Mercurial > prosody-modules
annotate mod_register_web/mod_register_web.lua @ 1226:0667624637da
mod_register_web: Split out recaptcha verification to a separate function
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 30 Nov 2013 18:25:32 +0100 |
| parents | a3766d3baacb |
| children | 6015434f0e05 |
| rev | line source |
|---|---|
|
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local captcha_options = module:get_option("captcha_options", {}); |
|
746
03595194075a
mod_register_web: nodeprep username before creating user (thanks IRON)
Matthew Wild <mwild1@gmail.com>
parents:
653
diff
changeset
|
2 local nodeprep = require "util.encodings".stringprep.nodeprep; |
|
1225
a3766d3baacb
mod_register_web: Import usermanager and util.http into locals
Kim Alvefur <zash@zash.se>
parents:
1223
diff
changeset
|
3 local usermanager = require "core.usermanager"; |
|
a3766d3baacb
mod_register_web: Import usermanager and util.http into locals
Kim Alvefur <zash@zash.se>
parents:
1223
diff
changeset
|
4 local http = require "util.http"; |
|
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 function generate_captcha(display_options) |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 return (([[ |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 <script type="text/javascript" |
|
1223
6617f5f79d68
mod_register_web: Always use HTTPS to connect to recaptcha's API (thanks hexa)
Matthew Wild <mwild1@gmail.com>
parents:
791
diff
changeset
|
9 src="https://www.google.com/recaptcha/api/challenge?k=$$recaptcha_public_key$$"> |
|
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 </script> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 <noscript> |
|
1223
6617f5f79d68
mod_register_web: Always use HTTPS to connect to recaptcha's API (thanks hexa)
Matthew Wild <mwild1@gmail.com>
parents:
791
diff
changeset
|
12 <iframe src="https://www.google.com/recaptcha/api/noscript?k=$$recaptcha_public_key$$$$recaptcha_display_error$$" |
|
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 height="300" width="500" frameborder="0"></iframe><br> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 <textarea name="recaptcha_challenge_field" rows="3" cols="40"> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 </textarea> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 <input type="hidden" name="recaptcha_response_field" |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 value="manual_challenge"> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 </noscript> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 ]]):gsub("$$([^$]+)$%$", setmetatable({ |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 recaptcha_display_error = display_options and display_options.recaptcha_error |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 and ("&error="..display_options.recaptcha_error) or ""; |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 }, { |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 __index = function (t, k) |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 if captcha_options[k] then return captcha_options[k]; end |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 module:log("error", "Missing parameter from captcha_options: %s", k); |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 end }) |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 )); |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 end |
|
1226
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
29 function verify_captcha(form, callback) |
|
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
30 http.request("https://www.google.com/recaptcha/api/verify", { |
|
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
31 body = http.formencode { |
|
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
32 privatekey = captcha_options.recaptcha_private_key; |
|
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
33 remoteip = request.conn:ip(); |
|
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
34 challenge = form.recaptcha_challenge_field; |
|
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
35 response = form.recaptcha_response_field; |
|
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
36 }; |
|
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
37 }, function (verify_result, code) |
|
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
38 local verify_ok, verify_err = verify_result:match("^([^\n]+)\n([^\n]+)"); |
|
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
39 if verify_ok == "true" then |
|
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
40 callback(true); |
|
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
41 else |
|
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
42 callback(false, verify_err) |
|
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
43 end |
|
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
44 end); |
|
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
45 end |
|
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 function generate_page(event, display_options) |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 local request = event.request; |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 return [[<!DOCTYPE html> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 <html><body> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 <h1>XMPP Account Registration</h1> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 <form action="]]..request.path..[[" method="POST">]] |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 ..("<p>%s</p>\n"):format((display_options or {}).register_error or "").. |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 [[ <table> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 <tr> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 <td>Username:</td> |
|
791
b9d149936764
mod_register_web: Show actual hostname in registration form
Kim Alvefur <zash@zash.se>
parents:
746
diff
changeset
|
57 <td><input type="text" name="username">@]]..module.host..[[</td> |
|
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
58 </tr> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 <tr> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 <td>Password:</td> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 <td><input type="password" name="password"></td> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 </tr> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 <tr> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 <td colspan='2'>]]..generate_captcha(display_options)..[[</td> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 </tr> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 </table> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 <input type="submit" value="Register!"> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
68 </form> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 </body></html>]]; |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 end |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 function register_user(form) |
|
746
03595194075a
mod_register_web: nodeprep username before creating user (thanks IRON)
Matthew Wild <mwild1@gmail.com>
parents:
653
diff
changeset
|
73 local prepped_username = nodeprep(form.username); |
|
03595194075a
mod_register_web: nodeprep username before creating user (thanks IRON)
Matthew Wild <mwild1@gmail.com>
parents:
653
diff
changeset
|
74 if usermanager.user_exists(prepped_username, module.host) then |
|
03595194075a
mod_register_web: nodeprep username before creating user (thanks IRON)
Matthew Wild <mwild1@gmail.com>
parents:
653
diff
changeset
|
75 return nil, "user-exists"; |
|
03595194075a
mod_register_web: nodeprep username before creating user (thanks IRON)
Matthew Wild <mwild1@gmail.com>
parents:
653
diff
changeset
|
76 end |
|
03595194075a
mod_register_web: nodeprep username before creating user (thanks IRON)
Matthew Wild <mwild1@gmail.com>
parents:
653
diff
changeset
|
77 return usermanager.create_user(prepped_username, form.password, module.host); |
|
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 end |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 function generate_success(event, form) |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 return [[<!DOCTYPE html> |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
82 <html><body><p>Registration succeeded! Your account is <pre>]] |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
83 ..form.username.."@"..module.host.. |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 [[</pre> - happy chatting!</p></body></html>]]; |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
85 end |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
86 |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
87 function generate_register_response(event, form, ok, err) |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
88 local message; |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
89 if ok then |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
90 return generate_success(event, form); |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 else |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 return generate_page(event, { register_error = err }); |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
93 end |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
94 end |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
95 |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
96 function handle_form(event) |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
97 local request, response = event.request, event.response; |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
98 local form = http.formdecode(request.body); |
|
1226
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
99 verify_captcha(form, function (ok, err) |
|
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
100 if ok then |
|
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
101 local register_ok, register_err = register_user(form); |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
102 response:send(generate_register_response(event, form, register_ok, register_err)); |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
103 else |
|
1226
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
104 response:send(generate_page(event, { register_error = err })); |
|
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
105 end |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 end); |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
107 return true; -- Leave connection open until we respond above |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
108 end |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
109 |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
110 module:provides("http", { |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
111 route = { |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
112 GET = generate_page; |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
113 POST = handle_form; |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
114 }; |
|
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
115 }); |