prosody
72b6d5ab4137
plugins/mod_register.lua
Software / code / prosody
Comparison
plugins/mod_register.lua @ 7916:72b6d5ab4137
mod_register: Require encryption before registration if c2s_require_encryption is set (fixes #595)
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 21 Feb 2017 18:54:44 +0100 |
| parent | 6297:5b298a6ecf0c |
| child | 7917:1ea3a8dc7dd5 |
comparison
equal
deleted
inserted
replaced
| 7806:00bca79ae778 | 7916:72b6d5ab4137 |
|---|---|
| 18 local jid_bare = require "util.jid".bare; | 18 local jid_bare = require "util.jid".bare; |
| 19 | 19 |
| 20 local compat = module:get_option_boolean("registration_compat", true); | 20 local compat = module:get_option_boolean("registration_compat", true); |
| 21 local allow_registration = module:get_option_boolean("allow_registration", false); | 21 local allow_registration = module:get_option_boolean("allow_registration", false); |
| 22 local additional_fields = module:get_option("additional_registration_fields", {}); | 22 local additional_fields = module:get_option("additional_registration_fields", {}); |
| 23 local require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); | |
| 23 | 24 |
| 24 local account_details = module:open_store("account_details"); | 25 local account_details = module:open_store("account_details"); |
| 25 | 26 |
| 26 local field_map = { | 27 local field_map = { |
| 27 username = { name = "username", type = "text-single", label = "Username", required = true }; | 28 username = { name = "username", type = "text-single", label = "Username", required = true }; |
| 73 local register_stream_feature = st.stanza("register", {xmlns="http://jabber.org/features/iq-register"}):up(); | 74 local register_stream_feature = st.stanza("register", {xmlns="http://jabber.org/features/iq-register"}):up(); |
| 74 module:hook("stream-features", function(event) | 75 module:hook("stream-features", function(event) |
| 75 local session, features = event.origin, event.features; | 76 local session, features = event.origin, event.features; |
| 76 | 77 |
| 77 -- Advertise registration to unauthorized clients only. | 78 -- Advertise registration to unauthorized clients only. |
| 78 if not(allow_registration) or session.type ~= "c2s_unauthed" then | 79 if not(allow_registration) or session.type ~= "c2s_unauthed" or (require_encryption and not session.secure) then |
| 79 return | 80 return |
| 80 end | 81 end |
| 81 | 82 |
| 82 features:add_child(register_stream_feature); | 83 features:add_child(register_stream_feature); |
| 83 end); | 84 end); |
| 181 module:hook("stanza/iq/jabber:iq:register:query", function(event) | 182 module:hook("stanza/iq/jabber:iq:register:query", function(event) |
| 182 local session, stanza = event.origin, event.stanza; | 183 local session, stanza = event.origin, event.stanza; |
| 183 | 184 |
| 184 if not(allow_registration) or session.type ~= "c2s_unauthed" then | 185 if not(allow_registration) or session.type ~= "c2s_unauthed" then |
| 185 session.send(st.error_reply(stanza, "cancel", "service-unavailable")); | 186 session.send(st.error_reply(stanza, "cancel", "service-unavailable")); |
| 187 elseif require_encryption and not session.secure then | |
| 188 session.send(st.error_reply(stanza, "modify", "policy-violation", "Encryption is required")); | |
| 186 else | 189 else |
| 187 local query = stanza.tags[1]; | 190 local query = stanza.tags[1]; |
| 188 if stanza.attr.type == "get" then | 191 if stanza.attr.type == "get" then |
| 189 local reply = st.reply(stanza); | 192 local reply = st.reply(stanza); |
| 190 reply:add_child(registration_query); | 193 reply:add_child(registration_query); |
