Comparison

core/usermanager.lua @ 12659:c0eea4f6c739

usermanager: Add back temporary is_admin to warn about deprecated API usage Goal: Introduce role-auth with minimal disruption is_admin() is unsafe in a system with per-session permissions, so it has been deprecated. Roll-out approach: 1) First, log a warning when is_admin() is used. It should continue to function normally, backed by the new role API. Nothing is really using per-session authz yet, so there is minimal security concern. The 'strict_deprecate_is_admin' global setting can be set to 'true' to force a hard failure of is_admin() attempts (it will log an error and always return false). 2) In some time (at least 1 week), but possibly longer depending on the number of affected deployments: switch 'strict_deprecate_is_admin' to 'true' by default. It can still be disabled for systems that need it. 3) Further in the future, before the next release, the option will be removed and is_admin() will be permanently disabled.
author Matthew Wild <mwild1@gmail.com>
date Mon, 15 Aug 2022 15:25:07 +0100
parent 12658:7ca5645f46cd
child 12662:07424992d7fc
comparison
equal deleted inserted replaced
12658:7ca5645f46cd 12659:c0eea4f6c739
18 local hosts = prosody.hosts; 18 local hosts = prosody.hosts;
19 19
20 local setmetatable = setmetatable; 20 local setmetatable = setmetatable;
21 21
22 local default_provider = "internal_hashed"; 22 local default_provider = "internal_hashed";
23
24 local debug = debug;
23 25
24 local _ENV = nil; 26 local _ENV = nil;
25 -- luacheck: std none 27 -- luacheck: std none
26 28
27 local function new_null_provider() 29 local function new_null_provider()
181 return nil, "unexpected-local-jid"; 183 return nil, "unexpected-local-jid";
182 end 184 end
183 return hosts[host].authz.set_jid_role(jid, role_name) 185 return hosts[host].authz.set_jid_role(jid, role_name)
184 end 186 end
185 187
188 local strict_deprecate_is_admin;
189 local legacy_admin_roles = { ["prosody:admin"] = true, ["prosody:operator"] = true };
190 local function is_admin(jid, host)
191 if strict_deprecate_is_admin == nil then
192 strict_deprecate_is_admin = (config.get("*", "strict_deprecate_is_admin") == true);
193 end
194 if strict_deprecate_is_admin then
195 log("error", "Attempt to use deprecated is_admin() API: %s", debug.traceback());
196 return false;
197 end
198 log("warn", "Usage of legacy is_admin() API, which will be disabled in a future build: %s", debug.traceback());
199 return legacy_admin_roles[get_jid_role(jid, host)] or false;
200 end
201
186 local function get_users_with_role(role, host) 202 local function get_users_with_role(role, host)
187 if not hosts[host] then return false; end 203 if not hosts[host] then return false; end
188 if type(role) ~= "string" then return false; end 204 if type(role) ~= "string" then return false; end
189 return hosts[host].authz.get_users_with_role(role); 205 return hosts[host].authz.get_users_with_role(role);
190 end 206 end
220 get_users_with_role = get_users_with_role; 236 get_users_with_role = get_users_with_role;
221 get_jid_role = get_jid_role; 237 get_jid_role = get_jid_role;
222 set_jid_role = set_jid_role; 238 set_jid_role = set_jid_role;
223 get_jids_with_role = get_jids_with_role; 239 get_jids_with_role = get_jids_with_role;
224 get_role_by_name = get_role_by_name; 240 get_role_by_name = get_role_by_name;
241
242 -- Deprecated
243 is_admin = is_admin;
225 }; 244 };