Software /
code /
prosody
Annotate
core/usermanager.lua @ 13255:df96af198222
tools: Reflect bash-ness of mod2spec in shebang
Non-portable substitution syntax? Oh well.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 26 Aug 2023 15:10:58 +0200 |
parent | 13169:7b6e7290265b |
rev | line source |
---|---|
1523
841d61be198f
Remove version number from copyright headers
Matthew Wild <mwild1@gmail.com>
parents:
896
diff
changeset
|
1 -- Prosody IM |
2923
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
2032
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
2032
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1523
diff
changeset
|
4 -- |
758 | 5 -- This project is MIT/X11 licensed. Please see the |
6 -- COPYING file in the source package for more information. | |
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
449
diff
changeset
|
7 -- |
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
449
diff
changeset
|
8 |
12972
ead41e25ebc0
core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12920
diff
changeset
|
9 local modulemanager = require "prosody.core.modulemanager"; |
ead41e25ebc0
core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12920
diff
changeset
|
10 local log = require "prosody.util.logger".init("usermanager"); |
890
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
11 local type = type; |
12972
ead41e25ebc0
core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12920
diff
changeset
|
12 local jid_split = require "prosody.util.jid".split; |
ead41e25ebc0
core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12920
diff
changeset
|
13 local config = require "prosody.core.configmanager"; |
ead41e25ebc0
core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12920
diff
changeset
|
14 local sasl_new = require "prosody.util.sasl".new; |
ead41e25ebc0
core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12920
diff
changeset
|
15 local storagemanager = require "prosody.core.storagemanager"; |
0 | 16 |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
17 local prosody = _G.prosody; |
8717
9ddd0fbbe53a
core: Use prosody.hosts instead of _G.hosts for consistency
Kim Alvefur <zash@zash.se>
parents:
8555
diff
changeset
|
18 local hosts = prosody.hosts; |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
19 |
3161
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
20 local setmetatable = setmetatable; |
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
21 |
12333
ed8a4f8dfd27
usermanager, mod_saslauth: Default to internal_hashed if no auth module specified
Matthew Wild <mwild1@gmail.com>
parents:
12020
diff
changeset
|
22 local default_provider = "internal_hashed"; |
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
23 |
12659
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
24 local debug = debug; |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
25 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
26 local _ENV = nil; |
8555
4f0f5b49bb03
vairious: Add annotation when an empty environment is set [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8192
diff
changeset
|
27 -- luacheck: std none |
0 | 28 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
29 local function new_null_provider() |
3991
2b86d7705f4e
usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents:
3982
diff
changeset
|
30 local function dummy() return nil, "method not implemented"; end; |
3362
90bf162303f3
usermanager: Return a non-nil SASL handler from the null auth provider (fixes a traceback).
Waqas Hussain <waqas20@gmail.com>
parents:
3336
diff
changeset
|
31 local function dummy_get_sasl_handler() return sasl_new(nil, {}); end |
3991
2b86d7705f4e
usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents:
3982
diff
changeset
|
32 return setmetatable({name = "null", get_sasl_handler = dummy_get_sasl_handler}, { |
6663
d3023dd07cb6
portmanager, s2smanager, sessionmanager, stanza_router, storagemanager, usermanager, util.xml: Add luacheck annotations
Matthew Wild <mwild1@gmail.com>
parents:
6628
diff
changeset
|
33 __index = function(self, method) return dummy; end --luacheck: ignore 212 |
3991
2b86d7705f4e
usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents:
3982
diff
changeset
|
34 }); |
3161
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
35 end |
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
36 |
12658
7ca5645f46cd
usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents:
12657
diff
changeset
|
37 local fallback_authz_provider = { |
12664
05d5f25a3c61
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents:
12663
diff
changeset
|
38 -- luacheck: ignore 212 |
05d5f25a3c61
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents:
12663
diff
changeset
|
39 get_jids_with_role = function (role) end; |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
40 |
12664
05d5f25a3c61
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents:
12663
diff
changeset
|
41 get_user_role = function (user) end; |
12667
0278987b8687
core.usermanager: Update argument name in authz fallback method
Kim Alvefur <zash@zash.se>
parents:
12666
diff
changeset
|
42 set_user_role = function (user, role_name) end; |
12653
e4a412a54462
core.usermanager: Add missing stub authz methods to global authz provider
Kim Alvefur <zash@zash.se>
parents:
12648
diff
changeset
|
43 |
12665
314bad8907fd
core.usermanager: Add missing methods to fallback authz provider
Kim Alvefur <zash@zash.se>
parents:
12664
diff
changeset
|
44 get_user_secondary_roles = function (user) end; |
12664
05d5f25a3c61
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents:
12663
diff
changeset
|
45 add_user_secondary_role = function (user, host, role_name) end; |
05d5f25a3c61
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents:
12663
diff
changeset
|
46 remove_user_secondary_role = function (user, host, role_name) end; |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
47 |
12665
314bad8907fd
core.usermanager: Add missing methods to fallback authz provider
Kim Alvefur <zash@zash.se>
parents:
12664
diff
changeset
|
48 user_can_assume_role = function(user, role_name) end; |
314bad8907fd
core.usermanager: Add missing methods to fallback authz provider
Kim Alvefur <zash@zash.se>
parents:
12664
diff
changeset
|
49 |
12664
05d5f25a3c61
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents:
12663
diff
changeset
|
50 get_jid_role = function (jid) end; |
05d5f25a3c61
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents:
12663
diff
changeset
|
51 set_jid_role = function (jid, role) end; |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
52 |
12664
05d5f25a3c61
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents:
12663
diff
changeset
|
53 get_users_with_role = function (role_name) end; |
05d5f25a3c61
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents:
12663
diff
changeset
|
54 add_default_permission = function (role_name, action, policy) end; |
05d5f25a3c61
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents:
12663
diff
changeset
|
55 get_role_by_name = function (role_name) end; |
12920
cdb996637b08
authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents:
12906
diff
changeset
|
56 get_all_roles = function () end; |
10633
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
57 }; |
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
58 |
3992
73075b004e77
usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents:
3991
diff
changeset
|
59 local provider_mt = { __index = new_null_provider() }; |
73075b004e77
usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents:
3991
diff
changeset
|
60 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
61 local function initialize_host(host) |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
62 local host_session = hosts[host]; |
10634
c9e1cb7a38b8
usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents:
10633
diff
changeset
|
63 |
10659
8f95308c3c45
usermanager, mod_authz_*: Merge mod_authz_config and mod_authz_internal into the latter
Matthew Wild <mwild1@gmail.com>
parents:
10640
diff
changeset
|
64 local authz_provider_name = config.get(host, "authorization") or "internal"; |
10634
c9e1cb7a38b8
usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents:
10633
diff
changeset
|
65 |
c9e1cb7a38b8
usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents:
10633
diff
changeset
|
66 local authz_mod = modulemanager.load(host, "authz_"..authz_provider_name); |
12658
7ca5645f46cd
usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents:
12657
diff
changeset
|
67 host_session.authz = authz_mod or fallback_authz_provider; |
10634
c9e1cb7a38b8
usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents:
10633
diff
changeset
|
68 |
3612
5547acd18a9f
usermanager: Don't load auth modules for components.
Waqas Hussain <waqas20@gmail.com>
parents:
3608
diff
changeset
|
69 if host_session.type ~= "local" then return; end |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5377
diff
changeset
|
70 |
3163 | 71 host_session.events.add_handler("item-added/auth-provider", function (event) |
72 local provider = event.item; | |
5377
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
73 local auth_provider = config.get(host, "authentication") or default_provider; |
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
74 if config.get(host, "anonymous_login") then |
4773
ee55956597f4
usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents:
4459
diff
changeset
|
75 log("error", "Deprecated config option 'anonymous_login'. Use authentication = 'anonymous' instead."); |
ee55956597f4
usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents:
4459
diff
changeset
|
76 auth_provider = "anonymous"; |
ee55956597f4
usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents:
4459
diff
changeset
|
77 end -- COMPAT 0.7 |
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
78 if provider.name == auth_provider then |
3992
73075b004e77
usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents:
3991
diff
changeset
|
79 host_session.users = setmetatable(provider, provider_mt); |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
80 end |
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
3163
diff
changeset
|
81 if host_session.users ~= nil and host_session.users.name ~= nil then |
6628
8495734da243
usermanager: Capitalize log message
Kim Alvefur <zash@zash.se>
parents:
5795
diff
changeset
|
82 log("debug", "Host '%s' now set to use user provider '%s'", host, host_session.users.name); |
3163 | 83 end |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
84 end); |
3163 | 85 host_session.events.add_handler("item-removed/auth-provider", function (event) |
86 local provider = event.item; | |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
87 if host_session.users == provider then |
3161
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
88 host_session.users = new_null_provider(); |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
89 end |
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
90 end); |
3540
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3466
diff
changeset
|
91 host_session.users = new_null_provider(); -- Start with the default usermanager provider |
5377
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
92 local auth_provider = config.get(host, "authentication") or default_provider; |
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
93 if config.get(host, "anonymous_login") then auth_provider = "anonymous"; end -- COMPAT 0.7 |
3540
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3466
diff
changeset
|
94 if auth_provider ~= "null" then |
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3466
diff
changeset
|
95 modulemanager.load(host, "auth_"..auth_provider); |
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3466
diff
changeset
|
96 end |
10633
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
97 |
3176
f77759710324
usermanager: Add hunk that got missed in a merge
Matthew Wild <mwild1@gmail.com>
parents:
3167
diff
changeset
|
98 end; |
3293
4ce9d569a99c
usermanager: Expose host_handler() as initialize_host()
Matthew Wild <mwild1@gmail.com>
parents:
3285
diff
changeset
|
99 prosody.events.add_handler("host-activated", initialize_host, 100); |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
100 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
101 local function test_password(username, host, password) |
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
102 return hosts[host].users.test_password(username, password); |
0 | 103 end |
38 | 104 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
105 local function get_password(username, host) |
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
106 return hosts[host].users.get_password(username); |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1523
diff
changeset
|
107 end |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
108 |
8192
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
109 local function set_password(username, password, host, resource) |
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
110 local ok, err = hosts[host].users.set_password(username, password); |
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
111 if ok then |
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
112 prosody.events.fire_event("user-password-changed", { username = username, host = host, resource = resource }); |
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
113 end |
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
114 return ok, err; |
2934
060bb8217fea
usermanager: Added function set_password.
Waqas Hussain <waqas20@gmail.com>
parents:
2929
diff
changeset
|
115 end |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1523
diff
changeset
|
116 |
12646
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
12642
diff
changeset
|
117 local function get_account_info(username, host) |
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
12642
diff
changeset
|
118 local method = hosts[host].users.get_account_info; |
12993
623fbb5f9b05
core.usermanager: Correct formatting of not implemented error
Kim Alvefur <zash@zash.se>
parents:
12972
diff
changeset
|
119 if not method then return nil, "method not supported"; end |
12646
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
12642
diff
changeset
|
120 return method(username); |
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
12642
diff
changeset
|
121 end |
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
12642
diff
changeset
|
122 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
123 local function user_exists(username, host) |
7177
1295e14614f4
usermanager: Shortcircuit user existence check if they have existing sessions
Kim Alvefur <zash@zash.se>
parents:
6979
diff
changeset
|
124 if hosts[host].sessions[username] then return true; end |
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
125 return hosts[host].users.user_exists(username); |
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
126 end |
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
127 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
128 local function create_user(username, password, host) |
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
129 return hosts[host].users.create_user(username, password); |
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
130 end |
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
131 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
132 local function delete_user(username, host) |
5042
ce823b32225e
usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents:
4943
diff
changeset
|
133 local ok, err = hosts[host].users.delete_user(username); |
ce823b32225e
usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents:
4943
diff
changeset
|
134 if not ok then return nil, err; end |
5094
e646c849d72f
core.usermanager: Don't close sessions ourselves when deleting users. Instead, fire an event that modules can hook.
Kim Alvefur <zash@zash.se>
parents:
5042
diff
changeset
|
135 prosody.events.fire_event("user-deleted", { username = username, host = host }); |
5129
e8253c931166
storagemanager: Add purge() for purging user data from all backends in use
Kim Alvefur <zash@zash.se>
parents:
5094
diff
changeset
|
136 return storagemanager.purge(username, host); |
3993
b71e5ecc694b
usermanager: Add delete_user method
Matthew Wild <mwild1@gmail.com>
parents:
3992
diff
changeset
|
137 end |
b71e5ecc694b
usermanager: Add delete_user method
Matthew Wild <mwild1@gmail.com>
parents:
3992
diff
changeset
|
138 |
12905
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
139 local function user_is_enabled(username, host) |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
140 local method = hosts[host].users.is_enabled; |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
141 if method then return method(username); end |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
142 |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
143 -- Fallback |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
144 local info, err = get_account_info(username, host); |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
145 if info and info.enabled ~= nil then |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
146 return info.enabled; |
12993
623fbb5f9b05
core.usermanager: Correct formatting of not implemented error
Kim Alvefur <zash@zash.se>
parents:
12972
diff
changeset
|
147 elseif err ~= "method not implemented" then |
12905
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
148 -- Storage issues etetc |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
149 return info, err; |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
150 end |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
151 |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
152 -- API unsupported implies users are always enabled |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
153 return true; |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
154 end |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
155 |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
156 local function enable_user(username, host) |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
157 local method = hosts[host].users.enable; |
12993
623fbb5f9b05
core.usermanager: Correct formatting of not implemented error
Kim Alvefur <zash@zash.se>
parents:
12972
diff
changeset
|
158 if not method then return nil, "method not supported"; end |
12906
e282c92ded0e
core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12905
diff
changeset
|
159 local ret, err = method(username); |
e282c92ded0e
core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12905
diff
changeset
|
160 if ret then |
e282c92ded0e
core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12905
diff
changeset
|
161 prosody.events.fire_event("user-enabled", { username = username, host = host }); |
e282c92ded0e
core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12905
diff
changeset
|
162 end |
e282c92ded0e
core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12905
diff
changeset
|
163 return ret, err; |
12905
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
164 end |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
165 |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
166 local function disable_user(username, host) |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
167 local method = hosts[host].users.disable; |
12993
623fbb5f9b05
core.usermanager: Correct formatting of not implemented error
Kim Alvefur <zash@zash.se>
parents:
12972
diff
changeset
|
168 if not method then return nil, "method not supported"; end |
12906
e282c92ded0e
core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12905
diff
changeset
|
169 local ret, err = method(username); |
e282c92ded0e
core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12905
diff
changeset
|
170 if ret then |
e282c92ded0e
core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12905
diff
changeset
|
171 prosody.events.fire_event("user-disabled", { username = username, host = host }); |
e282c92ded0e
core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12905
diff
changeset
|
172 end |
e282c92ded0e
core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12905
diff
changeset
|
173 return ret, err; |
12905
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
174 end |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
175 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
176 local function users(host) |
5157
0e1686f334b8
usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5129
diff
changeset
|
177 return hosts[host].users.users(); |
0e1686f334b8
usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5129
diff
changeset
|
178 end |
0e1686f334b8
usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5129
diff
changeset
|
179 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
180 local function get_sasl_handler(host, session) |
4943
50f63f07245f
usermanager: Pass session on to auth provider (missing half of commit 0545a574667b) (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
4773
diff
changeset
|
181 return hosts[host].users.get_sasl_handler(session); |
228
875842235836
Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents:
60
diff
changeset
|
182 end |
875842235836
Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents:
60
diff
changeset
|
183 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
184 local function get_provider(host) |
3167
546695e80e0a
Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents:
3166
diff
changeset
|
185 return hosts[host].users; |
546695e80e0a
Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents:
3166
diff
changeset
|
186 end |
546695e80e0a
Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents:
3166
diff
changeset
|
187 |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
188 local function get_user_role(user, host) |
4237
6b0d7d94eb7f
usermanager: Check host exists before trying to look up admins for it
Matthew Wild <mwild1@gmail.com>
parents:
3993
diff
changeset
|
189 if host and not hosts[host] then return false; end |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
190 if type(user) ~= "string" then return false; end |
4237
6b0d7d94eb7f
usermanager: Check host exists before trying to look up admins for it
Matthew Wild <mwild1@gmail.com>
parents:
3993
diff
changeset
|
191 |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
192 return hosts[host].authz.get_user_role(user); |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
193 end |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
194 |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
195 local function set_user_role(user, host, role_name) |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
196 if host and not hosts[host] then return false; end |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
197 if type(user) ~= "string" then return false; end |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
198 |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
199 local role, err = hosts[host].authz.set_user_role(user, role_name); |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
200 if role then |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
201 prosody.events.fire_event("user-role-changed", { |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
202 username = user, host = host, role = role; |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
203 }); |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
204 end |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
205 return role, err; |
10640
5622eda7c5c5
usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents:
10635
diff
changeset
|
206 end |
5622eda7c5c5
usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents:
10635
diff
changeset
|
207 |
13169
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
208 local function create_user_with_role(username, password, host, role) |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
209 local ok, err = create_user(username, nil, host); |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
210 if not ok then return ok, err; end |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
211 |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
212 local role_ok, role_err = set_user_role(username, host, role); |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
213 if not role_ok then |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
214 delete_user(username, host); |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
215 return nil, "Failed to assign role: "..role_err; |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
216 end |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
217 |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
218 if password then |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
219 local pw_ok, pw_err = set_password(username, password, host); |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
220 if not pw_ok then |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
221 return nil, "Failed to set password: "..pw_err; |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
222 end |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
223 |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
224 local enable_ok, enable_err = enable_user(username, host); |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
225 if not enable_ok and enable_err ~= "method not implemented" then |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
226 return enable_ok, "Failed to enable account: "..enable_err; |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
227 end |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
228 end |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
229 |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
230 return true; |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
231 end |
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
232 |
12663
cf88f6b03942
mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents:
12662
diff
changeset
|
233 local function user_can_assume_role(user, host, role_name) |
cf88f6b03942
mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents:
12662
diff
changeset
|
234 if host and not hosts[host] then return false; end |
cf88f6b03942
mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents:
12662
diff
changeset
|
235 if type(user) ~= "string" then return false; end |
cf88f6b03942
mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents:
12662
diff
changeset
|
236 |
cf88f6b03942
mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents:
12662
diff
changeset
|
237 return hosts[host].authz.user_can_assume_role(user, role_name); |
cf88f6b03942
mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents:
12662
diff
changeset
|
238 end |
cf88f6b03942
mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents:
12662
diff
changeset
|
239 |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
240 local function add_user_secondary_role(user, host, role_name) |
11473
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
241 if host and not hosts[host] then return false; end |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
242 if type(user) ~= "string" then return false; end |
11473
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
243 |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
244 local role, err = hosts[host].authz.add_user_secondary_role(user, role_name); |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
245 if role then |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
246 prosody.events.fire_event("user-role-added", { |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
247 username = user, host = host, role = role; |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
248 }); |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
249 end |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
250 return role, err; |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
251 end |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
252 |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
253 local function remove_user_secondary_role(user, host, role_name) |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
254 if host and not hosts[host] then return false; end |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
255 if type(user) ~= "string" then return false; end |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
256 |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
257 local ok, err = hosts[host].authz.remove_user_secondary_role(user, role_name); |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
258 if ok then |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
259 prosody.events.fire_event("user-role-removed", { |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
260 username = user, host = host, role_name = role_name; |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
261 }); |
11473
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
262 end |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
263 return ok, err; |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
264 end |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
265 |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
266 local function get_user_secondary_roles(user, host) |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
267 if host and not hosts[host] then return false; end |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
268 if type(user) ~= "string" then return false; end |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
269 |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
270 return hosts[host].authz.get_user_secondary_roles(user); |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
271 end |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
272 |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
273 local function get_jid_role(jid, host) |
12654
f3dbbc7655e6
usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents:
12653
diff
changeset
|
274 local jid_node, jid_host = jid_split(jid); |
f3dbbc7655e6
usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents:
12653
diff
changeset
|
275 if host == jid_host and jid_node then |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
276 return hosts[host].authz.get_user_role(jid_node); |
12654
f3dbbc7655e6
usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents:
12653
diff
changeset
|
277 end |
12658
7ca5645f46cd
usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents:
12657
diff
changeset
|
278 return hosts[host].authz.get_jid_role(jid); |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
279 end |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
280 |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
281 local function set_jid_role(jid, host, role_name) |
12654
f3dbbc7655e6
usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents:
12653
diff
changeset
|
282 local _, jid_host = jid_split(jid); |
f3dbbc7655e6
usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents:
12653
diff
changeset
|
283 if host == jid_host then |
f3dbbc7655e6
usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents:
12653
diff
changeset
|
284 return nil, "unexpected-local-jid"; |
f3dbbc7655e6
usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents:
12653
diff
changeset
|
285 end |
12658
7ca5645f46cd
usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents:
12657
diff
changeset
|
286 return hosts[host].authz.set_jid_role(jid, role_name) |
11473
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
287 end |
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
288 |
12659
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
289 local strict_deprecate_is_admin; |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
290 local legacy_admin_roles = { ["prosody:admin"] = true, ["prosody:operator"] = true }; |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
291 local function is_admin(jid, host) |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
292 if strict_deprecate_is_admin == nil then |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
293 strict_deprecate_is_admin = (config.get("*", "strict_deprecate_is_admin") == true); |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
294 end |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
295 if strict_deprecate_is_admin then |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
296 log("error", "Attempt to use deprecated is_admin() API: %s", debug.traceback()); |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
297 return false; |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
298 end |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
299 log("warn", "Usage of legacy is_admin() API, which will be disabled in a future build: %s", debug.traceback()); |
12683
75f0c69eba71
core.usermanager: Link to docs for new role API to make warning more actionable
Kim Alvefur <zash@zash.se>
parents:
12667
diff
changeset
|
300 log("warn", "See https://prosody.im/doc/developers/permissions about the new permissions API"); |
12659
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
301 return legacy_admin_roles[get_jid_role(jid, host)] or false; |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
302 end |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
303 |
11745
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
304 local function get_users_with_role(role, host) |
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
305 if not hosts[host] then return false; end |
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
306 if type(role) ~= "string" then return false; end |
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
307 return hosts[host].authz.get_users_with_role(role); |
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
308 end |
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
309 |
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
310 local function get_jids_with_role(role, host) |
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
311 if host and not hosts[host] then return false; end |
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
312 if type(role) ~= "string" then return false; end |
12658
7ca5645f46cd
usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents:
12657
diff
changeset
|
313 return hosts[host].authz.get_jids_with_role(role); |
11745
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
314 end |
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
315 |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
316 local function get_role_by_name(role_name, host) |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
317 if host and not hosts[host] then return false; end |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
318 if type(role_name) ~= "string" then return false; end |
12658
7ca5645f46cd
usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents:
12657
diff
changeset
|
319 return hosts[host].authz.get_role_by_name(role_name); |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
320 end |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
321 |
12920
cdb996637b08
authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents:
12906
diff
changeset
|
322 local function get_all_roles(host) |
cdb996637b08
authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents:
12906
diff
changeset
|
323 if host and not hosts[host] then return false; end |
cdb996637b08
authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents:
12906
diff
changeset
|
324 return hosts[host].authz.get_all_roles(); |
cdb996637b08
authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents:
12906
diff
changeset
|
325 end |
cdb996637b08
authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents:
12906
diff
changeset
|
326 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
327 return { |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
328 new_null_provider = new_null_provider; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
329 initialize_host = initialize_host; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
330 test_password = test_password; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
331 get_password = get_password; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
332 set_password = set_password; |
12646
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
12642
diff
changeset
|
333 get_account_info = get_account_info; |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
334 user_exists = user_exists; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
335 create_user = create_user; |
13169
7b6e7290265b
usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents:
12993
diff
changeset
|
336 create_user_with_role = create_user_with_role; |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
337 delete_user = delete_user; |
12905
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
338 user_is_enabled = user_is_enabled; |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
339 enable_user = enable_user; |
8473a516004f
core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents:
12683
diff
changeset
|
340 disable_user = disable_user; |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
341 users = users; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
342 get_sasl_handler = get_sasl_handler; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
343 get_provider = get_provider; |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
344 get_user_role = get_user_role; |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
345 set_user_role = set_user_role; |
12663
cf88f6b03942
mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents:
12662
diff
changeset
|
346 user_can_assume_role = user_can_assume_role; |
12662
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
347 add_user_secondary_role = add_user_secondary_role; |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
348 remove_user_secondary_role = remove_user_secondary_role; |
07424992d7fc
mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents:
12659
diff
changeset
|
349 get_user_secondary_roles = get_user_secondary_roles; |
11745
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
350 get_users_with_role = get_users_with_role; |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
351 get_jid_role = get_jid_role; |
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
352 set_jid_role = set_jid_role; |
11745
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
353 get_jids_with_role = get_jids_with_role; |
12648
f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents:
12646
diff
changeset
|
354 get_role_by_name = get_role_by_name; |
12920
cdb996637b08
authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents:
12906
diff
changeset
|
355 get_all_roles = get_all_roles; |
12659
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
356 |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
357 -- Deprecated |
c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents:
12658
diff
changeset
|
358 is_admin = is_admin; |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
359 }; |