Software `/` code `/` prosody

Comparison

plugins/mod_admin_shell.lua @ 12672:c8f59ce7d3cf

mod_admin_shell: Ensure account has role before it is usable By creating the account first without a password it can't be used until the role has set. This is most important for restricted accounts, as a failure to set the role would lead to the account having more privileges than indented.

author	Kim Alvefur <zash@zash.se>
date	Thu, 18 Aug 2022 19:00:01 +0200
parent	12670:4a00c8811ea8
child	12675:db8c795ca81a

comparison

equal deleted inserted replaced

-:32881d0c359f
+:c8f59ce7d3cf
 	if not prosody.hosts[host] then
 		return nil, "No such host: "..host;
 	elseif um.user_exists(username, host) then
 		return nil, "User exists";
 	end
-	local ok, err = um.create_user(username, password, host);
+	local ok, err = um.create_user(username, nil, host);
-	if ok then
+	if not ok then
-		if ok and role then
-			local role_ok, rerr = um.set_user_role(jid, host, role);
-			if not role_ok then return nil, "User created, but could not set role: " .. tostring(rerr); end
-		end
-		return true, "User created";
-	else
 		return nil, "Could not create user: "..err;
 	end
+	if role then
+		local role_ok, rerr = um.set_user_role(jid, host, role);
+		if not role_ok then
+			return nil, "Could not set role: " .. tostring(rerr);
+		end
+	end
+	local ok, err = um.set_password(username, password, host, nil);
+	if not ok then
+		return nil, "Could not set password for user: "..err;
+	end
+	return true, "User created";
 end
 function def_env.user:delete(jid)
 	local username, host = jid_split(jid);
 	if not prosody.hosts[host] then

prosody

c8f59ce7d3cf

plugins/mod_admin_shell.lua

Software / code / prosody

Comparison

plugins/mod_admin_shell.lua @ 12672:c8f59ce7d3cf

Software `/` code `/` prosody