Mercurial > libervia-backend
comparison src/plugins/plugin_misc_invitations.py @ 2208:c316c6f6a737
plugin invitations: fixed leak of uuid in jid
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Sun, 26 Mar 2017 21:23:03 +0200 |
| parents | dd53d7a3219a |
| children | f8d61592f1fc |
comparison
equal
deleted
inserted
replaced
| 2207:d662bdd682b2 | 2208:c316c6f6a737 |
|---|---|
| 93 this will create an XMPP account and a profile, and use a UUID to retrieve them. | 93 this will create an XMPP account and a profile, and use a UUID to retrieve them. |
| 94 the profile is automatically generated in the form guest@@[UUID], this way they can be retrieved easily | 94 the profile is automatically generated in the form guest@@[UUID], this way they can be retrieved easily |
| 95 **kwargs: keywords arguments which can have the following keys, unset values are equivalent to None: | 95 **kwargs: keywords arguments which can have the following keys, unset values are equivalent to None: |
| 96 jid_(jid.JID, None): jid to use for invitation, the jid will be created using XEP-0077 | 96 jid_(jid.JID, None): jid to use for invitation, the jid will be created using XEP-0077 |
| 97 if the jid has no user part, an anonymous account will be used (no XMPP account created in this case) | 97 if the jid has no user part, an anonymous account will be used (no XMPP account created in this case) |
| 98 if None, automatically generate an account name (in the form "invitation-[UUID]@domain.tld") | 98 if None, automatically generate an account name (in the form "invitation-[random UUID]@domain.tld") (note that this UUID is not the |
| 99 same as the invitation one, as jid can be used publicly (leaking the UUID), and invitation UUID give access to account. | |
| 99 in case of conflict, a suffix number is added to the account until a free one if found (with a failure if SUFFIX_MAX is reached) | 100 in case of conflict, a suffix number is added to the account until a free one if found (with a failure if SUFFIX_MAX is reached) |
| 100 password(unicode, None): password to use (will be used for XMPP account and profile) | 101 password(unicode, None): password to use (will be used for XMPP account and profile) |
| 101 None to automatically generate one | 102 None to automatically generate one |
| 102 name(unicode, None): name of the invitee | 103 name(unicode, None): name of the invitee |
| 103 host_name(unicode, None): name of the host | 104 host_name(unicode, None): name of the host |
| 163 if not jid_: | 164 if not jid_: |
| 164 domain = self.host.memory.getConfig(None, 'xmpp_domain') | 165 domain = self.host.memory.getConfig(None, 'xmpp_domain') |
| 165 if not domain: | 166 if not domain: |
| 166 # TODO: fallback to profile's domain | 167 # TODO: fallback to profile's domain |
| 167 raise ValueError(_(u"You need to specify xmpp_domain in sat.conf")) | 168 raise ValueError(_(u"You need to specify xmpp_domain in sat.conf")) |
| 168 jid_ = u"invitation-{uuid}@{domain}".format(uuid=id_, domain=domain) | 169 jid_ = u"invitation-{uuid}@{domain}".format(uuid=shortuuid.uuid(), domain=domain) |
| 169 jid_ = jid.JID(jid_) | 170 jid_ = jid.JID(jid_) |
| 170 if jid_.user: | 171 if jid_.user: |
| 171 # we don't register account if there is no user as anonymous login is then used | 172 # we don't register account if there is no user as anonymous login is then used |
| 172 try: | 173 try: |
| 173 yield self.host.plugins['XEP-0077'].registerNewAccount(jid_, password) | 174 yield self.host.plugins['XEP-0077'].registerNewAccount(jid_, password) |