Software / code / prosody
Annotate
plugins/mod_register_ibr.lua @ 8484:f591855f060d
mod_register: Split into mod_register_ibr and mod_user_account_management (#723)
- mod_register_ibr handles in-band registration
- mod_user_account_management handles password change and user deletion
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 07 Oct 2017 22:00:50 +0200 |
| parent | 8464:plugins/mod_register.lua@1a0b76b07b7a |
| child | 8485:0e02c6de5c02 |
| rev | line source |
|---|---|
|
1523
841d61be198f
Remove version number from copyright headers
Matthew Wild <mwild1@gmail.com>
parents:
1189
diff
changeset
|
1 -- Prosody IM |
|
2923
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
2448
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
|
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
2448
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5763
diff
changeset
|
4 -- |
| 758 | 5 -- This project is MIT/X11 licensed. Please see the |
| 6 -- COPYING file in the source package for more information. | |
|
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
438
diff
changeset
|
7 -- |
|
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
438
diff
changeset
|
8 |
|
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
438
diff
changeset
|
9 |
|
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
10 local st = require "util.stanza"; |
|
4398
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
11 local dataform_new = require "util.dataforms".new; |
|
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
12 local usermanager_user_exists = require "core.usermanager".user_exists; |
|
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
13 local usermanager_create_user = require "core.usermanager".create_user; |
|
3996
7f35b292531b
mod_register: Change to use new delete_user auth provider method
Matthew Wild <mwild1@gmail.com>
parents:
3995
diff
changeset
|
14 local usermanager_delete_user = require "core.usermanager".delete_user; |
|
927
cc180d25dbeb
Fixed: mod_register: Node prepping was not being applied to usernames (part of issue #57)
Waqas Hussain <waqas20@gmail.com>
parents:
926
diff
changeset
|
15 local nodeprep = require "util.encodings".stringprep.nodeprep; |
|
7025
236e8d1ee96c
mod_register: Switch to using util.throttle for limiting registrations per ip per time
Kim Alvefur <zash@zash.se>
parents:
7018
diff
changeset
|
16 local create_throttle = require "util.throttle".create; |
|
7026
f0dc5cc11d0e
mod_register: Use util.cache to limit the number of per-ip throttles kept
Kim Alvefur <zash@zash.se>
parents:
7025
diff
changeset
|
17 local new_cache = require "util.cache".new; |
|
8452
4796fdcb7146
mod_register: Support CIDR notation in white-/blacklists (closes #941)
Kim Alvefur <zash@zash.se>
parents:
8194
diff
changeset
|
18 local ip_util = require "util.ip"; |
|
4796fdcb7146
mod_register: Support CIDR notation in white-/blacklists (closes #941)
Kim Alvefur <zash@zash.se>
parents:
8194
diff
changeset
|
19 local new_ip = ip_util.new_ip; |
|
4796fdcb7146
mod_register: Support CIDR notation in white-/blacklists (closes #941)
Kim Alvefur <zash@zash.se>
parents:
8194
diff
changeset
|
20 local match_ip = ip_util.match; |
|
4796fdcb7146
mod_register: Support CIDR notation in white-/blacklists (closes #941)
Kim Alvefur <zash@zash.se>
parents:
8194
diff
changeset
|
21 local parse_cidr = ip_util.parse_cidr; |
|
3995
e504b06492c6
mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true)
Matthew Wild <mwild1@gmail.com>
parents:
3540
diff
changeset
|
22 |
|
4398
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
23 local additional_fields = module:get_option("additional_registration_fields", {}); |
|
8484
f591855f060d
mod_register: Split into mod_register_ibr and mod_user_account_management (#723)
Kim Alvefur <zash@zash.se>
parents:
8464
diff
changeset
|
24 local require_encryption = module:get_option_boolean("c2s_require_encryption", |
|
f591855f060d
mod_register: Split into mod_register_ibr and mod_user_account_management (#723)
Kim Alvefur <zash@zash.se>
parents:
8464
diff
changeset
|
25 module:get_option_boolean("require_encryption", false)); |
|
4398
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
26 |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5371
diff
changeset
|
27 local account_details = module:open_store("account_details"); |
|
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5371
diff
changeset
|
28 |
|
4398
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
29 local field_map = { |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
30 username = { name = "username", type = "text-single", label = "Username", required = true }; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
31 password = { name = "password", type = "text-private", label = "Password", required = true }; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
32 nick = { name = "nick", type = "text-single", label = "Nickname" }; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
33 name = { name = "name", type = "text-single", label = "Full Name" }; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
34 first = { name = "first", type = "text-single", label = "Given Name" }; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
35 last = { name = "last", type = "text-single", label = "Family Name" }; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
36 email = { name = "email", type = "text-single", label = "Email" }; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
37 address = { name = "address", type = "text-single", label = "Street" }; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
38 city = { name = "city", type = "text-single", label = "City" }; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
39 state = { name = "state", type = "text-single", label = "State" }; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
40 zip = { name = "zip", type = "text-single", label = "Postal code" }; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
41 phone = { name = "phone", type = "text-single", label = "Telephone number" }; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
42 url = { name = "url", type = "text-single", label = "Webpage" }; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
43 date = { name = "date", type = "text-single", label = "Birth date" }; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
44 }; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
45 |
|
7812
2bc339352dcd
mod_register: Allow 'title' and 'instructions' fields to be customized
Kim Alvefur <zash@zash.se>
parents:
7754
diff
changeset
|
46 local title = module:get_option_string("registration_title", |
|
2bc339352dcd
mod_register: Allow 'title' and 'instructions' fields to be customized
Kim Alvefur <zash@zash.se>
parents:
7754
diff
changeset
|
47 "Creating a new account"); |
|
2bc339352dcd
mod_register: Allow 'title' and 'instructions' fields to be customized
Kim Alvefur <zash@zash.se>
parents:
7754
diff
changeset
|
48 local instructions = module:get_option_string("registration_instructions", |
|
2bc339352dcd
mod_register: Allow 'title' and 'instructions' fields to be customized
Kim Alvefur <zash@zash.se>
parents:
7754
diff
changeset
|
49 "Choose a username and password for use with this service."); |
|
2bc339352dcd
mod_register: Allow 'title' and 'instructions' fields to be customized
Kim Alvefur <zash@zash.se>
parents:
7754
diff
changeset
|
50 |
|
4398
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
51 local registration_form = dataform_new{ |
|
7812
2bc339352dcd
mod_register: Allow 'title' and 'instructions' fields to be customized
Kim Alvefur <zash@zash.se>
parents:
7754
diff
changeset
|
52 title = title; |
|
2bc339352dcd
mod_register: Allow 'title' and 'instructions' fields to be customized
Kim Alvefur <zash@zash.se>
parents:
7754
diff
changeset
|
53 instructions = instructions; |
|
4398
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
54 |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
55 field_map.username; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
56 field_map.password; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
57 }; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
58 |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
59 local registration_query = st.stanza("query", {xmlns = "jabber:iq:register"}) |
|
7812
2bc339352dcd
mod_register: Allow 'title' and 'instructions' fields to be customized
Kim Alvefur <zash@zash.se>
parents:
7754
diff
changeset
|
60 :tag("instructions"):text(instructions):up() |
|
4398
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
61 :tag("username"):up() |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
62 :tag("password"):up(); |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
63 |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
64 for _, field in ipairs(additional_fields) do |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
65 if type(field) == "table" then |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
66 registration_form[#registration_form + 1] = field; |
|
7816
2624f4ee34a2
mod_register: Fix syntax errors
Kim Alvefur <zash@zash.se>
parents:
7815
diff
changeset
|
67 elseif field_map[field] or field_map[field:sub(1, -2)] then |
|
4398
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
68 if field:match("%+$") then |
|
7814
2120d71b0d56
mod_register: Strip '+' char from field names without using length
Kim Alvefur <zash@zash.se>
parents:
7812
diff
changeset
|
69 field = field:sub(1, -2); |
|
4398
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
70 field_map[field].required = true; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
71 end |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
72 |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
73 registration_form[#registration_form + 1] = field_map[field]; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
74 registration_query:tag(field):up(); |
|
7815
f8d25a2e80ea
mod_register: Verify that fields are known to prevent traceback
Kim Alvefur <zash@zash.se>
parents:
7814
diff
changeset
|
75 else |
|
f8d25a2e80ea
mod_register: Verify that fields are known to prevent traceback
Kim Alvefur <zash@zash.se>
parents:
7814
diff
changeset
|
76 module:log("error", "Unknown field %q", field); |
|
4398
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
77 end |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
78 end |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
79 registration_query:add_child(registration_form:form()); |
|
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
80 |
|
4268
c249f10eb9bb
Advertise in-band registration support.
Glenn Maynard <glenn@zewt.org>
parents:
3997
diff
changeset
|
81 local register_stream_feature = st.stanza("register", {xmlns="http://jabber.org/features/iq-register"}):up(); |
|
c249f10eb9bb
Advertise in-band registration support.
Glenn Maynard <glenn@zewt.org>
parents:
3997
diff
changeset
|
82 module:hook("stream-features", function(event) |
| 5707 | 83 local session, features = event.origin, event.features; |
|
4268
c249f10eb9bb
Advertise in-band registration support.
Glenn Maynard <glenn@zewt.org>
parents:
3997
diff
changeset
|
84 |
|
c249f10eb9bb
Advertise in-band registration support.
Glenn Maynard <glenn@zewt.org>
parents:
3997
diff
changeset
|
85 -- Advertise registration to unauthorized clients only. |
|
8484
f591855f060d
mod_register: Split into mod_register_ibr and mod_user_account_management (#723)
Kim Alvefur <zash@zash.se>
parents:
8464
diff
changeset
|
86 if session.type ~= "c2s_unauthed" or (require_encryption and not session.secure) then |
|
4268
c249f10eb9bb
Advertise in-band registration support.
Glenn Maynard <glenn@zewt.org>
parents:
3997
diff
changeset
|
87 return |
|
c249f10eb9bb
Advertise in-band registration support.
Glenn Maynard <glenn@zewt.org>
parents:
3997
diff
changeset
|
88 end |
|
c249f10eb9bb
Advertise in-band registration support.
Glenn Maynard <glenn@zewt.org>
parents:
3997
diff
changeset
|
89 |
|
c249f10eb9bb
Advertise in-band registration support.
Glenn Maynard <glenn@zewt.org>
parents:
3997
diff
changeset
|
90 features:add_child(register_stream_feature); |
|
c249f10eb9bb
Advertise in-band registration support.
Glenn Maynard <glenn@zewt.org>
parents:
3997
diff
changeset
|
91 end); |
|
c249f10eb9bb
Advertise in-band registration support.
Glenn Maynard <glenn@zewt.org>
parents:
3997
diff
changeset
|
92 |
|
4398
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
93 local function parse_response(query) |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
94 local form = query:get_child("x", "jabber:x:data"); |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
95 if form then |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
96 return registration_form:data(form); |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
97 else |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
98 local data = {}; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
99 local errors = {}; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
100 for _, field in ipairs(registration_form) do |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
101 local name, required = field.name, field.required; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
102 if field_map[name] then |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
103 data[name] = query:get_child_text(name); |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
104 if (not data[name] or #data[name] == 0) and required then |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
105 errors[name] = "Required value missing"; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
106 end |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
107 end |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
108 end |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
109 if next(errors) then |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
110 return data, errors; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
111 end |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
112 return data; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
113 end |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
114 end |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
115 |
|
5763
0e52f1d5ca71
mod_register: Use more specific get_option variants
Kim Alvefur <zash@zash.se>
parents:
5707
diff
changeset
|
116 local min_seconds_between_registrations = module:get_option_number("min_seconds_between_registrations"); |
|
0e52f1d5ca71
mod_register: Use more specific get_option variants
Kim Alvefur <zash@zash.se>
parents:
5707
diff
changeset
|
117 local whitelist_only = module:get_option_boolean("whitelist_registration_only"); |
|
8183
49a682d6b427
mod_register: Add ::1 to the default registration_whitelist.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
8070
diff
changeset
|
118 local whitelisted_ips = module:get_option_set("registration_whitelist", { "127.0.0.1", "::1" })._items; |
|
5763
0e52f1d5ca71
mod_register: Use more specific get_option variants
Kim Alvefur <zash@zash.se>
parents:
5707
diff
changeset
|
119 local blacklisted_ips = module:get_option_set("registration_blacklist", {})._items; |
|
690
e901a0709005
Added rate limiting to in-band registration, and added IP [black/white]lists
Matthew Wild <mwild1@gmail.com>
parents:
665
diff
changeset
|
120 |
|
7025
236e8d1ee96c
mod_register: Switch to using util.throttle for limiting registrations per ip per time
Kim Alvefur <zash@zash.se>
parents:
7018
diff
changeset
|
121 local throttle_max = module:get_option_number("registration_throttle_max", min_seconds_between_registrations and 1); |
|
236e8d1ee96c
mod_register: Switch to using util.throttle for limiting registrations per ip per time
Kim Alvefur <zash@zash.se>
parents:
7018
diff
changeset
|
122 local throttle_period = module:get_option_number("registration_throttle_period", min_seconds_between_registrations); |
|
7026
f0dc5cc11d0e
mod_register: Use util.cache to limit the number of per-ip throttles kept
Kim Alvefur <zash@zash.se>
parents:
7025
diff
changeset
|
123 local throttle_cache_size = module:get_option_number("registration_throttle_cache_size", 100); |
| 7037 | 124 local blacklist_overflow = module:get_option_boolean("blacklist_on_registration_throttle_overload", false); |
|
690
e901a0709005
Added rate limiting to in-band registration, and added IP [black/white]lists
Matthew Wild <mwild1@gmail.com>
parents:
665
diff
changeset
|
125 |
|
7027
77d838ba91c6
mod_register: Support for blacklisting ips that are still over limit when they get pushed out of the cache
Kim Alvefur <zash@zash.se>
parents:
7026
diff
changeset
|
126 local throttle_cache = new_cache(throttle_cache_size, blacklist_overflow and function (ip, throttle) |
|
77d838ba91c6
mod_register: Support for blacklisting ips that are still over limit when they get pushed out of the cache
Kim Alvefur <zash@zash.se>
parents:
7026
diff
changeset
|
127 if not throttle:peek() then |
|
77d838ba91c6
mod_register: Support for blacklisting ips that are still over limit when they get pushed out of the cache
Kim Alvefur <zash@zash.se>
parents:
7026
diff
changeset
|
128 module:log("info", "Adding ip %s to registration blacklist", ip); |
|
77d838ba91c6
mod_register: Support for blacklisting ips that are still over limit when they get pushed out of the cache
Kim Alvefur <zash@zash.se>
parents:
7026
diff
changeset
|
129 blacklisted_ips[ip] = true; |
|
77d838ba91c6
mod_register: Support for blacklisting ips that are still over limit when they get pushed out of the cache
Kim Alvefur <zash@zash.se>
parents:
7026
diff
changeset
|
130 end |
|
7293
c4af754d1e1b
mod_register: Make sure only an on_evict function or nil is passed to util.cache
Kim Alvefur <zash@zash.se>
parents:
7037
diff
changeset
|
131 end or nil); |
|
7025
236e8d1ee96c
mod_register: Switch to using util.throttle for limiting registrations per ip per time
Kim Alvefur <zash@zash.se>
parents:
7018
diff
changeset
|
132 |
|
236e8d1ee96c
mod_register: Switch to using util.throttle for limiting registrations per ip per time
Kim Alvefur <zash@zash.se>
parents:
7018
diff
changeset
|
133 local function check_throttle(ip) |
|
236e8d1ee96c
mod_register: Switch to using util.throttle for limiting registrations per ip per time
Kim Alvefur <zash@zash.se>
parents:
7018
diff
changeset
|
134 if not throttle_max then return true end |
|
7026
f0dc5cc11d0e
mod_register: Use util.cache to limit the number of per-ip throttles kept
Kim Alvefur <zash@zash.se>
parents:
7025
diff
changeset
|
135 local throttle = throttle_cache:get(ip); |
|
7025
236e8d1ee96c
mod_register: Switch to using util.throttle for limiting registrations per ip per time
Kim Alvefur <zash@zash.se>
parents:
7018
diff
changeset
|
136 if not throttle then |
|
236e8d1ee96c
mod_register: Switch to using util.throttle for limiting registrations per ip per time
Kim Alvefur <zash@zash.se>
parents:
7018
diff
changeset
|
137 throttle = create_throttle(throttle_max, throttle_period); |
|
236e8d1ee96c
mod_register: Switch to using util.throttle for limiting registrations per ip per time
Kim Alvefur <zash@zash.se>
parents:
7018
diff
changeset
|
138 end |
|
7026
f0dc5cc11d0e
mod_register: Use util.cache to limit the number of per-ip throttles kept
Kim Alvefur <zash@zash.se>
parents:
7025
diff
changeset
|
139 throttle_cache:set(ip, throttle); |
|
7025
236e8d1ee96c
mod_register: Switch to using util.throttle for limiting registrations per ip per time
Kim Alvefur <zash@zash.se>
parents:
7018
diff
changeset
|
140 return throttle:poll(1); |
|
236e8d1ee96c
mod_register: Switch to using util.throttle for limiting registrations per ip per time
Kim Alvefur <zash@zash.se>
parents:
7018
diff
changeset
|
141 end |
|
690
e901a0709005
Added rate limiting to in-band registration, and added IP [black/white]lists
Matthew Wild <mwild1@gmail.com>
parents:
665
diff
changeset
|
142 |
|
8452
4796fdcb7146
mod_register: Support CIDR notation in white-/blacklists (closes #941)
Kim Alvefur <zash@zash.se>
parents:
8194
diff
changeset
|
143 local function ip_in_set(set, ip) |
|
4796fdcb7146
mod_register: Support CIDR notation in white-/blacklists (closes #941)
Kim Alvefur <zash@zash.se>
parents:
8194
diff
changeset
|
144 if set[ip] then |
|
4796fdcb7146
mod_register: Support CIDR notation in white-/blacklists (closes #941)
Kim Alvefur <zash@zash.se>
parents:
8194
diff
changeset
|
145 return true; |
|
4796fdcb7146
mod_register: Support CIDR notation in white-/blacklists (closes #941)
Kim Alvefur <zash@zash.se>
parents:
8194
diff
changeset
|
146 end |
|
4796fdcb7146
mod_register: Support CIDR notation in white-/blacklists (closes #941)
Kim Alvefur <zash@zash.se>
parents:
8194
diff
changeset
|
147 ip = new_ip(ip); |
|
4796fdcb7146
mod_register: Support CIDR notation in white-/blacklists (closes #941)
Kim Alvefur <zash@zash.se>
parents:
8194
diff
changeset
|
148 for in_set in pairs(set) do |
|
4796fdcb7146
mod_register: Support CIDR notation in white-/blacklists (closes #941)
Kim Alvefur <zash@zash.se>
parents:
8194
diff
changeset
|
149 if match_ip(ip, parse_cidr(in_set)) then |
|
4796fdcb7146
mod_register: Support CIDR notation in white-/blacklists (closes #941)
Kim Alvefur <zash@zash.se>
parents:
8194
diff
changeset
|
150 return true; |
|
4796fdcb7146
mod_register: Support CIDR notation in white-/blacklists (closes #941)
Kim Alvefur <zash@zash.se>
parents:
8194
diff
changeset
|
151 end |
|
4796fdcb7146
mod_register: Support CIDR notation in white-/blacklists (closes #941)
Kim Alvefur <zash@zash.se>
parents:
8194
diff
changeset
|
152 end |
|
4796fdcb7146
mod_register: Support CIDR notation in white-/blacklists (closes #941)
Kim Alvefur <zash@zash.se>
parents:
8194
diff
changeset
|
153 return false; |
|
4796fdcb7146
mod_register: Support CIDR notation in white-/blacklists (closes #941)
Kim Alvefur <zash@zash.se>
parents:
8194
diff
changeset
|
154 end |
|
4796fdcb7146
mod_register: Support CIDR notation in white-/blacklists (closes #941)
Kim Alvefur <zash@zash.se>
parents:
8194
diff
changeset
|
155 |
|
8194
ba9cd8447578
mod_register: Add comments saying which section handles password change, account deletion and which is in-band registration
Kim Alvefur <zash@zash.se>
parents:
8192
diff
changeset
|
156 -- In-band registration |
|
3529
3f9cc12308aa
mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents:
3394
diff
changeset
|
157 module:hook("stanza/iq/jabber:iq:register:query", function(event) |
|
3f9cc12308aa
mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents:
3394
diff
changeset
|
158 local session, stanza = event.origin, event.stanza; |
|
7017
ff734a602886
mod_register: Use session log instance to ease indentification
Kim Alvefur <zash@zash.se>
parents:
5776
diff
changeset
|
159 local log = session.log or module._log; |
|
3529
3f9cc12308aa
mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents:
3394
diff
changeset
|
160 |
|
8484
f591855f060d
mod_register: Split into mod_register_ibr and mod_user_account_management (#723)
Kim Alvefur <zash@zash.se>
parents:
8464
diff
changeset
|
161 if session.type ~= "c2s_unauthed" then |
|
7709
0af1783d1592
mod_register: Additional logging for various registration failure cases
Kim Alvefur <zash@zash.se>
parents:
7570
diff
changeset
|
162 log("debug", "Attempted registration when disabled or already authenticated"); |
|
665
09e0e9c722a3
Add allow_registration option to disable account registration
Matthew Wild <mwild1@gmail.com>
parents:
615
diff
changeset
|
163 session.send(st.error_reply(stanza, "cancel", "service-unavailable")); |
|
7916
72b6d5ab4137
mod_register: Require encryption before registration if c2s_require_encryption is set (fixes #595)
Kim Alvefur <zash@zash.se>
parents:
5637
diff
changeset
|
164 elseif require_encryption and not session.secure then |
|
72b6d5ab4137
mod_register: Require encryption before registration if c2s_require_encryption is set (fixes #595)
Kim Alvefur <zash@zash.se>
parents:
5637
diff
changeset
|
165 session.send(st.error_reply(stanza, "modify", "policy-violation", "Encryption is required")); |
|
3529
3f9cc12308aa
mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents:
3394
diff
changeset
|
166 else |
|
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
167 local query = stanza.tags[1]; |
|
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
168 if stanza.attr.type == "get" then |
|
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
169 local reply = st.reply(stanza); |
|
4398
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
170 reply:add_child(registration_query); |
|
311
513bd52e8e19
Fixed mod_register to use session.send for sending stanzas
Waqas Hussain <waqas20@gmail.com>
parents:
85
diff
changeset
|
171 session.send(reply); |
|
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
172 elseif stanza.attr.type == "set" then |
|
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
173 if query.tags[1] and query.tags[1].name == "remove" then |
|
311
513bd52e8e19
Fixed mod_register to use session.send for sending stanzas
Waqas Hussain <waqas20@gmail.com>
parents:
85
diff
changeset
|
174 session.send(st.error_reply(stanza, "auth", "registration-required")); |
|
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
175 else |
|
4398
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
176 local data, errors = parse_response(query); |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
177 if errors then |
|
7709
0af1783d1592
mod_register: Additional logging for various registration failure cases
Kim Alvefur <zash@zash.se>
parents:
7570
diff
changeset
|
178 log("debug", "Error parsing registration form:"); |
|
0af1783d1592
mod_register: Additional logging for various registration failure cases
Kim Alvefur <zash@zash.se>
parents:
7570
diff
changeset
|
179 for field, err in pairs(errors) do |
|
0af1783d1592
mod_register: Additional logging for various registration failure cases
Kim Alvefur <zash@zash.se>
parents:
7570
diff
changeset
|
180 log("debug", "Field %q: %s", field, err); |
|
0af1783d1592
mod_register: Additional logging for various registration failure cases
Kim Alvefur <zash@zash.se>
parents:
7570
diff
changeset
|
181 end |
|
4398
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
182 session.send(st.error_reply(stanza, "modify", "not-acceptable")); |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
183 else |
|
690
e901a0709005
Added rate limiting to in-band registration, and added IP [black/white]lists
Matthew Wild <mwild1@gmail.com>
parents:
665
diff
changeset
|
184 -- Check that the user is not blacklisted or registering too often |
|
2085
64872e216e23
mod_register: Log a debug message when a session's IP is not available.
Waqas Hussain <waqas20@gmail.com>
parents:
1861
diff
changeset
|
185 if not session.ip then |
|
7017
ff734a602886
mod_register: Use session log instance to ease indentification
Kim Alvefur <zash@zash.se>
parents:
5776
diff
changeset
|
186 log("debug", "User's IP not known; can't apply blacklist/whitelist"); |
|
8452
4796fdcb7146
mod_register: Support CIDR notation in white-/blacklists (closes #941)
Kim Alvefur <zash@zash.se>
parents:
8194
diff
changeset
|
187 elseif ip_in_set(blacklisted_ips, session.ip) or (whitelist_only and not ip_in_set(whitelisted_ips, session.ip)) then |
|
1859
c965b0accc7c
mod_register: Added helpful text to registration error responses.
Waqas Hussain <waqas20@gmail.com>
parents:
1858
diff
changeset
|
188 session.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not allowed to register an account.")); |
|
3529
3f9cc12308aa
mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents:
3394
diff
changeset
|
189 return true; |
|
8452
4796fdcb7146
mod_register: Support CIDR notation in white-/blacklists (closes #941)
Kim Alvefur <zash@zash.se>
parents:
8194
diff
changeset
|
190 elseif throttle_max and not ip_in_set(whitelisted_ips, session.ip) then |
|
7570
c61ea328fac2
mod_register: Fix inverted throttle check (fixes #724)
Kim Alvefur <zash@zash.se>
parents:
7293
diff
changeset
|
191 if not check_throttle(session.ip) then |
|
7709
0af1783d1592
mod_register: Additional logging for various registration failure cases
Kim Alvefur <zash@zash.se>
parents:
7570
diff
changeset
|
192 log("debug", "Registrations over limit for ip %s", session.ip or "?"); |
|
7025
236e8d1ee96c
mod_register: Switch to using util.throttle for limiting registrations per ip per time
Kim Alvefur <zash@zash.se>
parents:
7018
diff
changeset
|
193 session.send(st.error_reply(stanza, "wait", "not-acceptable")); |
|
236e8d1ee96c
mod_register: Switch to using util.throttle for limiting registrations per ip per time
Kim Alvefur <zash@zash.se>
parents:
7018
diff
changeset
|
194 return true; |
|
690
e901a0709005
Added rate limiting to in-band registration, and added IP [black/white]lists
Matthew Wild <mwild1@gmail.com>
parents:
665
diff
changeset
|
195 end |
|
e901a0709005
Added rate limiting to in-band registration, and added IP [black/white]lists
Matthew Wild <mwild1@gmail.com>
parents:
665
diff
changeset
|
196 end |
|
4398
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
197 local username, password = nodeprep(data.username), data.password; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
198 data.username, data.password = nil, nil; |
|
1857
ef266aa8e18f
mod_register: Fixed: No error was returned if username failed nodeprep.
Waqas Hussain <waqas20@gmail.com>
parents:
1523
diff
changeset
|
199 local host = module.host; |
|
2448
542335c8a5bc
mod_register: Return a <not-acceptable/> error on empty usernames (thanks Neustradamus).
Waqas Hussain <waqas20@gmail.com>
parents:
2260
diff
changeset
|
200 if not username or username == "" then |
|
7709
0af1783d1592
mod_register: Additional logging for various registration failure cases
Kim Alvefur <zash@zash.se>
parents:
7570
diff
changeset
|
201 log("debug", "The requested username is invalid."); |
|
1859
c965b0accc7c
mod_register: Added helpful text to registration error responses.
Waqas Hussain <waqas20@gmail.com>
parents:
1858
diff
changeset
|
202 session.send(st.error_reply(stanza, "modify", "not-acceptable", "The requested username is invalid.")); |
|
5165
39bb9344f194
mod_register: Fire event to allow blocking user registration
Florian Zeitz <florob@babelmonkeys.de>
parents:
5098
diff
changeset
|
203 return true; |
|
39bb9344f194
mod_register: Fire event to allow blocking user registration
Florian Zeitz <florob@babelmonkeys.de>
parents:
5098
diff
changeset
|
204 end |
|
8464
1a0b76b07b7a
mod_register: Include the session and its IP address in user-registering event, so that plugins can use this
Kim Alvefur <zash@zash.se>
parents:
8452
diff
changeset
|
205 local user = { username = username , host = host, additional = data, ip = session.ip, session = session, allowed = true } |
|
5165
39bb9344f194
mod_register: Fire event to allow blocking user registration
Florian Zeitz <florob@babelmonkeys.de>
parents:
5098
diff
changeset
|
206 module:fire_event("user-registering", user); |
|
39bb9344f194
mod_register: Fire event to allow blocking user registration
Florian Zeitz <florob@babelmonkeys.de>
parents:
5098
diff
changeset
|
207 if not user.allowed then |
|
7709
0af1783d1592
mod_register: Additional logging for various registration failure cases
Kim Alvefur <zash@zash.se>
parents:
7570
diff
changeset
|
208 log("debug", "Registration disallowed by module"); |
|
5165
39bb9344f194
mod_register: Fire event to allow blocking user registration
Florian Zeitz <florob@babelmonkeys.de>
parents:
5098
diff
changeset
|
209 session.send(st.error_reply(stanza, "modify", "not-acceptable", "The requested username is forbidden.")); |
|
1857
ef266aa8e18f
mod_register: Fixed: No error was returned if username failed nodeprep.
Waqas Hussain <waqas20@gmail.com>
parents:
1523
diff
changeset
|
210 elseif usermanager_user_exists(username, host) then |
|
7709
0af1783d1592
mod_register: Additional logging for various registration failure cases
Kim Alvefur <zash@zash.se>
parents:
7570
diff
changeset
|
211 log("debug", "Attempt to register with existing username"); |
|
1859
c965b0accc7c
mod_register: Added helpful text to registration error responses.
Waqas Hussain <waqas20@gmail.com>
parents:
1858
diff
changeset
|
212 session.send(st.error_reply(stanza, "cancel", "conflict", "The requested username already exists.")); |
|
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
213 else |
|
4398
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
214 -- TODO unable to write file, file may be locked, etc, what's the correct error? |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
215 local error_reply = st.error_reply(stanza, "wait", "internal-server-error", "Failed to write data to disk."); |
|
1857
ef266aa8e18f
mod_register: Fixed: No error was returned if username failed nodeprep.
Waqas Hussain <waqas20@gmail.com>
parents:
1523
diff
changeset
|
216 if usermanager_create_user(username, password, host) then |
|
7754
560d2e758d4c
mod_register: Record the time of registration in the account details store
Kim Alvefur <zash@zash.se>
parents:
7711
diff
changeset
|
217 data.registered = os.time(); |
|
8069
8f5f197b139d
mod_register: Remove check for empty table (previous line sets a field)
Kim Alvefur <zash@zash.se>
parents:
7917
diff
changeset
|
218 if not account_details:set(username, data) then |
|
7709
0af1783d1592
mod_register: Additional logging for various registration failure cases
Kim Alvefur <zash@zash.se>
parents:
7570
diff
changeset
|
219 log("debug", "Could not store extra details"); |
|
4398
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
220 usermanager_delete_user(username, host); |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
221 session.send(error_reply); |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
222 return true; |
|
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
223 end |
|
311
513bd52e8e19
Fixed mod_register to use session.send for sending stanzas
Waqas Hussain <waqas20@gmail.com>
parents:
85
diff
changeset
|
224 session.send(st.reply(stanza)); -- user created! |
|
7017
ff734a602886
mod_register: Use session log instance to ease indentification
Kim Alvefur <zash@zash.se>
parents:
5776
diff
changeset
|
225 log("info", "User account created: %s@%s", username, host); |
|
3540
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3529
diff
changeset
|
226 module:fire_event("user-registered", { |
|
1857
ef266aa8e18f
mod_register: Fixed: No error was returned if username failed nodeprep.
Waqas Hussain <waqas20@gmail.com>
parents:
1523
diff
changeset
|
227 username = username, host = host, source = "mod_register", |
|
1189
63ed3902f357
mod_register: Attach session to user-registered and user-deregistered events
Matthew Wild <mwild1@gmail.com>
parents:
1184
diff
changeset
|
228 session = session }); |
|
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
229 else |
|
7709
0af1783d1592
mod_register: Additional logging for various registration failure cases
Kim Alvefur <zash@zash.se>
parents:
7570
diff
changeset
|
230 log("debug", "Could not create user"); |
|
4398
acc37e221940
mod_register: Add support for additional registration fields
Florian Zeitz <florob@babelmonkeys.de>
parents:
4270
diff
changeset
|
231 session.send(error_reply); |
|
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
232 end |
|
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
233 end |
|
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
234 end |
|
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
235 end |
|
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
236 end |
|
3529
3f9cc12308aa
mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents:
3394
diff
changeset
|
237 end |
|
3f9cc12308aa
mod_register: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents:
3394
diff
changeset
|
238 return true; |
|
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
239 end); |
