Software /
code /
prosody
Annotate
plugins/mod_watchregistrations.lua @ 12659:c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Goal: Introduce role-auth with minimal disruption
is_admin() is unsafe in a system with per-session permissions, so it has been
deprecated.
Roll-out approach:
1) First, log a warning when is_admin() is used. It should continue to
function normally, backed by the new role API. Nothing is really using
per-session authz yet, so there is minimal security concern.
The 'strict_deprecate_is_admin' global setting can be set to 'true' to
force a hard failure of is_admin() attempts (it will log an error and
always return false).
2) In some time (at least 1 week), but possibly longer depending on the number
of affected deployments: switch 'strict_deprecate_is_admin' to 'true' by
default. It can still be disabled for systems that need it.
3) Further in the future, before the next release, the option will be removed
and is_admin() will be permanently disabled.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Mon, 15 Aug 2022 15:25:07 +0100 |
parent | 8812:3d7fceaff230 |
child | 12977:74b9e05af71e |
rev | line source |
---|---|
1522
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1251
diff
changeset
|
1 -- Prosody IM |
2923
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
1654
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
1654
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5014
diff
changeset
|
4 -- |
1522
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1251
diff
changeset
|
5 -- This project is MIT/X11 licensed. Please see the |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1251
diff
changeset
|
6 -- COPYING file in the source package for more information. |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1251
diff
changeset
|
7 -- |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1251
diff
changeset
|
8 |
1201
9d5c1b2cf89c
mod_watchregistrations: New plugin to send a message to admins when a new user registers
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 |
9d5c1b2cf89c
mod_watchregistrations: New plugin to send a message to admins when a new user registers
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 local host = module:get_host(); |
4909
01bfb9a76660
mod_watchregistrations: Convert JID list to a set, and prep before use to fix traceback on invalid JIDs (thanks sMi)
Matthew Wild <mwild1@gmail.com>
parents:
4453
diff
changeset
|
11 local jid_prep = require "util.jid".prep; |
1201
9d5c1b2cf89c
mod_watchregistrations: New plugin to send a message to admins when a new user registers
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 |
4909
01bfb9a76660
mod_watchregistrations: Convert JID list to a set, and prep before use to fix traceback on invalid JIDs (thanks sMi)
Matthew Wild <mwild1@gmail.com>
parents:
4453
diff
changeset
|
13 local registration_watchers = module:get_option_set("registration_watchers", module:get_option("admins", {})) / jid_prep; |
7860
49ff363f3a3d
mod_watchregistrations: add a "registration_from" option
mathieui
parents:
7268
diff
changeset
|
14 local registration_from = module:get_option_string("registration_from", host); |
7268
29861845e0e0
mod_watchregistrations: Use type-specific config API for 'registration_notification'
Kim Alvefur <zash@zash.se>
parents:
5776
diff
changeset
|
15 local registration_notification = module:get_option_string("registration_notification", "User $username just registered on $host from $ip"); |
8812
3d7fceaff230
mod_watchregistrations: Allow making the message type configurable
Kim Alvefur <zash@zash.se>
parents:
8154
diff
changeset
|
16 local msg_type = module:get_option_string("registration_notification_type", "chat"); |
1201
9d5c1b2cf89c
mod_watchregistrations: New plugin to send a message to admins when a new user registers
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 |
9d5c1b2cf89c
mod_watchregistrations: New plugin to send a message to admins when a new user registers
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 local st = require "util.stanza"; |
9d5c1b2cf89c
mod_watchregistrations: New plugin to send a message to admins when a new user registers
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 |
4391
71083327f608
mod_watchregistrations: Update to pass default options to module:get_option(), and reformat the code a little
Matthew Wild <mwild1@gmail.com>
parents:
3540
diff
changeset
|
20 module:hook("user-registered", function (user) |
71083327f608
mod_watchregistrations: Update to pass default options to module:get_option(), and reformat the code a little
Matthew Wild <mwild1@gmail.com>
parents:
3540
diff
changeset
|
21 module:log("debug", "Notifying of new registration"); |
8812
3d7fceaff230
mod_watchregistrations: Allow making the message type configurable
Kim Alvefur <zash@zash.se>
parents:
8154
diff
changeset
|
22 local message = st.message{ type = msg_type, from = registration_from } |
4391
71083327f608
mod_watchregistrations: Update to pass default options to module:get_option(), and reformat the code a little
Matthew Wild <mwild1@gmail.com>
parents:
3540
diff
changeset
|
23 :tag("body") |
4453
7dc743378e1e
mod_watchregistrations: Fixed an undefined global access (thanks Medics).
Waqas Hussain <waqas20@gmail.com>
parents:
4391
diff
changeset
|
24 :text(registration_notification:gsub("%$(%w+)", function (v) |
4391
71083327f608
mod_watchregistrations: Update to pass default options to module:get_option(), and reformat the code a little
Matthew Wild <mwild1@gmail.com>
parents:
3540
diff
changeset
|
25 return user[v] or user.session and user.session[v] or nil; |
8152
8e26672df704
mod_watchregistrations: Return the pointer to the root of the stanza, fixes #922.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
5014
diff
changeset
|
26 end)) |
8e26672df704
mod_watchregistrations: Return the pointer to the root of the stanza, fixes #922.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
5014
diff
changeset
|
27 :up(); |
4909
01bfb9a76660
mod_watchregistrations: Convert JID list to a set, and prep before use to fix traceback on invalid JIDs (thanks sMi)
Matthew Wild <mwild1@gmail.com>
parents:
4453
diff
changeset
|
28 for jid in registration_watchers do |
4391
71083327f608
mod_watchregistrations: Update to pass default options to module:get_option(), and reformat the code a little
Matthew Wild <mwild1@gmail.com>
parents:
3540
diff
changeset
|
29 module:log("debug", "Notifying %s", jid); |
71083327f608
mod_watchregistrations: Update to pass default options to module:get_option(), and reformat the code a little
Matthew Wild <mwild1@gmail.com>
parents:
3540
diff
changeset
|
30 message.attr.to = jid; |
5014
b2006c1cfa85
mod_announce, mod_motd, mod_pubsub, mod_register, mod_watchregistrations, mod_welcome: Use module:send() instead of core_*_stanza()
Kim Alvefur <zash@zash.se>
parents:
4909
diff
changeset
|
31 module:send(message); |
4391
71083327f608
mod_watchregistrations: Update to pass default options to module:get_option(), and reformat the code a little
Matthew Wild <mwild1@gmail.com>
parents:
3540
diff
changeset
|
32 end |
71083327f608
mod_watchregistrations: Update to pass default options to module:get_option(), and reformat the code a little
Matthew Wild <mwild1@gmail.com>
parents:
3540
diff
changeset
|
33 end); |