Software / code / prosody
Annotate
core/usermanager.lua @ 11923:bd0440c12842
util.prosodyctl.check: Take IPv6 support in LuaSocket into account
Shouldn't really matter these days, but portmanager checks this way.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 20 Nov 2021 17:04:15 +0100 |
| parent | 11898:89aa591bb895 |
| child | 12020:a949f1aae171 |
| rev | line source |
|---|---|
|
1523
841d61be198f
Remove version number from copyright headers
Matthew Wild <mwild1@gmail.com>
parents:
896
diff
changeset
|
1 -- Prosody IM |
|
2923
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
2032
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
|
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
2032
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
|
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1523
diff
changeset
|
4 -- |
| 758 | 5 -- This project is MIT/X11 licensed. Please see the |
| 6 -- COPYING file in the source package for more information. | |
|
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
449
diff
changeset
|
7 -- |
|
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
449
diff
changeset
|
8 |
|
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
9 local modulemanager = require "core.modulemanager"; |
|
53
14ea0fe6ca86
Session destruction fixes, some debugging code while we fix the rest. Also change logger to be more useful.
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
10 local log = require "util.logger".init("usermanager"); |
|
890
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
11 local type = type; |
|
11745
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
12 local it = require "util.iterators"; |
|
890
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
13 local jid_bare = require "util.jid".bare; |
|
10633
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
14 local jid_split = require "util.jid".split; |
|
4459
2ccc386b9913
usermanager: Prep admin JIDs (fixes issue#276).
Waqas Hussain <waqas20@gmail.com>
parents:
4237
diff
changeset
|
15 local jid_prep = require "util.jid".prep; |
|
890
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
16 local config = require "core.configmanager"; |
|
3362
90bf162303f3
usermanager: Return a non-nil SASL handler from the null auth provider (fixes a traceback).
Waqas Hussain <waqas20@gmail.com>
parents:
3336
diff
changeset
|
17 local sasl_new = require "util.sasl".new; |
|
5042
ce823b32225e
usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents:
4943
diff
changeset
|
18 local storagemanager = require "core.storagemanager"; |
|
10633
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
19 local set = require "util.set"; |
| 0 | 20 |
|
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
21 local prosody = _G.prosody; |
|
8717
9ddd0fbbe53a
core: Use prosody.hosts instead of _G.hosts for consistency
Kim Alvefur <zash@zash.se>
parents:
8555
diff
changeset
|
22 local hosts = prosody.hosts; |
|
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
23 |
|
3161
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
24 local setmetatable = setmetatable; |
|
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
25 |
|
3336
3a8ce659edfc
mod_auth_internal, usermanager: Rename to mod_auth_internal_plain, and update usermanager to still use it as the default
Matthew Wild <mwild1@gmail.com>
parents:
3293
diff
changeset
|
26 local default_provider = "internal_plain"; |
|
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
27 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
28 local _ENV = nil; |
|
8555
4f0f5b49bb03
vairious: Add annotation when an empty environment is set [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8192
diff
changeset
|
29 -- luacheck: std none |
| 0 | 30 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
31 local function new_null_provider() |
|
3991
2b86d7705f4e
usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents:
3982
diff
changeset
|
32 local function dummy() return nil, "method not implemented"; end; |
|
3362
90bf162303f3
usermanager: Return a non-nil SASL handler from the null auth provider (fixes a traceback).
Waqas Hussain <waqas20@gmail.com>
parents:
3336
diff
changeset
|
33 local function dummy_get_sasl_handler() return sasl_new(nil, {}); end |
|
3991
2b86d7705f4e
usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents:
3982
diff
changeset
|
34 return setmetatable({name = "null", get_sasl_handler = dummy_get_sasl_handler}, { |
|
6663
d3023dd07cb6
portmanager, s2smanager, sessionmanager, stanza_router, storagemanager, usermanager, util.xml: Add luacheck annotations
Matthew Wild <mwild1@gmail.com>
parents:
6628
diff
changeset
|
35 __index = function(self, method) return dummy; end --luacheck: ignore 212 |
|
3991
2b86d7705f4e
usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents:
3982
diff
changeset
|
36 }); |
|
3161
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
37 end |
|
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
38 |
|
10633
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
39 local global_admins_config = config.get("*", "admins"); |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
40 if type(global_admins_config) ~= "table" then |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
41 global_admins_config = nil; -- TODO: factor out moduleapi magic config handling and use it here |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
42 end |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
43 local global_admins = set.new(global_admins_config) / jid_prep; |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
44 |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
45 local admin_role = { ["prosody:admin"] = true }; |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
46 local global_authz_provider = { |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
47 get_user_roles = function (user) end; --luacheck: ignore 212/user |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
48 get_jid_roles = function (jid) |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
49 if global_admins:contains(jid) then |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
50 return admin_role; |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
51 end |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
52 end; |
|
11745
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
53 get_jids_with_role = function (role) |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
54 if role ~= "prosody:admin" then return {}; end |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
55 return it.to_array(global_admins); |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
56 end; |
|
10633
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
57 }; |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
58 |
|
3992
73075b004e77
usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents:
3991
diff
changeset
|
59 local provider_mt = { __index = new_null_provider() }; |
|
73075b004e77
usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents:
3991
diff
changeset
|
60 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
61 local function initialize_host(host) |
|
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
62 local host_session = hosts[host]; |
|
10634
c9e1cb7a38b8
usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents:
10633
diff
changeset
|
63 |
|
10659
8f95308c3c45
usermanager, mod_authz_*: Merge mod_authz_config and mod_authz_internal into the latter
Matthew Wild <mwild1@gmail.com>
parents:
10640
diff
changeset
|
64 local authz_provider_name = config.get(host, "authorization") or "internal"; |
|
10634
c9e1cb7a38b8
usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents:
10633
diff
changeset
|
65 |
|
c9e1cb7a38b8
usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents:
10633
diff
changeset
|
66 local authz_mod = modulemanager.load(host, "authz_"..authz_provider_name); |
|
c9e1cb7a38b8
usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents:
10633
diff
changeset
|
67 host_session.authz = authz_mod or global_authz_provider; |
|
c9e1cb7a38b8
usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents:
10633
diff
changeset
|
68 |
|
3612
5547acd18a9f
usermanager: Don't load auth modules for components.
Waqas Hussain <waqas20@gmail.com>
parents:
3608
diff
changeset
|
69 if host_session.type ~= "local" then return; end |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5377
diff
changeset
|
70 |
| 3163 | 71 host_session.events.add_handler("item-added/auth-provider", function (event) |
| 72 local provider = event.item; | |
|
5377
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
73 local auth_provider = config.get(host, "authentication") or default_provider; |
|
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
74 if config.get(host, "anonymous_login") then |
|
4773
ee55956597f4
usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents:
4459
diff
changeset
|
75 log("error", "Deprecated config option 'anonymous_login'. Use authentication = 'anonymous' instead."); |
|
ee55956597f4
usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents:
4459
diff
changeset
|
76 auth_provider = "anonymous"; |
|
ee55956597f4
usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents:
4459
diff
changeset
|
77 end -- COMPAT 0.7 |
|
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
78 if provider.name == auth_provider then |
|
3992
73075b004e77
usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents:
3991
diff
changeset
|
79 host_session.users = setmetatable(provider, provider_mt); |
|
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
80 end |
|
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
3163
diff
changeset
|
81 if host_session.users ~= nil and host_session.users.name ~= nil then |
|
6628
8495734da243
usermanager: Capitalize log message
Kim Alvefur <zash@zash.se>
parents:
5795
diff
changeset
|
82 log("debug", "Host '%s' now set to use user provider '%s'", host, host_session.users.name); |
| 3163 | 83 end |
|
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
84 end); |
| 3163 | 85 host_session.events.add_handler("item-removed/auth-provider", function (event) |
| 86 local provider = event.item; | |
|
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
87 if host_session.users == provider then |
|
3161
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
88 host_session.users = new_null_provider(); |
|
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
89 end |
|
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
90 end); |
|
3540
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3466
diff
changeset
|
91 host_session.users = new_null_provider(); -- Start with the default usermanager provider |
|
5377
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
92 local auth_provider = config.get(host, "authentication") or default_provider; |
|
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
93 if config.get(host, "anonymous_login") then auth_provider = "anonymous"; end -- COMPAT 0.7 |
|
3540
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3466
diff
changeset
|
94 if auth_provider ~= "null" then |
|
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3466
diff
changeset
|
95 modulemanager.load(host, "auth_"..auth_provider); |
|
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3466
diff
changeset
|
96 end |
|
10633
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
97 |
|
3176
f77759710324
usermanager: Add hunk that got missed in a merge
Matthew Wild <mwild1@gmail.com>
parents:
3167
diff
changeset
|
98 end; |
|
3293
4ce9d569a99c
usermanager: Expose host_handler() as initialize_host()
Matthew Wild <mwild1@gmail.com>
parents:
3285
diff
changeset
|
99 prosody.events.add_handler("host-activated", initialize_host, 100); |
|
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
100 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
101 local function test_password(username, host, password) |
|
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
102 return hosts[host].users.test_password(username, password); |
| 0 | 103 end |
| 38 | 104 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
105 local function get_password(username, host) |
|
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
106 return hosts[host].users.get_password(username); |
|
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1523
diff
changeset
|
107 end |
|
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
108 |
|
8192
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
109 local function set_password(username, password, host, resource) |
|
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
110 local ok, err = hosts[host].users.set_password(username, password); |
|
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
111 if ok then |
|
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
112 prosody.events.fire_event("user-password-changed", { username = username, host = host, resource = resource }); |
|
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
113 end |
|
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
114 return ok, err; |
|
2934
060bb8217fea
usermanager: Added function set_password.
Waqas Hussain <waqas20@gmail.com>
parents:
2929
diff
changeset
|
115 end |
|
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1523
diff
changeset
|
116 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
117 local function user_exists(username, host) |
|
7177
1295e14614f4
usermanager: Shortcircuit user existence check if they have existing sessions
Kim Alvefur <zash@zash.se>
parents:
6979
diff
changeset
|
118 if hosts[host].sessions[username] then return true; end |
|
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
119 return hosts[host].users.user_exists(username); |
|
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
120 end |
|
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
121 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
122 local function create_user(username, password, host) |
|
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
123 return hosts[host].users.create_user(username, password); |
|
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
124 end |
|
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
125 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
126 local function delete_user(username, host) |
|
5042
ce823b32225e
usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents:
4943
diff
changeset
|
127 local ok, err = hosts[host].users.delete_user(username); |
|
ce823b32225e
usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents:
4943
diff
changeset
|
128 if not ok then return nil, err; end |
|
5094
e646c849d72f
core.usermanager: Don't close sessions ourselves when deleting users. Instead, fire an event that modules can hook.
Kim Alvefur <zash@zash.se>
parents:
5042
diff
changeset
|
129 prosody.events.fire_event("user-deleted", { username = username, host = host }); |
|
5129
e8253c931166
storagemanager: Add purge() for purging user data from all backends in use
Kim Alvefur <zash@zash.se>
parents:
5094
diff
changeset
|
130 return storagemanager.purge(username, host); |
|
3993
b71e5ecc694b
usermanager: Add delete_user method
Matthew Wild <mwild1@gmail.com>
parents:
3992
diff
changeset
|
131 end |
|
b71e5ecc694b
usermanager: Add delete_user method
Matthew Wild <mwild1@gmail.com>
parents:
3992
diff
changeset
|
132 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
133 local function users(host) |
|
5157
0e1686f334b8
usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5129
diff
changeset
|
134 return hosts[host].users.users(); |
|
0e1686f334b8
usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5129
diff
changeset
|
135 end |
|
0e1686f334b8
usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5129
diff
changeset
|
136 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
137 local function get_sasl_handler(host, session) |
|
4943
50f63f07245f
usermanager: Pass session on to auth provider (missing half of commit 0545a574667b) (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
4773
diff
changeset
|
138 return hosts[host].users.get_sasl_handler(session); |
|
228
875842235836
Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents:
60
diff
changeset
|
139 end |
|
875842235836
Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents:
60
diff
changeset
|
140 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
141 local function get_provider(host) |
|
3167
546695e80e0a
Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents:
3166
diff
changeset
|
142 return hosts[host].users; |
|
546695e80e0a
Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents:
3166
diff
changeset
|
143 end |
|
546695e80e0a
Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents:
3166
diff
changeset
|
144 |
|
10640
5622eda7c5c5
usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents:
10635
diff
changeset
|
145 local function get_roles(jid, host) |
|
4237
6b0d7d94eb7f
usermanager: Check host exists before trying to look up admins for it
Matthew Wild <mwild1@gmail.com>
parents:
3993
diff
changeset
|
146 if host and not hosts[host] then return false; end |
|
4459
2ccc386b9913
usermanager: Prep admin JIDs (fixes issue#276).
Waqas Hussain <waqas20@gmail.com>
parents:
4237
diff
changeset
|
147 if type(jid) ~= "string" then return false; end |
|
4237
6b0d7d94eb7f
usermanager: Check host exists before trying to look up admins for it
Matthew Wild <mwild1@gmail.com>
parents:
3993
diff
changeset
|
148 |
|
3285
c116c4b2db5a
usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents:
3218
diff
changeset
|
149 jid = jid_bare(jid); |
|
c116c4b2db5a
usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents:
3218
diff
changeset
|
150 host = host or "*"; |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5377
diff
changeset
|
151 |
|
10633
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
152 local actor_user, actor_host = jid_split(jid); |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
153 local roles; |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
154 |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
155 local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5377
diff
changeset
|
156 |
|
10695
52886aad9ee1
usermanager: Fix traceback when checking admin status of host-only JIDs (fixes #1508)
Matthew Wild <mwild1@gmail.com>
parents:
10659
diff
changeset
|
157 if actor_user and actor_host == host then -- Local user |
|
10633
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
158 roles = authz_provider.get_user_roles(actor_user); |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
159 else -- Remote user/JID |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
160 roles = authz_provider.get_jid_roles(jid); |
|
3030
2be7801474fb
usermanager: Fix for is_admin to work with the new auth provider architecture
Matthew Wild <mwild1@gmail.com>
parents:
2999
diff
changeset
|
161 end |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5377
diff
changeset
|
162 |
|
10640
5622eda7c5c5
usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents:
10635
diff
changeset
|
163 return roles; |
|
5622eda7c5c5
usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents:
10635
diff
changeset
|
164 end |
|
5622eda7c5c5
usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents:
10635
diff
changeset
|
165 |
|
11473
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
166 local function set_roles(jid, host, roles) |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
167 if host and not hosts[host] then return false; end |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
168 if type(jid) ~= "string" then return false; end |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
169 |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
170 jid = jid_bare(jid); |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
171 host = host or "*"; |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
172 |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
173 local actor_user, actor_host = jid_split(jid); |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
174 |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
175 local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
176 if actor_user and actor_host == host then -- Local user |
|
11898
89aa591bb895
usermanager: Fire user-roles-changed event when updating roles of a local user
Matthew Wild <mwild1@gmail.com>
parents:
11745
diff
changeset
|
177 local ok, err = authz_provider.set_user_roles(actor_user, roles); |
|
89aa591bb895
usermanager: Fire user-roles-changed event when updating roles of a local user
Matthew Wild <mwild1@gmail.com>
parents:
11745
diff
changeset
|
178 if ok then |
|
89aa591bb895
usermanager: Fire user-roles-changed event when updating roles of a local user
Matthew Wild <mwild1@gmail.com>
parents:
11745
diff
changeset
|
179 prosody.events.fire_event("user-roles-changed", { |
|
89aa591bb895
usermanager: Fire user-roles-changed event when updating roles of a local user
Matthew Wild <mwild1@gmail.com>
parents:
11745
diff
changeset
|
180 username = actor_user, host = actor_host |
|
89aa591bb895
usermanager: Fire user-roles-changed event when updating roles of a local user
Matthew Wild <mwild1@gmail.com>
parents:
11745
diff
changeset
|
181 }); |
|
89aa591bb895
usermanager: Fire user-roles-changed event when updating roles of a local user
Matthew Wild <mwild1@gmail.com>
parents:
11745
diff
changeset
|
182 end |
|
89aa591bb895
usermanager: Fire user-roles-changed event when updating roles of a local user
Matthew Wild <mwild1@gmail.com>
parents:
11745
diff
changeset
|
183 return ok, err; |
|
11473
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
184 else -- Remote entity |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
185 return authz_provider.set_jid_roles(jid, roles) |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
186 end |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
187 end |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
188 |
|
10640
5622eda7c5c5
usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents:
10635
diff
changeset
|
189 local function is_admin(jid, host) |
|
5622eda7c5c5
usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents:
10635
diff
changeset
|
190 local roles = get_roles(jid, host); |
|
10633
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
191 return roles and roles["prosody:admin"]; |
|
890
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
192 end |
|
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
193 |
|
11745
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
194 local function get_users_with_role(role, host) |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
195 if not hosts[host] then return false; end |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
196 if type(role) ~= "string" then return false; end |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
197 |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
198 return hosts[host].authz.get_users_with_role(role); |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
199 end |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
200 |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
201 local function get_jids_with_role(role, host) |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
202 if host and not hosts[host] then return false; end |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
203 if type(role) ~= "string" then return false; end |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
204 |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
205 host = host or "*"; |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
206 |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
207 local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
208 return authz_provider.get_jids_with_role(role); |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
209 end |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
210 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
211 return { |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
212 new_null_provider = new_null_provider; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
213 initialize_host = initialize_host; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
214 test_password = test_password; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
215 get_password = get_password; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
216 set_password = set_password; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
217 user_exists = user_exists; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
218 create_user = create_user; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
219 delete_user = delete_user; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
220 users = users; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
221 get_sasl_handler = get_sasl_handler; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
222 get_provider = get_provider; |
|
10640
5622eda7c5c5
usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents:
10635
diff
changeset
|
223 get_roles = get_roles; |
|
11473
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
224 set_roles = set_roles; |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
225 is_admin = is_admin; |
|
11745
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
226 get_users_with_role = get_users_with_role; |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
227 get_jids_with_role = get_jids_with_role; |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
228 }; |
