module:hook("iq/host/jabber:iq:register:query", function (event)
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
132 local session, stanza = event.origin, event.stanza;
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
133 if session.type == "c2s" and jid_bare(stanza.attr.to) == session.host then
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
134 return handle_registration_stanza(event);
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
135 end
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
136 end);
e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents: 3540
diff changeset
137 end
60
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
138
13369
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
139 -- This improves UX of soft-deleted accounts by informing the user that the
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
140 -- account has been deleted, rather than just disabled. They can e.g. contact
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
141 -- their admin if this was a mistake.
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
142 module:hook("authentication-failure", function (event)
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
143 if event.condition ~= "account-disabled" then return; end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
144 local session = event.session;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
145 local sasl_handler = session and session.sasl_handler;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
146 if sasl_handler.username then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
147 local status = deleted_accounts:get(sasl_handler.username);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
148 if status then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
149 event.text = "Account deleted";
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
150 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
151 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
152 end, -1000);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
153
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
154 function restore_account(username)
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
155 local pending, pending_err = deleted_accounts:get(username);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
156 if not pending then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
157 return nil, pending_err or "Account not pending deletion";
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
158 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
159 local account_info, err = usermanager.get_account_info(username, module.host);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
160 if not account_info then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
161 return nil, "Couldn't fetch account info: "..err;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
162 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
163 local forget_ok, forget_err = deleted_accounts:set(username, nil);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
164 if not forget_ok then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
165 return nil, "Couldn't remove account from deletion queue: "..forget_err;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
166 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
167 local enable_ok, enable_err = usermanager.enable_user(username, module.host);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
168 if not enable_ok then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
169 return nil, "Removed account from deletion queue, but couldn't enable it: "..enable_err;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
170 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
171 return true, "Account restored";
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
172 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
173
13387
e5ddae99faa8 mod_user_account_management: Clear pending deletion if account re-enabled
Matthew Wild <mwild1@gmail.com>
parents: 13372
diff changeset
174 -- Automatically clear pending deletion if an account is re-enabled
e5ddae99faa8 mod_user_account_management: Clear pending deletion if account re-enabled
Matthew Wild <mwild1@gmail.com>
parents: 13372
diff changeset
175 module:context("*"):hook("user-enabled", function (event)
e5ddae99faa8 mod_user_account_management: Clear pending deletion if account re-enabled
Matthew Wild <mwild1@gmail.com>
parents: 13372
diff changeset
176 if event.host ~= module.host then return; end
e5ddae99faa8 mod_user_account_management: Clear pending deletion if account re-enabled
Matthew Wild <mwild1@gmail.com>
parents: 13372
diff changeset
177 deleted_accounts:set(event.username, nil);
e5ddae99faa8 mod_user_account_management: Clear pending deletion if account re-enabled
Matthew Wild <mwild1@gmail.com>
parents: 13372
diff changeset
178 end);
e5ddae99faa8 mod_user_account_management: Clear pending deletion if account re-enabled
Matthew Wild <mwild1@gmail.com>
parents: 13372
diff changeset
179
13369
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
180 local cleanup_time = module:measure("cleanup", "times");
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
181
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
182 function cleanup_soft_deleted_accounts()
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
183 local cleanup_done = cleanup_time();
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
184 local success, fail, restored, pending = 0, 0, 0, 0;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
185
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
186 for username in deleted_accounts:users() do
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
187 module:log("debug", "Processing account cleanup for '%s'", username);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
188 local account_info, account_info_err = usermanager.get_account_info(username, module.host);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
189 if not account_info then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
190 module:log("warn", "Unable to process delayed deletion of user '%s': %s", username, account_info_err);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
191 fail = fail + 1;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
192 else
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
193 if account_info.enabled == false then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
194 local meta = deleted_accounts:get(username);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
195 if meta.pending_until <= os.time() then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
196 local ok, err = usermanager.delete_user(username, module.host);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
197 if not ok then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
198 module:log("warn", "Unable to process delayed deletion of user '%s': %s", username, err);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
199 fail = fail + 1;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
200 else
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
201 success = success + 1;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
202 deleted_accounts:set(username, nil);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
203 module:log("debug", "Deleted account '%s' successfully", username);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
204 module:fire_event("user-deregistered", { username = username, host = module.host, source = "mod_register" });
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
205 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
206 else
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
207 pending = pending + 1;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
208 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
209 else
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
210 module:log("warn", "Account '%s' is not disabled, removing from deletion queue", username);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
211 restored = restored + 1;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
212 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
213 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
214 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
215
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
216 module:log("debug", "%d accounts scheduled for future deletion", pending);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
217
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
218 if success > 0 or fail > 0 then
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
219 module:log("info", "Completed account cleanup - %d accounts deleted (%d failed, %d restored, %d pending)", success, fail, restored, pending);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
220 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
221 cleanup_done();
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
222 end
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
223
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
224 module:daily("Remove deleted accounts", cleanup_soft_deleted_accounts);
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
225
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
226 --- shell command
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
227 module:add_item("shell-command", {
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
228 section = "user";
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
229 name = "restore";
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
230 desc = "Restore a user account scheduled for deletion";
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
231 args = {
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
232 { name = "jid", type = "string" };
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
233 };
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
234 host_selector = "jid";
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
235 handler = function (self, jid) --luacheck: ignore 212/self
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
236 return restore_account(jid_node(jid));
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
237 end;
13a27043cd0f mod_user_account_management: Add support for soft-deletion of accounts via IBR
Matthew Wild <mwild1@gmail.com>
parents: 12977
diff changeset
238 });