prosody
94de6b7596cc
plugins/mod_tombstones.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_tombstones.lua @ 12115:94de6b7596cc

mod_tombstones: Remember deleted accounts #1307 Presence subscriptions are normally revoked on account deletion, which informs the contact. Sometimes this notification gets lost e.g. due to s2s problems. The accounts JID may also be present e.g. in MUC affiliations, chat group member lists, pubsub subscriptions or other systems. These may grant privileges which would fall to someone who creates the same account again, which this module is meant to prevent.
author Kim Alvefur <zash@zash.se>
date Thu, 23 Dec 2021 14:08:20 +0100
child 12117:0c9b64178eda
comparison
equal deleted inserted replaced
12114:e32f90c81519 12115:94de6b7596cc
1 -- TODO warn when trying to create an user before the tombstone expires
2 -- e.g. via telnet or other admin interface
3 local datetime = require "util.datetime";
4 local errors = require "util.error";
5 local jid_split = require"util.jid".split;
6 local st = require "util.stanza";
7
8 -- Using a map store as key-value store so that removal of all user data
9 -- does not also remove the tombstone, which would defeat the point
10 local graveyard = module:open_store(nil, "map");
11
12 local ttl = module:get_option_number("user_tombstone_expiry", nil);
13 -- Keep tombstones forever by default
14 --
15 -- Rationale:
16 -- There is no way to be completely sure when remote services have
17 -- forgotten and revoked all memberships.
18
19 module:hook_global("user-deleted", function(event)
20 if event.host == module.host then
21 local ok, err = graveyard:set(nil, event.username, os.time());
22 if not ok then module:log("error", "Could store tombstone for %s: %s", event.username, err); end
23 end
24 end);
25
26 -- Public API
27 function has_tombstone(username)
28 local tombstone, err = graveyard:get(nil, username);
29
30 if err or not tombstone then return tombstone, err; end
31
32 if ttl and tombstone + ttl < os.time() then
33 module:log("debug", "Tombstone for %s created at %s has expired", username, datetime.datetime(tombstone));
34 graveyard:set(nil, username, nil);
35 return nil;
36 end
37 return tombstone;
38 end
39
40 module:hook("user-registering", function(event)
41 local tombstone, err = has_tombstone(event.username);
42
43 if err then
44 event.allowed, event.error = errors.coerce(false, err);
45 return true;
46 elseif not tombstone then
47 -- Feel free
48 return;
49 end
50
51 module:log("debug", "Tombstone for %s created at %s", event.username, datetime.datetime(tombstone));
52 event.allowed = false;
53 return true;
54 end);
55
56 module:hook("presence/bare", function(event)
57 local origin, presence = event.origin, event.stanza;
58
59 -- We want to undo any left-over presence subscriptions and notify the former
60 -- contact that they're gone.
61 --
62 -- FIXME This leaks that the user once existed. Hard to avoid without keeping
63 -- the contact list in some form, which we don't want to do for privacy
64 -- reasons. Bloom filter perhaps?
65 if has_tombstone(jid_split(presence.attr.to)) then
66 if presence.attr.type == "probe" then
67 origin.send(st.error_reply(presence, "cancel", "gone", "User deleted"));
68 origin.send(st.presence({ type = "unsubscribed"; to = presence.attr.from; from = presence.attr.to }));
69 elseif presence.attr.type == nil or presence.attr.type == "unavailable" then
70 origin.send(st.error_reply(presence, "cancel", "gone", "User deleted"));
71 origin.send(st.presence({ type = "unsubscribe"; to = presence.attr.from; from = presence.attr.to }));
72 end
73 return true;
74 end
75 end, 1);