prosody
c0eea4f6c739
core/usermanager.lua
Software / code / prosody
Comparison
core/usermanager.lua @ 12659:c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Goal: Introduce role-auth with minimal disruption
is_admin() is unsafe in a system with per-session permissions, so it has been
deprecated.
Roll-out approach:
1) First, log a warning when is_admin() is used. It should continue to
function normally, backed by the new role API. Nothing is really using
per-session authz yet, so there is minimal security concern.
The 'strict_deprecate_is_admin' global setting can be set to 'true' to
force a hard failure of is_admin() attempts (it will log an error and
always return false).
2) In some time (at least 1 week), but possibly longer depending on the number
of affected deployments: switch 'strict_deprecate_is_admin' to 'true' by
default. It can still be disabled for systems that need it.
3) Further in the future, before the next release, the option will be removed
and is_admin() will be permanently disabled.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 15 Aug 2022 15:25:07 +0100 |
| parent | 12658:7ca5645f46cd |
| child | 12662:07424992d7fc |
comparison
equal
deleted
inserted
replaced
| 12658:7ca5645f46cd | 12659:c0eea4f6c739 |
|---|---|
| 18 local hosts = prosody.hosts; | 18 local hosts = prosody.hosts; |
| 19 | 19 |
| 20 local setmetatable = setmetatable; | 20 local setmetatable = setmetatable; |
| 21 | 21 |
| 22 local default_provider = "internal_hashed"; | 22 local default_provider = "internal_hashed"; |
| 23 | |
| 24 local debug = debug; | |
| 23 | 25 |
| 24 local _ENV = nil; | 26 local _ENV = nil; |
| 25 -- luacheck: std none | 27 -- luacheck: std none |
| 26 | 28 |
| 27 local function new_null_provider() | 29 local function new_null_provider() |
| 181 return nil, "unexpected-local-jid"; | 183 return nil, "unexpected-local-jid"; |
| 182 end | 184 end |
| 183 return hosts[host].authz.set_jid_role(jid, role_name) | 185 return hosts[host].authz.set_jid_role(jid, role_name) |
| 184 end | 186 end |
| 185 | 187 |
| 188 local strict_deprecate_is_admin; | |
| 189 local legacy_admin_roles = { ["prosody:admin"] = true, ["prosody:operator"] = true }; | |
| 190 local function is_admin(jid, host) | |
| 191 if strict_deprecate_is_admin == nil then | |
| 192 strict_deprecate_is_admin = (config.get("*", "strict_deprecate_is_admin") == true); | |
| 193 end | |
| 194 if strict_deprecate_is_admin then | |
| 195 log("error", "Attempt to use deprecated is_admin() API: %s", debug.traceback()); | |
| 196 return false; | |
| 197 end | |
| 198 log("warn", "Usage of legacy is_admin() API, which will be disabled in a future build: %s", debug.traceback()); | |
| 199 return legacy_admin_roles[get_jid_role(jid, host)] or false; | |
| 200 end | |
| 201 | |
| 186 local function get_users_with_role(role, host) | 202 local function get_users_with_role(role, host) |
| 187 if not hosts[host] then return false; end | 203 if not hosts[host] then return false; end |
| 188 if type(role) ~= "string" then return false; end | 204 if type(role) ~= "string" then return false; end |
| 189 return hosts[host].authz.get_users_with_role(role); | 205 return hosts[host].authz.get_users_with_role(role); |
| 190 end | 206 end |
| 220 get_users_with_role = get_users_with_role; | 236 get_users_with_role = get_users_with_role; |
| 221 get_jid_role = get_jid_role; | 237 get_jid_role = get_jid_role; |
| 222 set_jid_role = set_jid_role; | 238 set_jid_role = set_jid_role; |
| 223 get_jids_with_role = get_jids_with_role; | 239 get_jids_with_role = get_jids_with_role; |
| 224 get_role_by_name = get_role_by_name; | 240 get_role_by_name = get_role_by_name; |
| 241 | |
| 242 -- Deprecated | |
| 243 is_admin = is_admin; | |
| 225 }; | 244 }; |
