Software / code / prosody
Annotate
plugins/mod_invites_register.lua @ 13843:87dd8639f08f 13.0
mod_invites_register: Stricter validation of registration events
This fixes two problems:
1) Account invites that were created with a specific username were not
in fact restricted to that username.
2) Password reset invites were not restricted to resetting passwords,
but could be used to create an arbitrary new account if the client
or registration frontend (e.g. mod_invites_register_web) doesn't
handle/enforce the username.
This new validation ensures that registrations and resets are always for the
username specified in the invitation.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 10 Apr 2025 16:07:32 +0100 |
| parent | 13011:16b47c3b44f3 |
| child | 13849:068e77bf91b9 |
| rev | line source |
|---|---|
|
12977
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12391
diff
changeset
|
1 local st = require "prosody.util.stanza"; |
|
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12391
diff
changeset
|
2 local jid_split = require "prosody.util.jid".split; |
|
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12391
diff
changeset
|
3 local jid_bare = require "prosody.util.jid".bare; |
|
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12391
diff
changeset
|
4 local rostermanager = require "prosody.core.rostermanager"; |
|
12144
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 local require_encryption = module:get_option_boolean("c2s_require_encryption", |
|
12329
c980210ca095
mod_invites_register: Default to require encryption
Matthew Wild <mwild1@gmail.com>
parents:
12285
diff
changeset
|
7 module:get_option_boolean("require_encryption", true)); |
|
12144
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 local invite_only = module:get_option_boolean("registration_invite_only", true); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 local invites; |
|
12284
b4424f131d5c
mod_invites_register: Replace COMPAT hack
Kim Alvefur <zash@zash.se>
parents:
12144
diff
changeset
|
11 if prosody.process_type == "prosody" then |
|
12144
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 invites = module:depends("invites"); |
|
12285
ed23bbf3b946
mod_invites_register: Load mod_register_ibr in invite only mode
Kim Alvefur <zash@zash.se>
parents:
12284
diff
changeset
|
13 |
|
ed23bbf3b946
mod_invites_register: Load mod_register_ibr in invite only mode
Kim Alvefur <zash@zash.se>
parents:
12284
diff
changeset
|
14 if invite_only then |
|
ed23bbf3b946
mod_invites_register: Load mod_register_ibr in invite only mode
Kim Alvefur <zash@zash.se>
parents:
12284
diff
changeset
|
15 module:depends("register_ibr"); |
|
ed23bbf3b946
mod_invites_register: Load mod_register_ibr in invite only mode
Kim Alvefur <zash@zash.se>
parents:
12284
diff
changeset
|
16 end |
|
12144
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 end |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 local legacy_invite_stream_feature = st.stanza("register", { xmlns = "urn:xmpp:invite" }):up(); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 local invite_stream_feature = st.stanza("register", { xmlns = "urn:xmpp:ibr-token:0" }):up(); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 module:hook("stream-features", function(event) |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 local session, features = event.origin, event.features; |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 -- Advertise to unauthorized clients only. |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 if session.type ~= "c2s_unauthed" or (require_encryption and not session.secure) then |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 return |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 end |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 features:add_child(legacy_invite_stream_feature); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 features:add_child(invite_stream_feature); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 end); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 -- XEP-0379: Pre-Authenticated Roster Subscription |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 module:hook("presence/bare", function (event) |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 local stanza = event.stanza; |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 if stanza.attr.type ~= "subscribe" then return end |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 local preauth = stanza:get_child("preauth", "urn:xmpp:pars:0"); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 if not preauth then return end |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 local token = preauth.attr.token; |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 if not token then return end |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 local username, host = jid_split(stanza.attr.to); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 local invite, err = invites.get(token, username); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 if not invite then |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 module:log("debug", "Got invalid token, error: %s", err); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 return; |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 end |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 local contact = jid_bare(stanza.attr.from); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 module:log("debug", "Approving inbound subscription to %s from %s", username, contact); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 if rostermanager.set_contact_pending_in(username, host, contact, stanza) then |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 if rostermanager.subscribed(username, host, contact) then |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 invite:use(); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 rostermanager.roster_push(username, host, contact); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 -- Send back a subscription request (goal is mutual subscription) |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 if not rostermanager.is_user_subscribed(username, host, contact) |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 and not rostermanager.is_contact_pending_out(username, host, contact) then |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 module:log("debug", "Sending automatic subscription request to %s from %s", contact, username); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 if rostermanager.set_contact_pending_out(username, host, contact) then |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 rostermanager.roster_push(username, host, contact); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 module:send(st.presence({type = "subscribe", from = username.."@"..host, to = contact })); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 else |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 module:log("warn", "Failed to set contact pending out for %s", username); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 end |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
70 end |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 end |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
72 end |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
73 end, 1); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
74 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
75 -- Client is submitting a preauth token to allow registration |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
76 module:hook("stanza/iq/urn:xmpp:pars:0:preauth", function(event) |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
77 local preauth = event.stanza.tags[1]; |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 local token = preauth.attr.token; |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 local validated_invite = invites.get(token); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 if not validated_invite then |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
81 local reply = st.error_reply(event.stanza, "cancel", "forbidden", "The invite token is invalid or expired"); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
82 event.origin.send(reply); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
83 return true; |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
84 end |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
85 event.origin.validated_invite = validated_invite; |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
86 local reply = st.reply(event.stanza); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
87 event.origin.send(reply); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
88 return true; |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
89 end); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
90 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
91 -- Registration attempt - ensure a valid preauth token has been supplied |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
92 module:hook("user-registering", function (event) |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
93 local validated_invite = event.validated_invite or (event.session and event.session.validated_invite); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
94 if invite_only and not validated_invite then |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
95 event.allowed = false; |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
96 event.reason = "Registration on this server is through invitation only"; |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
97 return; |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
98 elseif not validated_invite then |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
99 -- This registration is not using an invite, but |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
100 -- the server is not in invite-only mode, so nothing |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
101 -- for this module to do... |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
102 return; |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
103 end |
|
13843
87dd8639f08f
mod_invites_register: Stricter validation of registration events
Matthew Wild <mwild1@gmail.com>
parents:
13011
diff
changeset
|
104 if validated_invite then |
|
87dd8639f08f
mod_invites_register: Stricter validation of registration events
Matthew Wild <mwild1@gmail.com>
parents:
13011
diff
changeset
|
105 local username = validated_invite.username; |
|
87dd8639f08f
mod_invites_register: Stricter validation of registration events
Matthew Wild <mwild1@gmail.com>
parents:
13011
diff
changeset
|
106 if username and username ~= event.username then |
|
87dd8639f08f
mod_invites_register: Stricter validation of registration events
Matthew Wild <mwild1@gmail.com>
parents:
13011
diff
changeset
|
107 event.allowed = false; |
|
87dd8639f08f
mod_invites_register: Stricter validation of registration events
Matthew Wild <mwild1@gmail.com>
parents:
13011
diff
changeset
|
108 event.reason = "The chosen username is not valid with this invitation"; |
|
87dd8639f08f
mod_invites_register: Stricter validation of registration events
Matthew Wild <mwild1@gmail.com>
parents:
13011
diff
changeset
|
109 end |
|
87dd8639f08f
mod_invites_register: Stricter validation of registration events
Matthew Wild <mwild1@gmail.com>
parents:
13011
diff
changeset
|
110 local reset_username = validated_invite.additional_data and validated_invite.additional_data.allow_reset; |
|
87dd8639f08f
mod_invites_register: Stricter validation of registration events
Matthew Wild <mwild1@gmail.com>
parents:
13011
diff
changeset
|
111 if reset_username then |
|
87dd8639f08f
mod_invites_register: Stricter validation of registration events
Matthew Wild <mwild1@gmail.com>
parents:
13011
diff
changeset
|
112 if reset_username ~= event.username then |
|
87dd8639f08f
mod_invites_register: Stricter validation of registration events
Matthew Wild <mwild1@gmail.com>
parents:
13011
diff
changeset
|
113 event.allowed = false; |
|
87dd8639f08f
mod_invites_register: Stricter validation of registration events
Matthew Wild <mwild1@gmail.com>
parents:
13011
diff
changeset
|
114 event.reason = "Incorrect username for password reset"; |
|
87dd8639f08f
mod_invites_register: Stricter validation of registration events
Matthew Wild <mwild1@gmail.com>
parents:
13011
diff
changeset
|
115 end |
|
87dd8639f08f
mod_invites_register: Stricter validation of registration events
Matthew Wild <mwild1@gmail.com>
parents:
13011
diff
changeset
|
116 event.allow_reset = reset_username; |
|
87dd8639f08f
mod_invites_register: Stricter validation of registration events
Matthew Wild <mwild1@gmail.com>
parents:
13011
diff
changeset
|
117 end |
|
12144
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
118 end |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
119 end); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
120 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
121 -- Make a *one-way* subscription. User will see when contact is online, |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
122 -- contact will not see when user is online. |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
123 function subscribe(host, user_username, contact_username) |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
124 local user_jid = user_username.."@"..host; |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
125 local contact_jid = contact_username.."@"..host; |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
126 -- Update user's roster to say subscription request is pending... |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
127 rostermanager.set_contact_pending_out(user_username, host, contact_jid); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
128 -- Update contact's roster to say subscription request is pending... |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
129 rostermanager.set_contact_pending_in(contact_username, host, user_jid); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
130 -- Update contact's roster to say subscription request approved... |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
131 rostermanager.subscribed(contact_username, host, user_jid); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
132 -- Update user's roster to say subscription request approved... |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
133 rostermanager.process_inbound_subscription_approval(user_username, host, contact_jid); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
134 end |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
135 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
136 -- Make a mutual subscription between jid1 and jid2. Each JID will see |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
137 -- when the other one is online. |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
138 function subscribe_both(host, user1, user2) |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
139 subscribe(host, user1, user2); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
140 subscribe(host, user2, user1); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
141 end |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
142 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
143 -- Registration successful, if there was a preauth token, mark it as used |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
144 module:hook("user-registered", function (event) |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
145 local validated_invite = event.validated_invite or (event.session and event.session.validated_invite); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
146 if not validated_invite then |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
147 return; |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
148 end |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
149 local inviter_username = validated_invite.inviter; |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
150 local contact_username = event.username; |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
151 validated_invite:use(); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
152 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
153 if inviter_username then |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
154 module:log("debug", "Creating mutual subscription between %s and %s", inviter_username, contact_username); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
155 subscribe_both(module.host, inviter_username, contact_username); |
|
12391
a15647d42880
mod_invites_register: Push invitee contact entry to inviter
Kim Alvefur <zash@zash.se>
parents:
12329
diff
changeset
|
156 rostermanager.roster_push(inviter_username, module.host, contact_username.."@"..module.host); |
|
12144
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
157 end |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
158 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
159 if validated_invite.additional_data then |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
160 module:log("debug", "Importing roles from invite"); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
161 local roles = validated_invite.additional_data.roles; |
|
13011
16b47c3b44f3
mod_invites_register: Allow roles to be an ordered list, first being primary
Kim Alvefur <zash@zash.se>
parents:
12977
diff
changeset
|
162 if roles and roles[1] ~= nil then |
|
16b47c3b44f3
mod_invites_register: Allow roles to be an ordered list, first being primary
Kim Alvefur <zash@zash.se>
parents:
12977
diff
changeset
|
163 local um = require "prosody.core.usermanager"; |
|
16b47c3b44f3
mod_invites_register: Allow roles to be an ordered list, first being primary
Kim Alvefur <zash@zash.se>
parents:
12977
diff
changeset
|
164 local ok, err = um.set_user_role(event.username, module.host, roles[1]); |
|
16b47c3b44f3
mod_invites_register: Allow roles to be an ordered list, first being primary
Kim Alvefur <zash@zash.se>
parents:
12977
diff
changeset
|
165 if not ok then |
|
16b47c3b44f3
mod_invites_register: Allow roles to be an ordered list, first being primary
Kim Alvefur <zash@zash.se>
parents:
12977
diff
changeset
|
166 module:log("error", "Could not set role %s for newly registered user %s: %s", roles[1], event.username, err); |
|
16b47c3b44f3
mod_invites_register: Allow roles to be an ordered list, first being primary
Kim Alvefur <zash@zash.se>
parents:
12977
diff
changeset
|
167 end |
|
16b47c3b44f3
mod_invites_register: Allow roles to be an ordered list, first being primary
Kim Alvefur <zash@zash.se>
parents:
12977
diff
changeset
|
168 for i = 2, #roles do |
|
16b47c3b44f3
mod_invites_register: Allow roles to be an ordered list, first being primary
Kim Alvefur <zash@zash.se>
parents:
12977
diff
changeset
|
169 local ok, err = um.add_user_secondary_role(event.username, module.host, roles[i]); |
|
16b47c3b44f3
mod_invites_register: Allow roles to be an ordered list, first being primary
Kim Alvefur <zash@zash.se>
parents:
12977
diff
changeset
|
170 if not ok then |
|
16b47c3b44f3
mod_invites_register: Allow roles to be an ordered list, first being primary
Kim Alvefur <zash@zash.se>
parents:
12977
diff
changeset
|
171 module:log("warn", "Could not add secondary role %s for newly registered user %s: %s", roles[i], event.username, err); |
|
16b47c3b44f3
mod_invites_register: Allow roles to be an ordered list, first being primary
Kim Alvefur <zash@zash.se>
parents:
12977
diff
changeset
|
172 end |
|
16b47c3b44f3
mod_invites_register: Allow roles to be an ordered list, first being primary
Kim Alvefur <zash@zash.se>
parents:
12977
diff
changeset
|
173 end |
|
16b47c3b44f3
mod_invites_register: Allow roles to be an ordered list, first being primary
Kim Alvefur <zash@zash.se>
parents:
12977
diff
changeset
|
174 elseif roles and type(next(roles)) == "string" then |
|
16b47c3b44f3
mod_invites_register: Allow roles to be an ordered list, first being primary
Kim Alvefur <zash@zash.se>
parents:
12977
diff
changeset
|
175 module:log("warn", "Invite carries legacy, migration required for user '%s' for role set %q to take effect", event.username, roles); |
|
12144
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
176 module:open_store("roles"):set(contact_username, roles); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
177 end |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
178 end |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
179 end); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
180 |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
181 -- Equivalent of user-registered but for when the account already existed |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
182 -- (i.e. password reset) |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
183 module:hook("user-password-reset", function (event) |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
184 local validated_invite = event.validated_invite or (event.session and event.session.validated_invite); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
185 if not validated_invite then |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
186 return; |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
187 end |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
188 validated_invite:use(); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
189 end); |
|
3e292e2a1e02
mod_invites_register: Import from prosody-modules@797b51043767
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
190 |
