Software / code / prosody
Changeset
12659:c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Goal: Introduce role-auth with minimal disruption
is_admin() is unsafe in a system with per-session permissions, so it has been
deprecated.
Roll-out approach:
1) First, log a warning when is_admin() is used. It should continue to
function normally, backed by the new role API. Nothing is really using
per-session authz yet, so there is minimal security concern.
The 'strict_deprecate_is_admin' global setting can be set to 'true' to
force a hard failure of is_admin() attempts (it will log an error and
always return false).
2) In some time (at least 1 week), but possibly longer depending on the number
of affected deployments: switch 'strict_deprecate_is_admin' to 'true' by
default. It can still be disabled for systems that need it.
3) Further in the future, before the next release, the option will be removed
and is_admin() will be permanently disabled.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 15 Aug 2022 15:25:07 +0100 |
| parents | 12658:7ca5645f46cd |
| children | 12660:e8f57970ced5 |
| files | core/usermanager.lua |
| diffstat | 1 files changed, 19 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/core/usermanager.lua Fri Aug 12 16:21:57 2022 +0100 +++ b/core/usermanager.lua Mon Aug 15 15:25:07 2022 +0100 @@ -21,6 +21,8 @@ local default_provider = "internal_hashed"; +local debug = debug; + local _ENV = nil; -- luacheck: std none @@ -183,6 +185,20 @@ return hosts[host].authz.set_jid_role(jid, role_name) end +local strict_deprecate_is_admin; +local legacy_admin_roles = { ["prosody:admin"] = true, ["prosody:operator"] = true }; +local function is_admin(jid, host) + if strict_deprecate_is_admin == nil then + strict_deprecate_is_admin = (config.get("*", "strict_deprecate_is_admin") == true); + end + if strict_deprecate_is_admin then + log("error", "Attempt to use deprecated is_admin() API: %s", debug.traceback()); + return false; + end + log("warn", "Usage of legacy is_admin() API, which will be disabled in a future build: %s", debug.traceback()); + return legacy_admin_roles[get_jid_role(jid, host)] or false; +end + local function get_users_with_role(role, host) if not hosts[host] then return false; end if type(role) ~= "string" then return false; end @@ -222,4 +238,7 @@ set_jid_role = set_jid_role; get_jids_with_role = get_jids_with_role; get_role_by_name = get_role_by_name; + + -- Deprecated + is_admin = is_admin; };
