Annotate

plugins/mod_tombstones.lua @ 12150:653a48b5a25b

core.certmanager: Disable DANE name checks (not needed for XMPP) Pending https://github.com/brunoos/luasec/pull/179 Should not be done globally, but rather only for s2sout, but that would have to be in mod_tls then.
author Kim Alvefur <zash@zash.se>
date Thu, 16 Sep 2021 09:52:51 +0200
parent 12117:0c9b64178eda
child 12438:a698f65df453
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
12115
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 -- TODO warn when trying to create an user before the tombstone expires
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 -- e.g. via telnet or other admin interface
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 local datetime = require "util.datetime";
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 local errors = require "util.error";
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 local jid_split = require"util.jid".split;
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 local st = require "util.stanza";
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 -- Using a map store as key-value store so that removal of all user data
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 -- does not also remove the tombstone, which would defeat the point
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 local graveyard = module:open_store(nil, "map");
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 local ttl = module:get_option_number("user_tombstone_expiry", nil);
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 -- Keep tombstones forever by default
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 --
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 -- Rationale:
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 -- There is no way to be completely sure when remote services have
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 -- forgotten and revoked all memberships.
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18
12117
0c9b64178eda mod_tombstones: Add some future TODOs
Kim Alvefur <zash@zash.se>
parents: 12115
diff changeset
19 -- TODO If the user left a JID they moved to, return a gone+redirect error
0c9b64178eda mod_tombstones: Add some future TODOs
Kim Alvefur <zash@zash.se>
parents: 12115
diff changeset
20 -- TODO Attempt to deregister from MUCs based on bookmarks
0c9b64178eda mod_tombstones: Add some future TODOs
Kim Alvefur <zash@zash.se>
parents: 12115
diff changeset
21 -- TODO Unsubscribe from pubsub services if a notification is received
0c9b64178eda mod_tombstones: Add some future TODOs
Kim Alvefur <zash@zash.se>
parents: 12115
diff changeset
22
12115
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 module:hook_global("user-deleted", function(event)
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 if event.host == module.host then
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 local ok, err = graveyard:set(nil, event.username, os.time());
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 if not ok then module:log("error", "Could store tombstone for %s: %s", event.username, err); end
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 end
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 end);
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 -- Public API
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 function has_tombstone(username)
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 local tombstone, err = graveyard:get(nil, username);
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 if err or not tombstone then return tombstone, err; end
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 if ttl and tombstone + ttl < os.time() then
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 module:log("debug", "Tombstone for %s created at %s has expired", username, datetime.datetime(tombstone));
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 graveyard:set(nil, username, nil);
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 return nil;
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 end
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 return tombstone;
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 end
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 module:hook("user-registering", function(event)
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 local tombstone, err = has_tombstone(event.username);
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 if err then
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 event.allowed, event.error = errors.coerce(false, err);
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 return true;
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 elseif not tombstone then
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 -- Feel free
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 return;
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 end
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 module:log("debug", "Tombstone for %s created at %s", event.username, datetime.datetime(tombstone));
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 event.allowed = false;
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57 return true;
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58 end);
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
60 module:hook("presence/bare", function(event)
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
61 local origin, presence = event.origin, event.stanza;
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
62
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63 -- We want to undo any left-over presence subscriptions and notify the former
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
64 -- contact that they're gone.
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
65 --
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
66 -- FIXME This leaks that the user once existed. Hard to avoid without keeping
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
67 -- the contact list in some form, which we don't want to do for privacy
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
68 -- reasons. Bloom filter perhaps?
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
69 if has_tombstone(jid_split(presence.attr.to)) then
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
70 if presence.attr.type == "probe" then
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
71 origin.send(st.error_reply(presence, "cancel", "gone", "User deleted"));
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
72 origin.send(st.presence({ type = "unsubscribed"; to = presence.attr.from; from = presence.attr.to }));
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
73 elseif presence.attr.type == nil or presence.attr.type == "unavailable" then
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
74 origin.send(st.error_reply(presence, "cancel", "gone", "User deleted"));
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
75 origin.send(st.presence({ type = "unsubscribe"; to = presence.attr.from; from = presence.attr.to }));
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
76 end
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
77 return true;
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
78 end
94de6b7596cc mod_tombstones: Remember deleted accounts #1307
Kim Alvefur <zash@zash.se>
parents:
diff changeset
79 end, 1);