prosody
3fd24e1945b0
core/usermanager.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Annotate

core/usermanager.lua @ 13135:3fd24e1945b0

mod_storage_internal: Lazy-load archive items while iterating Very large list files previously ran into limits of the Lua parser, or just caused Prosody to freeze while parsing. Using the new index we can parse individual items one at a time. This probably won't reduce overall CPU usage, probably the opposite, but it will reduce the number of items in memory at once and allow collection of items after we iterated past them.
author Kim Alvefur <zash@zash.se>
date Wed, 12 May 2021 01:25:44 +0200
parent 12993:623fbb5f9b05
child 13169:7b6e7290265b
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1523
841d61be198f Remove version number from copyright headers
Matthew Wild <mwild1@gmail.com>
parents: 896
diff changeset
1 -- Prosody IM
2923
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 2032
diff changeset
2 -- Copyright (C) 2008-2010 Matthew Wild
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 2032
diff changeset
3 -- Copyright (C) 2008-2010 Waqas Hussain
1585
edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents: 1523
diff changeset
4 --
758
b1885732e979 GPL->MIT!
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
5 -- This project is MIT/X11 licensed. Please see the
b1885732e979 GPL->MIT!
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
6 -- COPYING file in the source package for more information.
519
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 449
diff changeset
7 --
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 449
diff changeset
8
12972
ead41e25ebc0 core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12920
diff changeset
9 local modulemanager = require "prosody.core.modulemanager";
ead41e25ebc0 core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12920
diff changeset
10 local log = require "prosody.util.logger".init("usermanager");
890
5b8da51b0843 usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents: 760
diff changeset
11 local type = type;
12972
ead41e25ebc0 core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12920
diff changeset
12 local jid_split = require "prosody.util.jid".split;
ead41e25ebc0 core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12920
diff changeset
13 local config = require "prosody.core.configmanager";
ead41e25ebc0 core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12920
diff changeset
14 local sasl_new = require "prosody.util.sasl".new;
ead41e25ebc0 core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12920
diff changeset
15 local storagemanager = require "prosody.core.storagemanager";
0
3e3171b59028 First commit, where do you want to go tomorrow?
matthew
parents:
diff changeset
16
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
17 local prosody = _G.prosody;
8717
9ddd0fbbe53a core: Use prosody.hosts instead of _G.hosts for consistency
Kim Alvefur <zash@zash.se>
parents: 8555
diff changeset
18 local hosts = prosody.hosts;
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
19
3161
73e93a48c0c1 Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents: 3160
diff changeset
20 local setmetatable = setmetatable;
73e93a48c0c1 Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents: 3160
diff changeset
21
12333
ed8a4f8dfd27 usermanager, mod_saslauth: Default to internal_hashed if no auth module specified
Matthew Wild <mwild1@gmail.com>
parents: 12020
diff changeset
22 local default_provider = "internal_hashed";
3180
99be525bcfb4 Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents: 3177
diff changeset
23
12659
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
24 local debug = debug;
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
25
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
26 local _ENV = nil;
8555
4f0f5b49bb03 vairious: Add annotation when an empty environment is set [luacheck]
Kim Alvefur <zash@zash.se>
parents: 8192
diff changeset
27 -- luacheck: std none
0
3e3171b59028 First commit, where do you want to go tomorrow?
matthew
parents:
diff changeset
28
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
29 local function new_null_provider()
3991
2b86d7705f4e usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents: 3982
diff changeset
30 local function dummy() return nil, "method not implemented"; end;
3362
90bf162303f3 usermanager: Return a non-nil SASL handler from the null auth provider (fixes a traceback).
Waqas Hussain <waqas20@gmail.com>
parents: 3336
diff changeset
31 local function dummy_get_sasl_handler() return sasl_new(nil, {}); end
3991
2b86d7705f4e usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents: 3982
diff changeset
32 return setmetatable({name = "null", get_sasl_handler = dummy_get_sasl_handler}, {
6663
d3023dd07cb6 portmanager, s2smanager, sessionmanager, stanza_router, storagemanager, usermanager, util.xml: Add luacheck annotations
Matthew Wild <mwild1@gmail.com>
parents: 6628
diff changeset
33 __index = function(self, method) return dummy; end --luacheck: ignore 212
3991
2b86d7705f4e usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents: 3982
diff changeset
34 });
3161
73e93a48c0c1 Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents: 3160
diff changeset
35 end
73e93a48c0c1 Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents: 3160
diff changeset
36
12658
7ca5645f46cd usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents: 12657
diff changeset
37 local fallback_authz_provider = {
12664
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
38 -- luacheck: ignore 212
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
39 get_jids_with_role = function (role) end;
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
40
12664
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
41 get_user_role = function (user) end;
12667
0278987b8687 core.usermanager: Update argument name in authz fallback method
Kim Alvefur <zash@zash.se>
parents: 12666
diff changeset
42 set_user_role = function (user, role_name) end;
12653
e4a412a54462 core.usermanager: Add missing stub authz methods to global authz provider
Kim Alvefur <zash@zash.se>
parents: 12648
diff changeset
43
12665
314bad8907fd core.usermanager: Add missing methods to fallback authz provider
Kim Alvefur <zash@zash.se>
parents: 12664
diff changeset
44 get_user_secondary_roles = function (user) end;
12664
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
45 add_user_secondary_role = function (user, host, role_name) end;
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
46 remove_user_secondary_role = function (user, host, role_name) end;
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
47
12665
314bad8907fd core.usermanager: Add missing methods to fallback authz provider
Kim Alvefur <zash@zash.se>
parents: 12664
diff changeset
48 user_can_assume_role = function(user, role_name) end;
314bad8907fd core.usermanager: Add missing methods to fallback authz provider
Kim Alvefur <zash@zash.se>
parents: 12664
diff changeset
49
12664
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
50 get_jid_role = function (jid) end;
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
51 set_jid_role = function (jid, role) end;
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
52
12664
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
53 get_users_with_role = function (role_name) end;
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
54 add_default_permission = function (role_name, action, policy) end;
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
55 get_role_by_name = function (role_name) end;
12920
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
56 get_all_roles = function () end;
10633
d1cc6af0fb97 usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents: 8717
diff changeset
57 };
d1cc6af0fb97 usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents: 8717
diff changeset
58
3992
73075b004e77 usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents: 3991
diff changeset
59 local provider_mt = { __index = new_null_provider() };
73075b004e77 usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents: 3991
diff changeset
60
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
61 local function initialize_host(host)
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
62 local host_session = hosts[host];
10634
c9e1cb7a38b8 usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents: 10633
diff changeset
63
10659
8f95308c3c45 usermanager, mod_authz_*: Merge mod_authz_config and mod_authz_internal into the latter
Matthew Wild <mwild1@gmail.com>
parents: 10640
diff changeset
64 local authz_provider_name = config.get(host, "authorization") or "internal";
10634
c9e1cb7a38b8 usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents: 10633
diff changeset
65
c9e1cb7a38b8 usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents: 10633
diff changeset
66 local authz_mod = modulemanager.load(host, "authz_"..authz_provider_name);
12658
7ca5645f46cd usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents: 12657
diff changeset
67 host_session.authz = authz_mod or fallback_authz_provider;
10634
c9e1cb7a38b8 usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents: 10633
diff changeset
68
3612
5547acd18a9f usermanager: Don't load auth modules for components.
Waqas Hussain <waqas20@gmail.com>
parents: 3608
diff changeset
69 if host_session.type ~= "local" then return; end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5377
diff changeset
70
3163
a23168cc4af5 Working defaultauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3161
diff changeset
71 host_session.events.add_handler("item-added/auth-provider", function (event)
a23168cc4af5 Working defaultauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3161
diff changeset
72 local provider = event.item;
5377
898454038524 core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents: 5157
diff changeset
73 local auth_provider = config.get(host, "authentication") or default_provider;
898454038524 core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents: 5157
diff changeset
74 if config.get(host, "anonymous_login") then
4773
ee55956597f4 usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents: 4459
diff changeset
75 log("error", "Deprecated config option 'anonymous_login'. Use authentication = 'anonymous' instead.");
ee55956597f4 usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents: 4459
diff changeset
76 auth_provider = "anonymous";
ee55956597f4 usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents: 4459
diff changeset
77 end -- COMPAT 0.7
3180
99be525bcfb4 Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents: 3177
diff changeset
78 if provider.name == auth_provider then
3992
73075b004e77 usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents: 3991
diff changeset
79 host_session.users = setmetatable(provider, provider_mt);
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
80 end
3164
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents: 3163
diff changeset
81 if host_session.users ~= nil and host_session.users.name ~= nil then
6628
8495734da243 usermanager: Capitalize log message
Kim Alvefur <zash@zash.se>
parents: 5795
diff changeset
82 log("debug", "Host '%s' now set to use user provider '%s'", host, host_session.users.name);
3163
a23168cc4af5 Working defaultauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3161
diff changeset
83 end
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
84 end);
3163
a23168cc4af5 Working defaultauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3161
diff changeset
85 host_session.events.add_handler("item-removed/auth-provider", function (event)
a23168cc4af5 Working defaultauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3161
diff changeset
86 local provider = event.item;
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
87 if host_session.users == provider then
3161
73e93a48c0c1 Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents: 3160
diff changeset
88 host_session.users = new_null_provider();
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
89 end
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
90 end);
3540
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3466
diff changeset
91 host_session.users = new_null_provider(); -- Start with the default usermanager provider
5377
898454038524 core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents: 5157
diff changeset
92 local auth_provider = config.get(host, "authentication") or default_provider;
898454038524 core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents: 5157
diff changeset
93 if config.get(host, "anonymous_login") then auth_provider = "anonymous"; end -- COMPAT 0.7
3540
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3466
diff changeset
94 if auth_provider ~= "null" then
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3466
diff changeset
95 modulemanager.load(host, "auth_"..auth_provider);
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3466
diff changeset
96 end
10633
d1cc6af0fb97 usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents: 8717
diff changeset
97
3176
f77759710324 usermanager: Add hunk that got missed in a merge
Matthew Wild <mwild1@gmail.com>
parents: 3167
diff changeset
98 end;
3293
4ce9d569a99c usermanager: Expose host_handler() as initialize_host()
Matthew Wild <mwild1@gmail.com>
parents: 3285
diff changeset
99 prosody.events.add_handler("host-activated", initialize_host, 100);
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
100
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
101 local function test_password(username, host, password)
3158
3d42e0092888 Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents: 3053
diff changeset
102 return hosts[host].users.test_password(username, password);
0
3e3171b59028 First commit, where do you want to go tomorrow?
matthew
parents:
diff changeset
103 end
38
Matthew Wild <mwild1@gmail.com>
parents: 0
diff changeset
104
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
105 local function get_password(username, host)
3158
3d42e0092888 Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents: 3053
diff changeset
106 return hosts[host].users.get_password(username);
1585
edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents: 1523
diff changeset
107 end
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
108
8192
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
109 local function set_password(username, password, host, resource)
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
110 local ok, err = hosts[host].users.set_password(username, password);
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
111 if ok then
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
112 prosody.events.fire_event("user-password-changed", { username = username, host = host, resource = resource });
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
113 end
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
114 return ok, err;
2934
060bb8217fea usermanager: Added function set_password.
Waqas Hussain <waqas20@gmail.com>
parents: 2929
diff changeset
115 end
1585
edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents: 1523
diff changeset
116
12646
3f38f4735c7a usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents: 12642
diff changeset
117 local function get_account_info(username, host)
3f38f4735c7a usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents: 12642
diff changeset
118 local method = hosts[host].users.get_account_info;
12993
623fbb5f9b05 core.usermanager: Correct formatting of not implemented error
Kim Alvefur <zash@zash.se>
parents: 12972
diff changeset
119 if not method then return nil, "method not supported"; end
12646
3f38f4735c7a usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents: 12642
diff changeset
120 return method(username);
3f38f4735c7a usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents: 12642
diff changeset
121 end
3f38f4735c7a usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents: 12642
diff changeset
122
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
123 local function user_exists(username, host)
7177
1295e14614f4 usermanager: Shortcircuit user existence check if they have existing sessions
Kim Alvefur <zash@zash.se>
parents: 6979
diff changeset
124 if hosts[host].sessions[username] then return true; end
3158
3d42e0092888 Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents: 3053
diff changeset
125 return hosts[host].users.user_exists(username);
60
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents: 53
diff changeset
126 end
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents: 53
diff changeset
127
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
128 local function create_user(username, password, host)
3158
3d42e0092888 Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents: 3053
diff changeset
129 return hosts[host].users.create_user(username, password);
60
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents: 53
diff changeset
130 end
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents: 53
diff changeset
131
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
132 local function delete_user(username, host)
5042
ce823b32225e usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents: 4943
diff changeset
133 local ok, err = hosts[host].users.delete_user(username);
ce823b32225e usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents: 4943
diff changeset
134 if not ok then return nil, err; end
5094
e646c849d72f core.usermanager: Don't close sessions ourselves when deleting users. Instead, fire an event that modules can hook.
Kim Alvefur <zash@zash.se>
parents: 5042
diff changeset
135 prosody.events.fire_event("user-deleted", { username = username, host = host });
5129
e8253c931166 storagemanager: Add purge() for purging user data from all backends in use
Kim Alvefur <zash@zash.se>
parents: 5094
diff changeset
136 return storagemanager.purge(username, host);
3993
b71e5ecc694b usermanager: Add delete_user method
Matthew Wild <mwild1@gmail.com>
parents: 3992
diff changeset
137 end
b71e5ecc694b usermanager: Add delete_user method
Matthew Wild <mwild1@gmail.com>
parents: 3992
diff changeset
138
12905
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
139 local function user_is_enabled(username, host)
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
140 local method = hosts[host].users.is_enabled;
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
141 if method then return method(username); end
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
142
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
143 -- Fallback
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
144 local info, err = get_account_info(username, host);
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
145 if info and info.enabled ~= nil then
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
146 return info.enabled;
12993
623fbb5f9b05 core.usermanager: Correct formatting of not implemented error
Kim Alvefur <zash@zash.se>
parents: 12972
diff changeset
147 elseif err ~= "method not implemented" then
12905
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
148 -- Storage issues etetc
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
149 return info, err;
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
150 end
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
151
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
152 -- API unsupported implies users are always enabled
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
153 return true;
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
154 end
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
155
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
156 local function enable_user(username, host)
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
157 local method = hosts[host].users.enable;
12993
623fbb5f9b05 core.usermanager: Correct formatting of not implemented error
Kim Alvefur <zash@zash.se>
parents: 12972
diff changeset
158 if not method then return nil, "method not supported"; end
12906
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
159 local ret, err = method(username);
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
160 if ret then
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
161 prosody.events.fire_event("user-enabled", { username = username, host = host });
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
162 end
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
163 return ret, err;
12905
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
164 end
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
165
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
166 local function disable_user(username, host)
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
167 local method = hosts[host].users.disable;
12993
623fbb5f9b05 core.usermanager: Correct formatting of not implemented error
Kim Alvefur <zash@zash.se>
parents: 12972
diff changeset
168 if not method then return nil, "method not supported"; end
12906
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
169 local ret, err = method(username);
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
170 if ret then
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
171 prosody.events.fire_event("user-disabled", { username = username, host = host });
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
172 end
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
173 return ret, err;
12905
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
174 end
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
175
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
176 local function users(host)
5157
0e1686f334b8 usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents: 5129
diff changeset
177 return hosts[host].users.users();
0e1686f334b8 usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents: 5129
diff changeset
178 end
0e1686f334b8 usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents: 5129
diff changeset
179
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
180 local function get_sasl_handler(host, session)
4943
50f63f07245f usermanager: Pass session on to auth provider (missing half of commit 0545a574667b) (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents: 4773
diff changeset
181 return hosts[host].users.get_sasl_handler(session);
228
875842235836 Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents: 60
diff changeset
182 end
875842235836 Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents: 60
diff changeset
183
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
184 local function get_provider(host)
3167
546695e80e0a Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3166
diff changeset
185 return hosts[host].users;
546695e80e0a Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3166
diff changeset
186 end
546695e80e0a Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3166
diff changeset
187
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
188 local function get_user_role(user, host)
4237
6b0d7d94eb7f usermanager: Check host exists before trying to look up admins for it
Matthew Wild <mwild1@gmail.com>
parents: 3993
diff changeset
189 if host and not hosts[host] then return false; end
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
190 if type(user) ~= "string" then return false; end
4237
6b0d7d94eb7f usermanager: Check host exists before trying to look up admins for it
Matthew Wild <mwild1@gmail.com>
parents: 3993
diff changeset
191
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
192 return hosts[host].authz.get_user_role(user);
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
193 end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
194
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
195 local function set_user_role(user, host, role_name)
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
196 if host and not hosts[host] then return false; end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
197 if type(user) ~= "string" then return false; end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
198
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
199 local role, err = hosts[host].authz.set_user_role(user, role_name);
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
200 if role then
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
201 prosody.events.fire_event("user-role-changed", {
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
202 username = user, host = host, role = role;
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
203 });
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
204 end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
205 return role, err;
10640
5622eda7c5c5 usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents: 10635
diff changeset
206 end
5622eda7c5c5 usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents: 10635
diff changeset
207
12663
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
208 local function user_can_assume_role(user, host, role_name)
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
209 if host and not hosts[host] then return false; end
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
210 if type(user) ~= "string" then return false; end
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
211
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
212 return hosts[host].authz.user_can_assume_role(user, role_name);
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
213 end
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
214
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
215 local function add_user_secondary_role(user, host, role_name)
11473
afe80b64e209 usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents: 10695
diff changeset
216 if host and not hosts[host] then return false; end
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
217 if type(user) ~= "string" then return false; end
11473
afe80b64e209 usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents: 10695
diff changeset
218
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
219 local role, err = hosts[host].authz.add_user_secondary_role(user, role_name);
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
220 if role then
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
221 prosody.events.fire_event("user-role-added", {
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
222 username = user, host = host, role = role;
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
223 });
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
224 end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
225 return role, err;
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
226 end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
227
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
228 local function remove_user_secondary_role(user, host, role_name)
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
229 if host and not hosts[host] then return false; end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
230 if type(user) ~= "string" then return false; end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
231
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
232 local ok, err = hosts[host].authz.remove_user_secondary_role(user, role_name);
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
233 if ok then
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
234 prosody.events.fire_event("user-role-removed", {
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
235 username = user, host = host, role_name = role_name;
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
236 });
11473
afe80b64e209 usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents: 10695
diff changeset
237 end
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
238 return ok, err;
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
239 end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
240
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
241 local function get_user_secondary_roles(user, host)
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
242 if host and not hosts[host] then return false; end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
243 if type(user) ~= "string" then return false; end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
244
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
245 return hosts[host].authz.get_user_secondary_roles(user);
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
246 end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
247
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
248 local function get_jid_role(jid, host)
12654
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
249 local jid_node, jid_host = jid_split(jid);
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
250 if host == jid_host and jid_node then
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
251 return hosts[host].authz.get_user_role(jid_node);
12654
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
252 end
12658
7ca5645f46cd usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents: 12657
diff changeset
253 return hosts[host].authz.get_jid_role(jid);
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
254 end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
255
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
256 local function set_jid_role(jid, host, role_name)
12654
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
257 local _, jid_host = jid_split(jid);
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
258 if host == jid_host then
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
259 return nil, "unexpected-local-jid";
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
260 end
12658
7ca5645f46cd usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents: 12657
diff changeset
261 return hosts[host].authz.set_jid_role(jid, role_name)
11473
afe80b64e209 usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents: 10695
diff changeset
262 end
afe80b64e209 usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents: 10695
diff changeset
263
12659
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
264 local strict_deprecate_is_admin;
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
265 local legacy_admin_roles = { ["prosody:admin"] = true, ["prosody:operator"] = true };
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
266 local function is_admin(jid, host)
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
267 if strict_deprecate_is_admin == nil then
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
268 strict_deprecate_is_admin = (config.get("*", "strict_deprecate_is_admin") == true);
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
269 end
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
270 if strict_deprecate_is_admin then
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
271 log("error", "Attempt to use deprecated is_admin() API: %s", debug.traceback());
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
272 return false;
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
273 end
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
274 log("warn", "Usage of legacy is_admin() API, which will be disabled in a future build: %s", debug.traceback());
12683
75f0c69eba71 core.usermanager: Link to docs for new role API to make warning more actionable
Kim Alvefur <zash@zash.se>
parents: 12667
diff changeset
275 log("warn", "See https://prosody.im/doc/developers/permissions about the new permissions API");
12659
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
276 return legacy_admin_roles[get_jid_role(jid, host)] or false;
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
277 end
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
278
11745
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
279 local function get_users_with_role(role, host)
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
280 if not hosts[host] then return false; end
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
281 if type(role) ~= "string" then return false; end
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
282 return hosts[host].authz.get_users_with_role(role);
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
283 end
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
284
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
285 local function get_jids_with_role(role, host)
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
286 if host and not hosts[host] then return false; end
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
287 if type(role) ~= "string" then return false; end
12658
7ca5645f46cd usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents: 12657
diff changeset
288 return hosts[host].authz.get_jids_with_role(role);
11745
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
289 end
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
290
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
291 local function get_role_by_name(role_name, host)
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
292 if host and not hosts[host] then return false; end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
293 if type(role_name) ~= "string" then return false; end
12658
7ca5645f46cd usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents: 12657
diff changeset
294 return hosts[host].authz.get_role_by_name(role_name);
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
295 end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
296
12920
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
297 local function get_all_roles(host)
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
298 if host and not hosts[host] then return false; end
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
299 return hosts[host].authz.get_all_roles();
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
300 end
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
301
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
302 return {
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
303 new_null_provider = new_null_provider;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
304 initialize_host = initialize_host;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
305 test_password = test_password;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
306 get_password = get_password;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
307 set_password = set_password;
12646
3f38f4735c7a usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents: 12642
diff changeset
308 get_account_info = get_account_info;
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
309 user_exists = user_exists;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
310 create_user = create_user;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
311 delete_user = delete_user;
12905
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
312 user_is_enabled = user_is_enabled;
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
313 enable_user = enable_user;
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
314 disable_user = disable_user;
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
315 users = users;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
316 get_sasl_handler = get_sasl_handler;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
317 get_provider = get_provider;
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
318 get_user_role = get_user_role;
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
319 set_user_role = set_user_role;
12663
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
320 user_can_assume_role = user_can_assume_role;
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
321 add_user_secondary_role = add_user_secondary_role;
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
322 remove_user_secondary_role = remove_user_secondary_role;
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
323 get_user_secondary_roles = get_user_secondary_roles;
11745
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
324 get_users_with_role = get_users_with_role;
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
325 get_jid_role = get_jid_role;
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
326 set_jid_role = set_jid_role;
11745
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
327 get_jids_with_role = get_jids_with_role;
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
328 get_role_by_name = get_role_by_name;
12920
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
329 get_all_roles = get_all_roles;
12659
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
330
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
331 -- Deprecated
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
332 is_admin = is_admin;
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
333 };