prosody
fd7b0adada05
core/usermanager.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Annotate

core/usermanager.lua @ 13813:fd7b0adada05 13.0

portmanager: Take automatic cert selection into account when setting SNI cert This fixes (another) issue with the fix in 4ea7bd7325be, where it no longer checked the automatic cert index for an appropriate certificate.
author Matthew Wild <mwild1@gmail.com>
date Thu, 03 Apr 2025 12:02:45 +0100
parent 13782:4cfabfbb0691
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1523
841d61be198f Remove version number from copyright headers
Matthew Wild <mwild1@gmail.com>
parents: 896
diff changeset
1 -- Prosody IM
2923
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 2032
diff changeset
2 -- Copyright (C) 2008-2010 Matthew Wild
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 2032
diff changeset
3 -- Copyright (C) 2008-2010 Waqas Hussain
1585
edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents: 1523
diff changeset
4 --
758
b1885732e979 GPL->MIT!
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
5 -- This project is MIT/X11 licensed. Please see the
b1885732e979 GPL->MIT!
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
6 -- COPYING file in the source package for more information.
519
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 449
diff changeset
7 --
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 449
diff changeset
8
12972
ead41e25ebc0 core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12920
diff changeset
9 local modulemanager = require "prosody.core.modulemanager";
ead41e25ebc0 core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12920
diff changeset
10 local log = require "prosody.util.logger".init("usermanager");
890
5b8da51b0843 usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents: 760
diff changeset
11 local type = type;
12972
ead41e25ebc0 core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12920
diff changeset
12 local jid_split = require "prosody.util.jid".split;
ead41e25ebc0 core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12920
diff changeset
13 local config = require "prosody.core.configmanager";
ead41e25ebc0 core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12920
diff changeset
14 local sasl_new = require "prosody.util.sasl".new;
ead41e25ebc0 core: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12920
diff changeset
15 local storagemanager = require "prosody.core.storagemanager";
0
3e3171b59028 First commit, where do you want to go tomorrow?
matthew
parents:
diff changeset
16
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
17 local prosody = _G.prosody;
8717
9ddd0fbbe53a core: Use prosody.hosts instead of _G.hosts for consistency
Kim Alvefur <zash@zash.se>
parents: 8555
diff changeset
18 local hosts = prosody.hosts;
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
19
3161
73e93a48c0c1 Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents: 3160
diff changeset
20 local setmetatable = setmetatable;
73e93a48c0c1 Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents: 3160
diff changeset
21
12333
ed8a4f8dfd27 usermanager, mod_saslauth: Default to internal_hashed if no auth module specified
Matthew Wild <mwild1@gmail.com>
parents: 12020
diff changeset
22 local default_provider = "internal_hashed";
3180
99be525bcfb4 Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents: 3177
diff changeset
23
12659
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
24 local debug = debug;
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
25
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
26 local _ENV = nil;
8555
4f0f5b49bb03 vairious: Add annotation when an empty environment is set [luacheck]
Kim Alvefur <zash@zash.se>
parents: 8192
diff changeset
27 -- luacheck: std none
0
3e3171b59028 First commit, where do you want to go tomorrow?
matthew
parents:
diff changeset
28
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
29 local function new_null_provider()
3991
2b86d7705f4e usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents: 3982
diff changeset
30 local function dummy() return nil, "method not implemented"; end;
3362
90bf162303f3 usermanager: Return a non-nil SASL handler from the null auth provider (fixes a traceback).
Waqas Hussain <waqas20@gmail.com>
parents: 3336
diff changeset
31 local function dummy_get_sasl_handler() return sasl_new(nil, {}); end
3991
2b86d7705f4e usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents: 3982
diff changeset
32 return setmetatable({name = "null", get_sasl_handler = dummy_get_sasl_handler}, {
6663
d3023dd07cb6 portmanager, s2smanager, sessionmanager, stanza_router, storagemanager, usermanager, util.xml: Add luacheck annotations
Matthew Wild <mwild1@gmail.com>
parents: 6628
diff changeset
33 __index = function(self, method) return dummy; end --luacheck: ignore 212
3991
2b86d7705f4e usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents: 3982
diff changeset
34 });
3161
73e93a48c0c1 Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents: 3160
diff changeset
35 end
73e93a48c0c1 Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents: 3160
diff changeset
36
12658
7ca5645f46cd usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents: 12657
diff changeset
37 local fallback_authz_provider = {
12664
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
38 -- luacheck: ignore 212
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
39 get_jids_with_role = function (role) end;
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
40
12664
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
41 get_user_role = function (user) end;
12667
0278987b8687 core.usermanager: Update argument name in authz fallback method
Kim Alvefur <zash@zash.se>
parents: 12666
diff changeset
42 set_user_role = function (user, role_name) end;
12653
e4a412a54462 core.usermanager: Add missing stub authz methods to global authz provider
Kim Alvefur <zash@zash.se>
parents: 12648
diff changeset
43
12665
314bad8907fd core.usermanager: Add missing methods to fallback authz provider
Kim Alvefur <zash@zash.se>
parents: 12664
diff changeset
44 get_user_secondary_roles = function (user) end;
12664
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
45 add_user_secondary_role = function (user, host, role_name) end;
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
46 remove_user_secondary_role = function (user, host, role_name) end;
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
47
12665
314bad8907fd core.usermanager: Add missing methods to fallback authz provider
Kim Alvefur <zash@zash.se>
parents: 12664
diff changeset
48 user_can_assume_role = function(user, role_name) end;
314bad8907fd core.usermanager: Add missing methods to fallback authz provider
Kim Alvefur <zash@zash.se>
parents: 12664
diff changeset
49
12664
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
50 get_jid_role = function (jid) end;
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
51 set_jid_role = function (jid, role) end;
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
52
12664
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
53 get_users_with_role = function (role_name) end;
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
54 add_default_permission = function (role_name, action, policy) end;
05d5f25a3c61 core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Kim Alvefur <zash@zash.se>
parents: 12663
diff changeset
55 get_role_by_name = function (role_name) end;
12920
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
56 get_all_roles = function () end;
10633
d1cc6af0fb97 usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents: 8717
diff changeset
57 };
d1cc6af0fb97 usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents: 8717
diff changeset
58
3992
73075b004e77 usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents: 3991
diff changeset
59 local provider_mt = { __index = new_null_provider() };
73075b004e77 usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents: 3991
diff changeset
60
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
61 local function initialize_host(host)
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
62 local host_session = hosts[host];
10634
c9e1cb7a38b8 usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents: 10633
diff changeset
63
10659
8f95308c3c45 usermanager, mod_authz_*: Merge mod_authz_config and mod_authz_internal into the latter
Matthew Wild <mwild1@gmail.com>
parents: 10640
diff changeset
64 local authz_provider_name = config.get(host, "authorization") or "internal";
10634
c9e1cb7a38b8 usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents: 10633
diff changeset
65
c9e1cb7a38b8 usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents: 10633
diff changeset
66 local authz_mod = modulemanager.load(host, "authz_"..authz_provider_name);
12658
7ca5645f46cd usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents: 12657
diff changeset
67 host_session.authz = authz_mod or fallback_authz_provider;
10634
c9e1cb7a38b8 usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents: 10633
diff changeset
68
3612
5547acd18a9f usermanager: Don't load auth modules for components.
Waqas Hussain <waqas20@gmail.com>
parents: 3608
diff changeset
69 if host_session.type ~= "local" then return; end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5377
diff changeset
70
3163
a23168cc4af5 Working defaultauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3161
diff changeset
71 host_session.events.add_handler("item-added/auth-provider", function (event)
a23168cc4af5 Working defaultauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3161
diff changeset
72 local provider = event.item;
5377
898454038524 core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents: 5157
diff changeset
73 local auth_provider = config.get(host, "authentication") or default_provider;
898454038524 core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents: 5157
diff changeset
74 if config.get(host, "anonymous_login") then
4773
ee55956597f4 usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents: 4459
diff changeset
75 log("error", "Deprecated config option 'anonymous_login'. Use authentication = 'anonymous' instead.");
ee55956597f4 usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents: 4459
diff changeset
76 auth_provider = "anonymous";
ee55956597f4 usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents: 4459
diff changeset
77 end -- COMPAT 0.7
3180
99be525bcfb4 Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents: 3177
diff changeset
78 if provider.name == auth_provider then
3992
73075b004e77 usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents: 3991
diff changeset
79 host_session.users = setmetatable(provider, provider_mt);
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
80 end
3164
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents: 3163
diff changeset
81 if host_session.users ~= nil and host_session.users.name ~= nil then
6628
8495734da243 usermanager: Capitalize log message
Kim Alvefur <zash@zash.se>
parents: 5795
diff changeset
82 log("debug", "Host '%s' now set to use user provider '%s'", host, host_session.users.name);
3163
a23168cc4af5 Working defaultauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3161
diff changeset
83 end
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
84 end);
3163
a23168cc4af5 Working defaultauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3161
diff changeset
85 host_session.events.add_handler("item-removed/auth-provider", function (event)
a23168cc4af5 Working defaultauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3161
diff changeset
86 local provider = event.item;
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
87 if host_session.users == provider then
3161
73e93a48c0c1 Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents: 3160
diff changeset
88 host_session.users = new_null_provider();
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
89 end
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
90 end);
3540
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3466
diff changeset
91 host_session.users = new_null_provider(); -- Start with the default usermanager provider
5377
898454038524 core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents: 5157
diff changeset
92 local auth_provider = config.get(host, "authentication") or default_provider;
898454038524 core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents: 5157
diff changeset
93 if config.get(host, "anonymous_login") then auth_provider = "anonymous"; end -- COMPAT 0.7
3540
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3466
diff changeset
94 if auth_provider ~= "null" then
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3466
diff changeset
95 modulemanager.load(host, "auth_"..auth_provider);
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3466
diff changeset
96 end
10633
d1cc6af0fb97 usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents: 8717
diff changeset
97
3176
f77759710324 usermanager: Add hunk that got missed in a merge
Matthew Wild <mwild1@gmail.com>
parents: 3167
diff changeset
98 end;
3293
4ce9d569a99c usermanager: Expose host_handler() as initialize_host()
Matthew Wild <mwild1@gmail.com>
parents: 3285
diff changeset
99 prosody.events.add_handler("host-activated", initialize_host, 100);
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
100
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
101 local function test_password(username, host, password)
3158
3d42e0092888 Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents: 3053
diff changeset
102 return hosts[host].users.test_password(username, password);
0
3e3171b59028 First commit, where do you want to go tomorrow?
matthew
parents:
diff changeset
103 end
38
Matthew Wild <mwild1@gmail.com>
parents: 0
diff changeset
104
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
105 local function get_password(username, host)
3158
3d42e0092888 Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents: 3053
diff changeset
106 return hosts[host].users.get_password(username);
1585
edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents: 1523
diff changeset
107 end
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
108
8192
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
109 local function set_password(username, password, host, resource)
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
110 local ok, err = hosts[host].users.set_password(username, password);
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
111 if ok then
13760
b5b0190ddc38 usermanager: Add info logging for all usermanager account changes
Matthew Wild <mwild1@gmail.com>
parents: 13680
diff changeset
112 log("info", "Account password changed: %s@%s", username, host);
8192
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
113 prosody.events.fire_event("user-password-changed", { username = username, host = host, resource = resource });
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
114 end
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
115 return ok, err;
2934
060bb8217fea usermanager: Added function set_password.
Waqas Hussain <waqas20@gmail.com>
parents: 2929
diff changeset
116 end
1585
edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents: 1523
diff changeset
117
12646
3f38f4735c7a usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents: 12642
diff changeset
118 local function get_account_info(username, host)
3f38f4735c7a usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents: 12642
diff changeset
119 local method = hosts[host].users.get_account_info;
12993
623fbb5f9b05 core.usermanager: Correct formatting of not implemented error
Kim Alvefur <zash@zash.se>
parents: 12972
diff changeset
120 if not method then return nil, "method not supported"; end
12646
3f38f4735c7a usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents: 12642
diff changeset
121 return method(username);
3f38f4735c7a usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents: 12642
diff changeset
122 end
3f38f4735c7a usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents: 12642
diff changeset
123
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
124 local function user_exists(username, host)
7177
1295e14614f4 usermanager: Shortcircuit user existence check if they have existing sessions
Kim Alvefur <zash@zash.se>
parents: 6979
diff changeset
125 if hosts[host].sessions[username] then return true; end
3158
3d42e0092888 Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents: 3053
diff changeset
126 return hosts[host].users.user_exists(username);
60
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents: 53
diff changeset
127 end
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents: 53
diff changeset
128
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
129 local function create_user(username, password, host)
13760
b5b0190ddc38 usermanager: Add info logging for all usermanager account changes
Matthew Wild <mwild1@gmail.com>
parents: 13680
diff changeset
130 local ok, err = hosts[host].users.create_user(username, password);
b5b0190ddc38 usermanager: Add info logging for all usermanager account changes
Matthew Wild <mwild1@gmail.com>
parents: 13680
diff changeset
131 if ok then
b5b0190ddc38 usermanager: Add info logging for all usermanager account changes
Matthew Wild <mwild1@gmail.com>
parents: 13680
diff changeset
132 log("info", "User account created: %s@%s", username, host);
b5b0190ddc38 usermanager: Add info logging for all usermanager account changes
Matthew Wild <mwild1@gmail.com>
parents: 13680
diff changeset
133 end
b5b0190ddc38 usermanager: Add info logging for all usermanager account changes
Matthew Wild <mwild1@gmail.com>
parents: 13680
diff changeset
134 return ok, err;
60
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents: 53
diff changeset
135 end
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents: 53
diff changeset
136
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
137 local function delete_user(username, host)
5042
ce823b32225e usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents: 4943
diff changeset
138 local ok, err = hosts[host].users.delete_user(username);
ce823b32225e usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents: 4943
diff changeset
139 if not ok then return nil, err; end
13760
b5b0190ddc38 usermanager: Add info logging for all usermanager account changes
Matthew Wild <mwild1@gmail.com>
parents: 13680
diff changeset
140 log("info", "User account deleted: %s@%s", username, host);
5094
e646c849d72f core.usermanager: Don't close sessions ourselves when deleting users. Instead, fire an event that modules can hook.
Kim Alvefur <zash@zash.se>
parents: 5042
diff changeset
141 prosody.events.fire_event("user-deleted", { username = username, host = host });
5129
e8253c931166 storagemanager: Add purge() for purging user data from all backends in use
Kim Alvefur <zash@zash.se>
parents: 5094
diff changeset
142 return storagemanager.purge(username, host);
3993
b71e5ecc694b usermanager: Add delete_user method
Matthew Wild <mwild1@gmail.com>
parents: 3992
diff changeset
143 end
b71e5ecc694b usermanager: Add delete_user method
Matthew Wild <mwild1@gmail.com>
parents: 3992
diff changeset
144
12905
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
145 local function user_is_enabled(username, host)
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
146 local method = hosts[host].users.is_enabled;
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
147 if method then return method(username); end
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
148
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
149 -- Fallback
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
150 local info, err = get_account_info(username, host);
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
151 if info and info.enabled ~= nil then
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
152 return info.enabled;
12993
623fbb5f9b05 core.usermanager: Correct formatting of not implemented error
Kim Alvefur <zash@zash.se>
parents: 12972
diff changeset
153 elseif err ~= "method not implemented" then
12905
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
154 -- Storage issues etetc
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
155 return info, err;
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
156 end
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
157
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
158 -- API unsupported implies users are always enabled
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
159 return true;
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
160 end
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
161
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
162 local function enable_user(username, host)
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
163 local method = hosts[host].users.enable;
12993
623fbb5f9b05 core.usermanager: Correct formatting of not implemented error
Kim Alvefur <zash@zash.se>
parents: 12972
diff changeset
164 if not method then return nil, "method not supported"; end
12906
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
165 local ret, err = method(username);
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
166 if ret then
13760
b5b0190ddc38 usermanager: Add info logging for all usermanager account changes
Matthew Wild <mwild1@gmail.com>
parents: 13680
diff changeset
167 log("info", "User account enabled: %s@%s", username, host);
12906
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
168 prosody.events.fire_event("user-enabled", { username = username, host = host });
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
169 end
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
170 return ret, err;
12905
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
171 end
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
172
13359
1796370091d4 usermanager, mod_auth_internal_hashed: Support metadata when disabling a user
Matthew Wild <mwild1@gmail.com>
parents: 13169
diff changeset
173 local function disable_user(username, host, meta)
12905
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
174 local method = hosts[host].users.disable;
12993
623fbb5f9b05 core.usermanager: Correct formatting of not implemented error
Kim Alvefur <zash@zash.se>
parents: 12972
diff changeset
175 if not method then return nil, "method not supported"; end
13359
1796370091d4 usermanager, mod_auth_internal_hashed: Support metadata when disabling a user
Matthew Wild <mwild1@gmail.com>
parents: 13169
diff changeset
176 local ret, err = method(username, meta);
12906
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
177 if ret then
13760
b5b0190ddc38 usermanager: Add info logging for all usermanager account changes
Matthew Wild <mwild1@gmail.com>
parents: 13680
diff changeset
178 log("info", "User account disabled: %s@%s", username, host);
13359
1796370091d4 usermanager, mod_auth_internal_hashed: Support metadata when disabling a user
Matthew Wild <mwild1@gmail.com>
parents: 13169
diff changeset
179 prosody.events.fire_event("user-disabled", { username = username, host = host, meta = meta });
12906
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
180 end
e282c92ded0e core.usermanager: Fire events when enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12905
diff changeset
181 return ret, err;
12905
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
182 end
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
183
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
184 local function users(host)
5157
0e1686f334b8 usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents: 5129
diff changeset
185 return hosts[host].users.users();
0e1686f334b8 usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents: 5129
diff changeset
186 end
0e1686f334b8 usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents: 5129
diff changeset
187
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
188 local function get_sasl_handler(host, session)
4943
50f63f07245f usermanager: Pass session on to auth provider (missing half of commit 0545a574667b) (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents: 4773
diff changeset
189 return hosts[host].users.get_sasl_handler(session);
228
875842235836 Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents: 60
diff changeset
190 end
875842235836 Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents: 60
diff changeset
191
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
192 local function get_provider(host)
3167
546695e80e0a Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3166
diff changeset
193 return hosts[host].users;
546695e80e0a Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3166
diff changeset
194 end
546695e80e0a Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3166
diff changeset
195
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
196 local function get_user_role(user, host)
4237
6b0d7d94eb7f usermanager: Check host exists before trying to look up admins for it
Matthew Wild <mwild1@gmail.com>
parents: 3993
diff changeset
197 if host and not hosts[host] then return false; end
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
198 if type(user) ~= "string" then return false; end
4237
6b0d7d94eb7f usermanager: Check host exists before trying to look up admins for it
Matthew Wild <mwild1@gmail.com>
parents: 3993
diff changeset
199
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
200 return hosts[host].authz.get_user_role(user);
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
201 end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
202
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
203 local function set_user_role(user, host, role_name)
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
204 if host and not hosts[host] then return false; end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
205 if type(user) ~= "string" then return false; end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
206
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
207 local role, err = hosts[host].authz.set_user_role(user, role_name);
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
208 if role then
13760
b5b0190ddc38 usermanager: Add info logging for all usermanager account changes
Matthew Wild <mwild1@gmail.com>
parents: 13680
diff changeset
209 log("info", "Account %s@%s role changed to %s", user, host, role_name);
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
210 prosody.events.fire_event("user-role-changed", {
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
211 username = user, host = host, role = role;
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
212 });
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
213 end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
214 return role, err;
10640
5622eda7c5c5 usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents: 10635
diff changeset
215 end
5622eda7c5c5 usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents: 10635
diff changeset
216
13169
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
217 local function create_user_with_role(username, password, host, role)
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
218 local ok, err = create_user(username, nil, host);
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
219 if not ok then return ok, err; end
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
220
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
221 local role_ok, role_err = set_user_role(username, host, role);
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
222 if not role_ok then
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
223 delete_user(username, host);
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
224 return nil, "Failed to assign role: "..role_err;
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
225 end
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
226
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
227 if password then
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
228 local pw_ok, pw_err = set_password(username, password, host);
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
229 if not pw_ok then
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
230 return nil, "Failed to set password: "..pw_err;
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
231 end
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
232
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
233 local enable_ok, enable_err = enable_user(username, host);
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
234 if not enable_ok and enable_err ~= "method not implemented" then
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
235 return enable_ok, "Failed to enable account: "..enable_err;
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
236 end
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
237 end
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
238
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
239 return true;
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
240 end
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
241
12663
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
242 local function user_can_assume_role(user, host, role_name)
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
243 if host and not hosts[host] then return false; end
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
244 if type(user) ~= "string" then return false; end
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
245
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
246 return hosts[host].authz.user_can_assume_role(user, role_name);
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
247 end
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
248
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
249 local function add_user_secondary_role(user, host, role_name)
11473
afe80b64e209 usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents: 10695
diff changeset
250 if host and not hosts[host] then return false; end
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
251 if type(user) ~= "string" then return false; end
11473
afe80b64e209 usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents: 10695
diff changeset
252
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
253 local role, err = hosts[host].authz.add_user_secondary_role(user, role_name);
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
254 if role then
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
255 prosody.events.fire_event("user-role-added", {
13680
22f1444f08f9 usermanager: Include role_name in event for consistency with the 'removed' event
Matthew Wild <mwild1@gmail.com>
parents: 13359
diff changeset
256 username = user, host = host, role_name = role_name, role = role;
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
257 });
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
258 end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
259 return role, err;
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
260 end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
261
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
262 local function remove_user_secondary_role(user, host, role_name)
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
263 if host and not hosts[host] then return false; end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
264 if type(user) ~= "string" then return false; end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
265
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
266 local ok, err = hosts[host].authz.remove_user_secondary_role(user, role_name);
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
267 if ok then
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
268 prosody.events.fire_event("user-role-removed", {
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
269 username = user, host = host, role_name = role_name;
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
270 });
11473
afe80b64e209 usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents: 10695
diff changeset
271 end
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
272 return ok, err;
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
273 end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
274
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
275 local function get_user_secondary_roles(user, host)
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
276 if host and not hosts[host] then return false; end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
277 if type(user) ~= "string" then return false; end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
278
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
279 return hosts[host].authz.get_user_secondary_roles(user);
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
280 end
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
281
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
282 local function get_jid_role(jid, host)
12654
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
283 local jid_node, jid_host = jid_split(jid);
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
284 if host == jid_host and jid_node then
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
285 return hosts[host].authz.get_user_role(jid_node);
12654
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
286 end
12658
7ca5645f46cd usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents: 12657
diff changeset
287 return hosts[host].authz.get_jid_role(jid);
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
288 end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
289
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
290 local function set_jid_role(jid, host, role_name)
12654
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
291 local _, jid_host = jid_split(jid);
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
292 if host == jid_host then
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
293 return nil, "unexpected-local-jid";
f3dbbc7655e6 usermanager: Handle local JIDs being passed to get/set_jid_role()
Matthew Wild <mwild1@gmail.com>
parents: 12653
diff changeset
294 end
12658
7ca5645f46cd usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents: 12657
diff changeset
295 return hosts[host].authz.set_jid_role(jid, role_name)
11473
afe80b64e209 usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents: 10695
diff changeset
296 end
afe80b64e209 usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents: 10695
diff changeset
297
12659
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
298 local strict_deprecate_is_admin;
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
299 local legacy_admin_roles = { ["prosody:admin"] = true, ["prosody:operator"] = true };
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
300 local function is_admin(jid, host)
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
301 if strict_deprecate_is_admin == nil then
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
302 strict_deprecate_is_admin = (config.get("*", "strict_deprecate_is_admin") == true);
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
303 end
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
304 if strict_deprecate_is_admin then
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
305 log("error", "Attempt to use deprecated is_admin() API: %s", debug.traceback());
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
306 return false;
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
307 end
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
308 log("warn", "Usage of legacy is_admin() API, which will be disabled in a future build: %s", debug.traceback());
12683
75f0c69eba71 core.usermanager: Link to docs for new role API to make warning more actionable
Kim Alvefur <zash@zash.se>
parents: 12667
diff changeset
309 log("warn", "See https://prosody.im/doc/developers/permissions about the new permissions API");
13782
4cfabfbb0691 core.usermanager: Fix COMPAT layer for legacy is_admin() function
Kim Alvefur <zash@zash.se>
parents: 13760
diff changeset
310 local role = get_jid_role(jid, host);
4cfabfbb0691 core.usermanager: Fix COMPAT layer for legacy is_admin() function
Kim Alvefur <zash@zash.se>
parents: 13760
diff changeset
311 return role and legacy_admin_roles[role.name] or false;
12659
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
312 end
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
313
11745
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
314 local function get_users_with_role(role, host)
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
315 if not hosts[host] then return false; end
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
316 if type(role) ~= "string" then return false; end
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
317 return hosts[host].authz.get_users_with_role(role);
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
318 end
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
319
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
320 local function get_jids_with_role(role, host)
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
321 if host and not hosts[host] then return false; end
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
322 if type(role) ~= "string" then return false; end
12658
7ca5645f46cd usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents: 12657
diff changeset
323 return hosts[host].authz.get_jids_with_role(role);
11745
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
324 end
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
325
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
326 local function get_role_by_name(role_name, host)
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
327 if host and not hosts[host] then return false; end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
328 if type(role_name) ~= "string" then return false; end
12658
7ca5645f46cd usermanager: Remove concept of global authz provider
Matthew Wild <mwild1@gmail.com>
parents: 12657
diff changeset
329 return hosts[host].authz.get_role_by_name(role_name);
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
330 end
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
331
12920
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
332 local function get_all_roles(host)
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
333 if host and not hosts[host] then return false; end
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
334 return hosts[host].authz.get_all_roles();
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
335 end
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
336
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
337 return {
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
338 new_null_provider = new_null_provider;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
339 initialize_host = initialize_host;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
340 test_password = test_password;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
341 get_password = get_password;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
342 set_password = set_password;
12646
3f38f4735c7a usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents: 12642
diff changeset
343 get_account_info = get_account_info;
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
344 user_exists = user_exists;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
345 create_user = create_user;
13169
7b6e7290265b usermanager: Add create_user_with_role() method to atomically set initial role
Matthew Wild <mwild1@gmail.com>
parents: 12993
diff changeset
346 create_user_with_role = create_user_with_role;
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
347 delete_user = delete_user;
12905
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
348 user_is_enabled = user_is_enabled;
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
349 enable_user = enable_user;
8473a516004f core.usermanager: Add methods for enabling and disabling users
Kim Alvefur <zash@zash.se>
parents: 12683
diff changeset
350 disable_user = disable_user;
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
351 users = users;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
352 get_sasl_handler = get_sasl_handler;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
353 get_provider = get_provider;
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
354 get_user_role = get_user_role;
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
355 set_user_role = set_user_role;
12663
cf88f6b03942 mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com>
parents: 12662
diff changeset
356 user_can_assume_role = user_can_assume_role;
12662
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
357 add_user_secondary_role = add_user_secondary_role;
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
358 remove_user_secondary_role = remove_user_secondary_role;
07424992d7fc mod_authz_internal, and more: New iteration of role API
Matthew Wild <mwild1@gmail.com>
parents: 12659
diff changeset
359 get_user_secondary_roles = get_user_secondary_roles;
11745
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
360 get_users_with_role = get_users_with_role;
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
361 get_jid_role = get_jid_role;
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
362 set_jid_role = set_jid_role;
11745
3a2d58a39872 usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents: 11473
diff changeset
363 get_jids_with_role = get_jids_with_role;
12648
f299e570a0fe mod_authz_internal: Use util.roles, some API changes and config support
Matthew Wild <mwild1@gmail.com>
parents: 12646
diff changeset
364 get_role_by_name = get_role_by_name;
12920
cdb996637b08 authz: Add method for retrieving all roles
Kim Alvefur <zash@zash.se>
parents: 12906
diff changeset
365 get_all_roles = get_all_roles;
12659
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
366
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
367 -- Deprecated
c0eea4f6c739 usermanager: Add back temporary is_admin to warn about deprecated API usage
Matthew Wild <mwild1@gmail.com>
parents: 12658
diff changeset
368 is_admin = is_admin;
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
369 };