X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=plugins%2Fmod_register.lua;h=43124ff98f45d92cb82b815cac87ae007cc0252a;hb=3f9a02bee5e142846bf7da49dd2c6a1be72c86d5;hp=250be65dcd509e539bf97ee43f9add1351d2ee85;hpb=996e2277564f60794aad9ac2240e4d18d8a2df3b;p=prosody.git diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua index 250be65d..43124ff9 100644 --- a/plugins/mod_register.lua +++ b/plugins/mod_register.lua @@ -1,29 +1,21 @@ --- Prosody IM v0.2 --- Copyright (C) 2008 Matthew Wild --- Copyright (C) 2008 Waqas Hussain +-- Prosody IM v0.4 +-- Copyright (C) 2008-2009 Matthew Wild +-- Copyright (C) 2008-2009 Waqas Hussain -- --- This program is free software; you can redistribute it and/or --- modify it under the terms of the GNU General Public License --- as published by the Free Software Foundation; either version 2 --- of the License, or (at your option) any later version. --- --- This program is distributed in the hope that it will be useful, --- but WITHOUT ANY WARRANTY; without even the implied warranty of --- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --- GNU General Public License for more details. --- --- You should have received a copy of the GNU General Public License --- along with this program; if not, write to the Free Software --- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. -- - +local hosts = _G.hosts; local st = require "util.stanza"; +local config = require "core.configmanager"; +local datamanager = require "util.datamanager"; local usermanager_user_exists = require "core.usermanager".user_exists; local usermanager_create_user = require "core.usermanager".create_user; local datamanager_store = require "util.datamanager".store; local os_time = os.time; +local nodeprep = require "util.encodings".stringprep.nodeprep; module:add_feature("jabber:iq:register"); @@ -40,22 +32,23 @@ module:add_iq_handler("c2s", "jabber:iq:register", function (session, stanza) elseif stanza.attr.type == "set" then if query.tags[1] and query.tags[1].name == "remove" then -- TODO delete user auth data, send iq response, kick all user resources with a , delete all user data + local username, host = session.username, session.host; --session.send(st.error_reply(stanza, "cancel", "not-allowed")); --return; - usermanager_create_user(session.username, nil, session.host); -- Disable account + usermanager_create_user(username, nil, host); -- Disable account -- FIXME the disabling currently allows a different user to recreate the account -- we should add an in-memory account block mode when we have threading session.send(st.reply(stanza)); local roster = session.roster; - for _, session in pairs(hosts[session.host].sessions[session.username].sessions) do -- disconnect all resources - session:disconnect({condition = "not-authorized", text = "Account deleted"}); + for _, session in pairs(hosts[host].sessions[username].sessions) do -- disconnect all resources + session:close({condition = "not-authorized", text = "Account deleted"}); end -- TODO datamanager should be able to delete all user data itself - datamanager.store(session.username, session.host, "roster", nil); - datamanager.store(session.username, session.host, "vcard", nil); - datamanager.store(session.username, session.host, "private", nil); - datamanager.store(session.username, session.host, "offline", nil); - local bare = session.username.."@"..session.host; + datamanager.store(username, host, "roster", nil); + datamanager.store(username, host, "vcard", nil); + datamanager.store(username, host, "private", nil); + datamanager.store(username, host, "offline", nil); + --local bare = username.."@"..host; for jid, item in pairs(roster) do if jid ~= "pending" then if item.subscription == "both" or item.subscription == "to" then @@ -66,13 +59,15 @@ module:add_iq_handler("c2s", "jabber:iq:register", function (session, stanza) end end end - datamanager.store(session.username, session.host, "accounts", nil); -- delete accounts datastore at the end + datamanager.store(username, host, "accounts", nil); -- delete accounts datastore at the end + module:log("info", "User removed their account: %s@%s", username, host); + module:fire_event("user-deregistered", { username = username, host = host, source = "mod_register", session = session }); else local username = query:child_with_name("username"); local password = query:child_with_name("password"); if username and password then -- FIXME shouldn't use table.concat - username = table.concat(username); + username = nodeprep(table.concat(username)); password = table.concat(password); if username == session.username then if usermanager_create_user(username, password, session.host) then -- password change -- TODO is this the right way? @@ -96,6 +91,7 @@ end); local recent_ips = {}; local min_seconds_between_registrations = config.get(module.host, "core", "min_seconds_between_registrations"); +local whitelist_only = config.get(module.host, "core", "whitelist_registration_only"); local whitelisted_ips = config.get(module.host, "core", "registration_whitelist") or { "127.0.0.1" }; local blacklisted_ips = config.get(module.host, "core", "registration_blacklist") or {}; @@ -122,7 +118,7 @@ module:add_iq_handler("c2s_unauthed", "jabber:iq:register", function (session, s local password = query:child_with_name("password"); if username and password then -- Check that the user is not blacklisted or registering too often - if blacklisted_ips[session.ip] then + if blacklisted_ips[session.ip] or (whitelist_only and not whitelisted_ips[session.ip]) then session.send(st.error_reply(stanza, "cancel", "not-acceptable")); return; elseif min_seconds_between_registrations and not whitelisted_ips[session.ip] then @@ -142,13 +138,17 @@ module:add_iq_handler("c2s_unauthed", "jabber:iq:register", function (session, s end end -- FIXME shouldn't use table.concat - username = table.concat(username); + username = nodeprep(table.concat(username)); password = table.concat(password); if usermanager_user_exists(username, session.host) then session.send(st.error_reply(stanza, "cancel", "conflict")); else if usermanager_create_user(username, password, session.host) then session.send(st.reply(stanza)); -- user created! + module:log("info", "User account created: %s@%s", username, session.host); + module:fire_event("user-registered", { + username = username, host = session.host, source = "mod_register", + session = session }); else -- TODO unable to write file, file may be locked, etc, what's the correct error? session.send(st.error_reply(stanza, "wait", "internal-server-error"));