Annotate

core/usermanager.lua @ 13255:df96af198222

tools: Reflect bash-ness of mod2spec in shebang Non-portable substitution syntax? Oh well.
author Kim Alvefur <zash@zash.se>
date Sat, 26 Aug 2023 15:10:58 +0200
parent 13169:7b6e7290265b
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1523
841d61be198f Remove version number from copyright headers
Matthew Wild <mwild1@gmail.com>
parents: 896
diff changeset
1 -- Prosody IM
2923
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 2032
diff changeset
2 -- Copyright (C) 2008-2010 Matthew Wild
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 2032
diff changeset
3 -- Copyright (C) 2008-2010 Waqas Hussain
1585
edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents: 1523
diff changeset
4 --
758
b1885732e979 GPL->MIT!
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
5 -- This project is MIT/X11 licensed. Please see the
b1885732e979 GPL->MIT!
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
6 -- COPYING file in the source package for more information.
519
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 449
diff changeset
7 --
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 449
diff changeset
8
12972
ead41e25ebc0 core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12920
diff changeset
9 local modulemanager = require "prosody.core.modulemanager";
ead41e25ebc0 core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12920
diff changeset
10 local log = require "prosody.util.logger".init("usermanager");
890
5b8da51b0843 usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents: 760
diff changeset
11 local type = type;
12972
ead41e25ebc0 core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12920
diff changeset
12 local jid_split = require "prosody.util.jid".split;
ead41e25ebc0 core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12920
diff changeset
13 local config = require "prosody.core.configmanager";
ead41e25ebc0 core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12920
diff changeset
14 local sasl_new = require "prosody.util.sasl".new;
ead41e25ebc0 core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12920
diff changeset
15 local storagemanager = require "prosody.core.storagemanager";
0
3e3171b59028 First commit, where do you want to go tomorrow?
matthew
parents:
diff changeset
16
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
17 local prosody = _G.prosody;
8717
9ddd0fbbe53a core: Use prosody.hosts instead of _G.hosts for consistency
Kim Alvefur <zash@zash.se>
parents: 8555
diff changeset
18 local hosts = prosody.hosts;
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
19
3161
73e93a48c0c1 Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents: 3160
diff changeset
20 local setmetatable = setmetatable;
73e93a48c0c1 Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents: 3160
diff changeset
21
12333
ed8a4f8dfd27 usermanager, mod_saslauth: Default to internal_hashed if no auth module specified
Matthew Wild <mwild1@gmail.com>
parents: 12020
diff changeset
22 local default_provider = "internal_hashed";
3180
99be525bcfb4 Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents: 3177
diff changeset
23
12659
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
24 local debug = debug;
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
25
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
26 local _ENV = nil;
8555
4f0f5b49bb03 vairious: Add annotation when an empty environment is set [luacheck]
Kim Alvefur <zash@zash.se>
parents: 8192
diff changeset
27 -- luacheck: std none
0
3e3171b59028 First commit, where do you want to go tomorrow?
matthew
parents:
diff changeset
28
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
29 local function new_null_provider()
3991
2b86d7705f4e usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents: 3982
diff changeset
30 local function dummy() return nil, "method not implemented"; end;
3362
90bf162303f3 usermanager: Return a non-nil SASL handler from the null auth provider (fixes a traceback).
Waqas Hussain <waqas20@gmail.com>
parents: 3336
diff changeset
31 local function dummy_get_sasl_handler() return sasl_new(nil, {}); end
3991
2b86d7705f4e usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents: 3982
diff changeset
32 return setmetatable({name = "null", get_sasl_handler = dummy_get_sasl_handler}, {
6663
d3023dd07cb6 portmanager, s2smanager, sessionmanager, stanza_router, storagemanager, usermanager, util.xml: Add luacheck annotations
Matthew Wild <mwild1@gmail.com>
parents: 6628
diff changeset
33 __index = function(self, method) return dummy; end --luacheck: ignore 212
3991
2b86d7705f4e usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents: 3982
diff changeset
34 });
3161
73e93a48c0c1 Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents: 3160
diff changeset
35 end
73e93a48c0c1 Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents: 3160
diff changeset
36
12658
7ca5645f46cd usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents: 12657
diff changeset
37 local fallback_authz_provider = {
12664
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
38 -- luacheck: ignore 212
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
39 get_jids_with_role = function (role) end;
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
40
12664
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
41 get_user_role = function (user) end;
12667
0278987b8687 core.usermanager: Update argument name in authz fallback method
Kim Alvefur <zash@zash.se>
parents: 12666
diff changeset
42 set_user_role = function (user, role_name) end;
12653
e4a412a54462 core.usermanager: Add missing stub authz methods to global authz provider
Kim Alvefur <zash@zash.se>
parents: 12648
diff changeset
43
12665
314bad8907fd core.usermanager: Add missing methods to fallback authz provider
Kim Alvefur <zash@zash.se>
parents: 12664
diff changeset
44 get_user_secondary_roles = function (user) end;
12664
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
45 add_user_secondary_role = function (user, host, role_name) end;
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
46 remove_user_secondary_role = function (user, host, role_name) end;
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
47
12665
314bad8907fd core.usermanager: Add missing methods to fallback authz provider
Kim Alvefur <zash@zash.se>
parents: 12664
diff changeset
48 user_can_assume_role = function(user, role_name) end;
314bad8907fd core.usermanager: Add missing methods to fallback authz provider
Kim Alvefur <zash@zash.se>
parents: 12664
diff changeset
49
12664
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
50 get_jid_role = function (jid) end;
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
51 set_jid_role = function (jid, role) end;
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
52
12664
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
53 get_users_with_role = function (role_name) end;
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
54 add_default_permission = function (role_name, action, policy) end;
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
55 get_role_by_name = function (role_name) end;
12920
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
56 get_all_roles = function () end;
10633
d1cc6af0fb97 usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents: 8717
diff changeset
57 };
d1cc6af0fb97 usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents: 8717
diff changeset
58
3992
73075b004e77 usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents: 3991
diff changeset
59 local provider_mt = { __index = new_null_provider() };
73075b004e77 usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents: 3991
diff changeset
60
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
61 local function initialize_host(host)
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
62 local host_session = hosts[host];
10634
c9e1cb7a38b8 usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents: 10633
diff changeset
63
10659
8f95308c3c45 usermanager, mod_authz_*: Merge mod_authz_config and mod_authz_internal into the latter
Matthew Wild <mwild1@gmail.com>
parents: 10640
diff changeset
64 local authz_provider_name = config.get(host, "authorization") or "internal";
10634
c9e1cb7a38b8 usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents: 10633
diff changeset
65
c9e1cb7a38b8 usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents: 10633
diff changeset
66 local authz_mod = modulemanager.load(host, "authz_"..authz_provider_name);
12658
7ca5645f46cd usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents: 12657
diff changeset
67 host_session.authz = authz_mod or fallback_authz_provider;
10634
c9e1cb7a38b8 usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents: 10633
diff changeset
68
3612
5547acd18a9f usermanager: Don't load auth modules for components.
Waqas Hussain <waqas20@gmail.com>
parents: 3608
diff changeset
69 if host_session.type ~= "local" then return; end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5377
diff changeset
70
3163
a23168cc4af5 Working defaultauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3161
diff changeset
71 host_session.events.add_handler("item-added/auth-provider", function (event)
a23168cc4af5 Working defaultauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3161
diff changeset
72 local provider = event.item;
5377
898454038524 core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents: 5157
diff changeset
73 local auth_provider = config.get(host, "authentication") or default_provider;
898454038524 core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents: 5157
diff changeset
74 if config.get(host, "anonymous_login") then
4773
ee55956597f4 usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents: 4459
diff changeset
75 log("error", "Deprecated config option 'anonymous_login'. Use authentication = 'anonymous' instead.");
ee55956597f4 usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents: 4459
diff changeset
76 auth_provider = "anonymous";
ee55956597f4 usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents: 4459
diff changeset
77 end -- COMPAT 0.7
3180
99be525bcfb4 Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents: 3177
diff changeset
78 if provider.name == auth_provider then
3992
73075b004e77 usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents: 3991
diff changeset
79 host_session.users = setmetatable(provider, provider_mt);
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
80 end
3164
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents: 3163
diff changeset
81 if host_session.users ~= nil and host_session.users.name ~= nil then
6628
8495734da243 usermanager: Capitalize log message
Kim Alvefur <zash@zash.se>
parents: 5795
diff changeset
82 log("debug", "Host '%s' now set to use user provider '%s'", host, host_session.users.name);
3163
a23168cc4af5 Working defaultauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3161
diff changeset
83 end
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
84 end);
3163
a23168cc4af5 Working defaultauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3161
diff changeset
85 host_session.events.add_handler("item-removed/auth-provider", function (event)
a23168cc4af5 Working defaultauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3161
diff changeset
86 local provider = event.item;
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
87 if host_session.users == provider then
3161
73e93a48c0c1 Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents: 3160
diff changeset
88 host_session.users = new_null_provider();
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
89 end
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
90 end);
3540
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3466
diff changeset
91 host_session.users = new_null_provider(); -- Start with the default usermanager provider
5377
898454038524 core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents: 5157
diff changeset
92 local auth_provider = config.get(host, "authentication") or default_provider;
898454038524 core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents: 5157
diff changeset
93 if config.get(host, "anonymous_login") then auth_provider = "anonymous"; end -- COMPAT 0.7
3540
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3466
diff changeset
94 if auth_provider ~= "null" then
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3466
diff changeset
95 modulemanager.load(host, "auth_"..auth_provider);
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3466
diff changeset
96 end
10633
d1cc6af0fb97 usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents: 8717
diff changeset
97
3176
f77759710324 usermanager: Add hunk that got missed in a merge
Matthew Wild <mwild1@gmail.com>
parents: 3167
diff changeset
98 end;
3293
4ce9d569a99c usermanager: Expose host_handler() as initialize_host()
Matthew Wild <mwild1@gmail.com>
parents: 3285
diff changeset
99 prosody.events.add_handler("host-activated", initialize_host, 100);
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
100
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
101 local function test_password(username, host, password)
3158
3d42e0092888 Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents: 3053
diff changeset
102 return hosts[host].users.test_password(username, password);
0
3e3171b59028 First commit, where do you want to go tomorrow?
matthew
parents:
diff changeset
103 end
38
Matthew Wild <mwild1@gmail.com>
parents: 0
diff changeset
104
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
105 local function get_password(username, host)
3158
3d42e0092888 Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents: 3053
diff changeset
106 return hosts[host].users.get_password(username);
1585
edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents: 1523
diff changeset
107 end
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
108
8192
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
109 local function set_password(username, password, host, resource)
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
110 local ok, err = hosts[host].users.set_password(username, password);
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
111 if ok then
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
112 prosody.events.fire_event("user-password-changed", { username = username, host = host, resource = resource });
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
113 end
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
114 return ok, err;
2934
060bb8217fea usermanager: Added function set_password.
Waqas Hussain <waqas20@gmail.com>
parents: 2929
diff changeset
115 end
1585
edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents: 1523
diff changeset
116
12646
3f38f4735c7a usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents: 12642
diff changeset
117 local function get_account_info(username, host)
3f38f4735c7a usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents: 12642
diff changeset
118 local method = hosts[host].users.get_account_info;
12993
623fbb5f9b05 core.usermanager: Correct formatting of not implemented error
Kim Alvefur <zash@zash.se>
parents: 12972
diff changeset
119 if not method then return nil, "method not supported"; end
12646
3f38f4735c7a usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents: 12642
diff changeset
120 return method(username);
3f38f4735c7a usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents: 12642
diff changeset
121 end
3f38f4735c7a usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents: 12642
diff changeset
122
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
123 local function user_exists(username, host)
7177
1295e14614f4 usermanager: Shortcircuit user existence check if they have existing sessions
Kim Alvefur <zash@zash.se>
parents: 6979
diff changeset
124 if hosts[host].sessions[username] then return true; end
3158
3d42e0092888 Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents: 3053
diff changeset
125 return hosts[host].users.user_exists(username);
60
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents: 53
diff changeset
126 end
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents: 53
diff changeset
127
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
128 local function create_user(username, password, host)
3158
3d42e0092888 Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents: 3053
diff changeset
129 return hosts[host].users.create_user(username, password);
60
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents: 53
diff changeset
130 end
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents: 53
diff changeset
131
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
132 local function delete_user(username, host)
5042
ce823b32225e usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents: 4943
diff changeset
133 local ok, err = hosts[host].users.delete_user(username);
ce823b32225e usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents: 4943
diff changeset
134 if not ok then return nil, err; end
5094
e646c849d72f core.usermanager: Don't close sessions ourselves when deleting users. Instead, fire an event that modules can hook.
Kim Alvefur <zash@zash.se>
parents: 5042
diff changeset
135 prosody.events.fire_event("user-deleted", { username = username, host = host });
5129
e8253c931166 storagemanager: Add purge() for purging user data from all backends in use
Kim Alvefur <zash@zash.se>
parents: 5094
diff changeset
136 return storagemanager.purge(username, host);
3993
b71e5ecc694b usermanager: Add delete_user method
Matthew Wild <mwild1@gmail.com>
parents: 3992
diff changeset
137 end
b71e5ecc694b usermanager: Add delete_user method
Matthew Wild <mwild1@gmail.com>
parents: 3992
diff changeset
138
12905
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
139 local function user_is_enabled(username, host)
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
140 local method = hosts[host].users.is_enabled;
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
141 if method then return method(username); end
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
142
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
143 -- Fallback
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
144 local info, err = get_account_info(username, host);
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
145 if info and info.enabled ~= nil then
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
146 return info.enabled;
12993
623fbb5f9b05 core.usermanager: Correct formatting of not implemented error
Kim Alvefur <zash@zash.se>
parents: 12972
diff changeset
147 elseif err ~= "method not implemented" then
12905
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
148 -- Storage issues etetc
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
149 return info, err;
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
150 end
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
151
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
152 -- API unsupported implies users are always enabled
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
153 return true;
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
154 end
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
155
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
156 local function enable_user(username, host)
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
157 local method = hosts[host].users.enable;
12993
623fbb5f9b05 core.usermanager: Correct formatting of not implemented error
Kim Alvefur <zash@zash.se>
parents: 12972
diff changeset
158 if not method then return nil, "method not supported"; end
12906
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
159 local ret, err = method(username);
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
160 if ret then
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
161 prosody.events.fire_event("user-enabled", { username = username, host = host });
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
162 end
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
163 return ret, err;
12905
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
164 end
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
165
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
166 local function disable_user(username, host)
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
167 local method = hosts[host].users.disable;
12993
623fbb5f9b05 core.usermanager: Correct formatting of not implemented error
Kim Alvefur <zash@zash.se>
parents: 12972
diff changeset
168 if not method then return nil, "method not supported"; end
12906
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
169 local ret, err = method(username);
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
170 if ret then
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
171 prosody.events.fire_event("user-disabled", { username = username, host = host });
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
172 end
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
173 return ret, err;
12905
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
174 end
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
175
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
176 local function users(host)
5157
0e1686f334b8 usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents: 5129
diff changeset
177 return hosts[host].users.users();
0e1686f334b8 usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents: 5129
diff changeset
178 end
0e1686f334b8 usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents: 5129
diff changeset
179
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
180 local function get_sasl_handler(host, session)
4943
50f63f07245f usermanager: Pass session on to auth provider (missing half of commit 0545a574667b) (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents: 4773
diff changeset
181 return hosts[host].users.get_sasl_handler(session);
228
875842235836 Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents: 60
diff changeset
182 end
875842235836 Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents: 60
diff changeset
183
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
184 local function get_provider(host)
3167
546695e80e0a Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3166
diff changeset
185 return hosts[host].users;
546695e80e0a Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3166
diff changeset
186 end
546695e80e0a Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3166
diff changeset
187
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
188 local function get_user_role(user, host)
4237
6b0d7d94eb7f usermanager: Check host exists before trying to look up admins for it
Matthew Wild <mwild1@gmail.com>
parents: 3993
diff changeset
189 if host and not hosts[host] then return false; end
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
190 if type(user) ~= "string" then return false; end
4237
6b0d7d94eb7f usermanager: Check host exists before trying to look up admins for it
Matthew Wild <mwild1@gmail.com>
parents: 3993
diff changeset
191
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
192 return hosts[host].authz.get_user_role(user);
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
193 end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
194
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
195 local function set_user_role(user, host, role_name)
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
196 if host and not hosts[host] then return false; end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
197 if type(user) ~= "string" then return false; end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
198
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
199 local role, err = hosts[host].authz.set_user_role(user, role_name);
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
200 if role then
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
201 prosody.events.fire_event("user-role-changed", {
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
202 username = user, host = host, role = role;
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
203 });
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
204 end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
205 return role, err;
10640
5622eda7c5c5 usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents: 10635
diff changeset
206 end
5622eda7c5c5 usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents: 10635
diff changeset
207
13169
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
208 local function create_user_with_role(username, password, host, role)
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
209 local ok, err = create_user(username, nil, host);
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
210 if not ok then return ok, err; end
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
211
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
212 local role_ok, role_err = set_user_role(username, host, role);
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
213 if not role_ok then
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
214 delete_user(username, host);
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
215 return nil, "Failed to assign role: "..role_err;
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
216 end
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
217
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
218 if password then
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
219 local pw_ok, pw_err = set_password(username, password, host);
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
220 if not pw_ok then
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
221 return nil, "Failed to set password: "..pw_err;
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
222 end
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
223
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
224 local enable_ok, enable_err = enable_user(username, host);
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
225 if not enable_ok and enable_err ~= "method not implemented" then
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
226 return enable_ok, "Failed to enable account: "..enable_err;
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
227 end
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
228 end
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
229
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
230 return true;
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
231 end
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
232
12663
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
233 local function user_can_assume_role(user, host, role_name)
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
234 if host and not hosts[host] then return false; end
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
235 if type(user) ~= "string" then return false; end
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
236
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
237 return hosts[host].authz.user_can_assume_role(user, role_name);
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
238 end
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
239
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
240 local function add_user_secondary_role(user, host, role_name)
11473
afe80b64e209 usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents: 10695
diff changeset
241 if host and not hosts[host] then return false; end
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
242 if type(user) ~= "string" then return false; end
11473
afe80b64e209 usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents: 10695
diff changeset
243
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
244 local role, err = hosts[host].authz.add_user_secondary_role(user, role_name);
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
245 if role then
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
246 prosody.events.fire_event("user-role-added", {
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
247 username = user, host = host, role = role;
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
248 });
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
249 end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
250 return role, err;
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
251 end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
252
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
253 local function remove_user_secondary_role(user, host, role_name)
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
254 if host and not hosts[host] then return false; end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
255 if type(user) ~= "string" then return false; end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
256
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
257 local ok, err = hosts[host].authz.remove_user_secondary_role(user, role_name);
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
258 if ok then
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
259 prosody.events.fire_event("user-role-removed", {
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
260 username = user, host = host, role_name = role_name;
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
261 });
11473
afe80b64e209 usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents: 10695
diff changeset
262 end
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
263 return ok, err;
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
264 end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
265
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
266 local function get_user_secondary_roles(user, host)
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
267 if host and not hosts[host] then return false; end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
268 if type(user) ~= "string" then return false; end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
269
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
270 return hosts[host].authz.get_user_secondary_roles(user);
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
271 end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
272
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
273 local function get_jid_role(jid, host)
12654
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
274 local jid_node, jid_host = jid_split(jid);
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
275 if host == jid_host and jid_node then
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
276 return hosts[host].authz.get_user_role(jid_node);
12654
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
277 end
12658
7ca5645f46cd usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents: 12657
diff changeset
278 return hosts[host].authz.get_jid_role(jid);
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
279 end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
280
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
281 local function set_jid_role(jid, host, role_name)
12654
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
282 local _, jid_host = jid_split(jid);
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
283 if host == jid_host then
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
284 return nil, "unexpected-local-jid";
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
285 end
12658
7ca5645f46cd usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents: 12657
diff changeset
286 return hosts[host].authz.set_jid_role(jid, role_name)
11473
afe80b64e209 usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents: 10695
diff changeset
287 end
afe80b64e209 usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents: 10695
diff changeset
288
12659
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
289 local strict_deprecate_is_admin;
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
290 local legacy_admin_roles = { ["prosody:admin"] = true, ["prosody:operator"] = true };
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
291 local function is_admin(jid, host)
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
292 if strict_deprecate_is_admin == nil then
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
293 strict_deprecate_is_admin = (config.get("*", "strict_deprecate_is_admin") == true);
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
294 end
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
295 if strict_deprecate_is_admin then
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
296 log("error", "Attempt to use deprecated is_admin() API: %s", debug.traceback());
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
297 return false;
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
298 end
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
299 log("warn", "Usage of legacy is_admin() API, which will be disabled in a future build: %s", debug.traceback());
12683
75f0c69eba71 core.usermanager: Link to docs for new role API to make warning more actionable
Kim Alvefur <zash@zash.se>
parents: 12667
diff changeset
300 log("warn", "See https://prosody.im/doc/developers/permissions about the new permissions API");
12659
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
301 return legacy_admin_roles[get_jid_role(jid, host)] or false;
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
302 end
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
303
11745
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
304 local function get_users_with_role(role, host)
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
305 if not hosts[host] then return false; end
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
306 if type(role) ~= "string" then return false; end
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
307 return hosts[host].authz.get_users_with_role(role);
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
308 end
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
309
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
310 local function get_jids_with_role(role, host)
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
311 if host and not hosts[host] then return false; end
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
312 if type(role) ~= "string" then return false; end
12658
7ca5645f46cd usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents: 12657
diff changeset
313 return hosts[host].authz.get_jids_with_role(role);
11745
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
314 end
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
315
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
316 local function get_role_by_name(role_name, host)
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
317 if host and not hosts[host] then return false; end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
318 if type(role_name) ~= "string" then return false; end
12658
7ca5645f46cd usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents: 12657
diff changeset
319 return hosts[host].authz.get_role_by_name(role_name);
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
320 end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
321
12920
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
322 local function get_all_roles(host)
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
323 if host and not hosts[host] then return false; end
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
324 return hosts[host].authz.get_all_roles();
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
325 end
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
326
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
327 return {
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
328 new_null_provider = new_null_provider;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
329 initialize_host = initialize_host;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
330 test_password = test_password;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
331 get_password = get_password;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
332 set_password = set_password;
12646
3f38f4735c7a usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents: 12642
diff changeset
333 get_account_info = get_account_info;
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
334 user_exists = user_exists;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
335 create_user = create_user;
13169
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
336 create_user_with_role = create_user_with_role;
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
337 delete_user = delete_user;
12905
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
338 user_is_enabled = user_is_enabled;
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
339 enable_user = enable_user;
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
340 disable_user = disable_user;
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
341 users = users;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
342 get_sasl_handler = get_sasl_handler;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
343 get_provider = get_provider;
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
344 get_user_role = get_user_role;
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
345 set_user_role = set_user_role;
12663
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
346 user_can_assume_role = user_can_assume_role;
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
347 add_user_secondary_role = add_user_secondary_role;
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
348 remove_user_secondary_role = remove_user_secondary_role;
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
349 get_user_secondary_roles = get_user_secondary_roles;
11745
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
350 get_users_with_role = get_users_with_role;
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
351 get_jid_role = get_jid_role;
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
352 set_jid_role = set_jid_role;
11745
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
353 get_jids_with_role = get_jids_with_role;
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
354 get_role_by_name = get_role_by_name;
12920
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
355 get_all_roles = get_all_roles;
12659
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
356
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
357 -- Deprecated
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
358 is_admin = is_admin;
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
359 };