Mercurial > prosody-modules
annotate mod_register_web/mod_register_web.lua @ 4281:3c80e46e26f2
mod_muc_rai: Use log systems string formatting facilities
Weird things happen if you put %s in your JID here.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 01 Dec 2020 22:12:16 +0100 |
parents | cf3247ec5e01 |
children | 95262bd1bcb2 |
rev | line source |
---|---|
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local captcha_options = module:get_option("captcha_options", {}); |
746
03595194075a
mod_register_web: nodeprep username before creating user (thanks IRON)
Matthew Wild <mwild1@gmail.com>
parents:
653
diff
changeset
|
2 local nodeprep = require "util.encodings".stringprep.nodeprep; |
1225
a3766d3baacb
mod_register_web: Import usermanager and util.http into locals
Kim Alvefur <zash@zash.se>
parents:
1223
diff
changeset
|
3 local usermanager = require "core.usermanager"; |
2739
7d864a03b509
mod_register_web: Import missing datamanager
Michel Le Bihan <michel@lebihan.pl>
parents:
2733
diff
changeset
|
4 local datamanager = require "util.datamanager"; |
1247
34fbe58d19da
mod_register_web: Use net.http instead of util.http, as we need to make requests (thanks dustin)
Matthew Wild <mwild1@gmail.com>
parents:
1239
diff
changeset
|
5 local http = require "net.http"; |
1459
742f3dc601b5
mod_register_web: Use path separator from package.config
Kim Alvefur <zash@zash.se>
parents:
1320
diff
changeset
|
6 local path_sep = package.config:sub(1,1); |
1778
32604bf33a4c
mod_register_web: Switch to the new reCAPTCHA API, including support for "nocaptcha" when users are already signed in to Google.
Thijs Alkemade <me@thijsalkema.de>
parents:
1618
diff
changeset
|
7 local json = require "util.json".decode; |
32604bf33a4c
mod_register_web: Switch to the new reCAPTCHA API, including support for "nocaptcha" when users are already signed in to Google.
Thijs Alkemade <me@thijsalkema.de>
parents:
1618
diff
changeset
|
8 local t_concat = table.concat; |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 |
3372
866167118d23
mod_register_web: Add soft dependency on mod_register_limits (0.11+)
Kim Alvefur <zash@zash.se>
parents:
2999
diff
changeset
|
10 pcall(function () |
866167118d23
mod_register_web: Add soft dependency on mod_register_limits (0.11+)
Kim Alvefur <zash@zash.se>
parents:
2999
diff
changeset
|
11 module:depends("register_limits"); |
866167118d23
mod_register_web: Add soft dependency on mod_register_limits (0.11+)
Kim Alvefur <zash@zash.se>
parents:
2999
diff
changeset
|
12 end); |
866167118d23
mod_register_web: Add soft dependency on mod_register_limits (0.11+)
Kim Alvefur <zash@zash.se>
parents:
2999
diff
changeset
|
13 |
1460
5e1f7af23cf0
mod_register_web: Add dependency on mod_http
Kim Alvefur <zash@zash.se>
parents:
1459
diff
changeset
|
14 module:depends"http"; |
5e1f7af23cf0
mod_register_web: Add dependency on mod_http
Kim Alvefur <zash@zash.se>
parents:
1459
diff
changeset
|
15 |
1235
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
16 local extra_fields = { |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
17 nick = true; name = true; first = true; last = true; email = true; |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
18 address = true; city = true; state = true; zip = true; |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
19 phone = true; url = true; date = true; |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
20 } |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
21 |
1572
1aa894db3585
mod_register_web: Add option for specifying path to templates
Kim Alvefur <zash@zash.se>
parents:
1460
diff
changeset
|
22 local template_path = module:get_option_string("register_web_template", "templates"); |
1227
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
23 function template(data) |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
24 -- Like util.template, but deals with plain text |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
25 return { apply = function(values) return (data:gsub("{([^}]+)}", values)); end } |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
26 end |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
27 |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
28 local function get_template(name) |
1572
1aa894db3585
mod_register_web: Add option for specifying path to templates
Kim Alvefur <zash@zash.se>
parents:
1460
diff
changeset
|
29 local fh = assert(module:load_resource(template_path..path_sep..name..".html")); |
1227
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
30 local data = assert(fh:read("*a")); |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
31 fh:close(); |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
32 return template(data); |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
33 end |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
34 |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
35 local function render(template, data) |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
36 return tostring(template.apply(data)); |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
37 end |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
38 |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
39 local register_tpl = get_template "register"; |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
40 local success_tpl = get_template "success"; |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
41 |
3724
1c3c7d73c5a6
mod_register_web: Fix to use real client IP in case of proxy forwarding (thanks Sebastian)
Kim Alvefur <zash@zash.se>
parents:
3679
diff
changeset
|
42 -- COMPAT `or request.conn:ip()` |
1c3c7d73c5a6
mod_register_web: Fix to use real client IP in case of proxy forwarding (thanks Sebastian)
Kim Alvefur <zash@zash.se>
parents:
3679
diff
changeset
|
43 |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
44 if next(captcha_options) ~= nil then |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
45 local recaptcha_tpl = get_template "recaptcha"; |
1227
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
46 |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
47 function generate_captcha(display_options) |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
48 return recaptcha_tpl.apply(setmetatable({ |
2740
57d4680b86a4
mod_register_web: Normalize indentation [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2739
diff
changeset
|
49 recaptcha_display_error = display_options and display_options.recaptcha_error |
57d4680b86a4
mod_register_web: Normalize indentation [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2739
diff
changeset
|
50 and ("&error="..display_options.recaptcha_error) or ""; |
57d4680b86a4
mod_register_web: Normalize indentation [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2739
diff
changeset
|
51 }, { |
2925
049975800d1c
mod_register_web: Remove unused variables [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2924
diff
changeset
|
52 __index = function (_, k) |
2740
57d4680b86a4
mod_register_web: Normalize indentation [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2739
diff
changeset
|
53 if captcha_options[k] then return captcha_options[k]; end |
57d4680b86a4
mod_register_web: Normalize indentation [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2739
diff
changeset
|
54 module:log("error", "Missing parameter from captcha_options: %s", k); |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
55 end |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
56 })); |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
57 end |
1234
da39ba4047a7
mod_register_web: Pass request to captcha handler
Kim Alvefur <zash@zash.se>
parents:
1233
diff
changeset
|
58 function verify_captcha(request, form, callback) |
1778
32604bf33a4c
mod_register_web: Switch to the new reCAPTCHA API, including support for "nocaptcha" when users are already signed in to Google.
Thijs Alkemade <me@thijsalkema.de>
parents:
1618
diff
changeset
|
59 http.request("https://www.google.com/recaptcha/api/siteverify", { |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
60 body = http.formencode { |
1778
32604bf33a4c
mod_register_web: Switch to the new reCAPTCHA API, including support for "nocaptcha" when users are already signed in to Google.
Thijs Alkemade <me@thijsalkema.de>
parents:
1618
diff
changeset
|
61 secret = captcha_options.recaptcha_private_key; |
3724
1c3c7d73c5a6
mod_register_web: Fix to use real client IP in case of proxy forwarding (thanks Sebastian)
Kim Alvefur <zash@zash.se>
parents:
3679
diff
changeset
|
62 remoteip = request.ip or request.conn:ip(); |
1778
32604bf33a4c
mod_register_web: Switch to the new reCAPTCHA API, including support for "nocaptcha" when users are already signed in to Google.
Thijs Alkemade <me@thijsalkema.de>
parents:
1618
diff
changeset
|
63 response = form["g-recaptcha-response"]; |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
64 }; |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
65 }, function (verify_result, code) |
1778
32604bf33a4c
mod_register_web: Switch to the new reCAPTCHA API, including support for "nocaptcha" when users are already signed in to Google.
Thijs Alkemade <me@thijsalkema.de>
parents:
1618
diff
changeset
|
66 local result = json(verify_result); |
2999
d631fd9a3300
mod_register_web: Handle errors contacting upstream API
Matthew Wild <mwild1@gmail.com>
parents:
2929
diff
changeset
|
67 if not result then |
d631fd9a3300
mod_register_web: Handle errors contacting upstream API
Matthew Wild <mwild1@gmail.com>
parents:
2929
diff
changeset
|
68 module:log("warn", "Unable to decode response from recaptcha: [%d] %s", code, verify_result); |
d631fd9a3300
mod_register_web: Handle errors contacting upstream API
Matthew Wild <mwild1@gmail.com>
parents:
2929
diff
changeset
|
69 callback(false, "Captcha API error"); |
d631fd9a3300
mod_register_web: Handle errors contacting upstream API
Matthew Wild <mwild1@gmail.com>
parents:
2929
diff
changeset
|
70 elseif result.success == true then |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
71 callback(true); |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
72 else |
1778
32604bf33a4c
mod_register_web: Switch to the new reCAPTCHA API, including support for "nocaptcha" when users are already signed in to Google.
Thijs Alkemade <me@thijsalkema.de>
parents:
1618
diff
changeset
|
73 callback(false, t_concat(result["error-codes"])); |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
74 end |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
75 end); |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
76 end |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
77 else |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
78 module:log("debug", "No Recaptcha options set, using fallback captcha") |
1231 | 79 local random = math.random; |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
80 local hmac_sha1 = require "util.hashes".hmac_sha1; |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
81 local secret = require "util.uuid".generate() |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
82 local ops = { '+', '-' }; |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
83 local captcha_tpl = get_template "simplecaptcha"; |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
84 function generate_captcha() |
1231 | 85 local op = ops[random(1, #ops)]; |
86 local x, y = random(1, 9) | |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
87 repeat |
1231 | 88 y = random(1, 9); |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
89 until x ~= y; |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
90 local answer; |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
91 if op == '+' then |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
92 answer = x + y; |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
93 elseif op == '-' then |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
94 if x < y then |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
95 -- Avoid negative numbers |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
96 x, y = y, x; |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
97 end |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
98 answer = x - y; |
1227
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
99 end |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
100 local challenge = hmac_sha1(secret, answer, true); |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
101 return captcha_tpl.apply { |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
102 op = op, x = x, y = y, challenge = challenge; |
1226
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
103 }; |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
104 end |
1234
da39ba4047a7
mod_register_web: Pass request to captcha handler
Kim Alvefur <zash@zash.se>
parents:
1233
diff
changeset
|
105 function verify_captcha(request, form, callback) |
3679
f9a93d7b6c50
mod_register_web: Fix traceback if captcha_reply is left out of the form (thanks woffs)
Kim Alvefur <zash@zash.se>
parents:
3372
diff
changeset
|
106 if hmac_sha1(secret, form.captcha_reply or "", true) == form.captcha_challenge then |
1226
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
107 callback(true); |
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
108 else |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
109 callback(false, "Captcha verification failed"); |
1226
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
110 end |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
111 end |
1226
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
112 end |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
113 |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
114 function generate_page(event, display_options) |
1618
c56baec031e8
mod_register_web: Send Content-Type headers
Kim Alvefur <zash@zash.se>
parents:
1572
diff
changeset
|
115 local request, response = event.request, event.response; |
1227
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
116 |
1618
c56baec031e8
mod_register_web: Send Content-Type headers
Kim Alvefur <zash@zash.se>
parents:
1572
diff
changeset
|
117 response.headers.content_type = "text/html; charset=utf-8"; |
1227
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
118 return render(register_tpl, { |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
119 path = request.path; hostname = module.host; |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
120 notice = display_options and display_options.register_error or ""; |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
121 captcha = generate_captcha(display_options); |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
122 }) |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
123 end |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
124 |
1320
e670d4cc5027
mod_register_web: Pass request around so IP address can be reported
Kim Alvefur <zash@zash.se>
parents:
1247
diff
changeset
|
125 function register_user(form, origin) |
2924
edf5e8a77d0c
mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents:
2923
diff
changeset
|
126 local username = form.username; |
edf5e8a77d0c
mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents:
2923
diff
changeset
|
127 local password = form.password; |
edf5e8a77d0c
mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents:
2923
diff
changeset
|
128 local confirm_password = form.confirm_password; |
2929
3a104a900af1
mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents:
2925
diff
changeset
|
129 local jid = nil; |
2924
edf5e8a77d0c
mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents:
2923
diff
changeset
|
130 form.username, form.password, form.confirm_password = nil, nil, nil; |
edf5e8a77d0c
mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents:
2923
diff
changeset
|
131 |
3725
19e43b7a969d
mod_register_web: Enforce strict username validation (on trunk, ignored otherwise)
Kim Alvefur <zash@zash.se>
parents:
3724
diff
changeset
|
132 local prepped_username = nodeprep(username, true); |
1230
f7c561fbd5a6
mod_register_web: Friendly error messages if the username is taken or failed nodeprep
Kim Alvefur <zash@zash.se>
parents:
1229
diff
changeset
|
133 if not prepped_username then |
f7c561fbd5a6
mod_register_web: Friendly error messages if the username is taken or failed nodeprep
Kim Alvefur <zash@zash.se>
parents:
1229
diff
changeset
|
134 return nil, "Username contains forbidden characters"; |
f7c561fbd5a6
mod_register_web: Friendly error messages if the username is taken or failed nodeprep
Kim Alvefur <zash@zash.se>
parents:
1229
diff
changeset
|
135 end |
1236
59332e0bfbdc
mod_register_web: Check for empty username
Kim Alvefur <zash@zash.se>
parents:
1235
diff
changeset
|
136 if #prepped_username == 0 then |
59332e0bfbdc
mod_register_web: Check for empty username
Kim Alvefur <zash@zash.se>
parents:
1235
diff
changeset
|
137 return nil, "The username field was empty"; |
59332e0bfbdc
mod_register_web: Check for empty username
Kim Alvefur <zash@zash.se>
parents:
1235
diff
changeset
|
138 end |
1229
12e3bc0fd6ed
mod_register_web: Indentation fix
Kim Alvefur <zash@zash.se>
parents:
1228
diff
changeset
|
139 if usermanager.user_exists(prepped_username, module.host) then |
1230
f7c561fbd5a6
mod_register_web: Friendly error messages if the username is taken or failed nodeprep
Kim Alvefur <zash@zash.se>
parents:
1229
diff
changeset
|
140 return nil, "Username already taken"; |
1229
12e3bc0fd6ed
mod_register_web: Indentation fix
Kim Alvefur <zash@zash.se>
parents:
1228
diff
changeset
|
141 end |
3724
1c3c7d73c5a6
mod_register_web: Fix to use real client IP in case of proxy forwarding (thanks Sebastian)
Kim Alvefur <zash@zash.se>
parents:
3679
diff
changeset
|
142 local registering = { username = prepped_username , host = module.host, additional = form, ip = origin.ip or origin.conn:ip(), allowed = true } |
1237
c669cb78b293
mod_register_web: Fire user-registering event like mod_register
Kim Alvefur <zash@zash.se>
parents:
1236
diff
changeset
|
143 module:fire_event("user-registering", registering); |
c669cb78b293
mod_register_web: Fire user-registering event like mod_register
Kim Alvefur <zash@zash.se>
parents:
1236
diff
changeset
|
144 if not registering.allowed then |
2923
9d53134a0b29
mod_register_web: Return reason for rejection if one was provided by another plugin during pre-registration checks
Kim Alvefur <zash@zash.se>
parents:
2922
diff
changeset
|
145 return nil, registering.reason or "Registration not allowed"; |
1237
c669cb78b293
mod_register_web: Fire user-registering event like mod_register
Kim Alvefur <zash@zash.se>
parents:
1236
diff
changeset
|
146 end |
2924
edf5e8a77d0c
mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents:
2923
diff
changeset
|
147 if confirm_password ~= password then |
2733
c8161146c698
mod_register_web: Add password confirmation field
Michel Le Bihan <michel@lebihan.pl>
parents:
1778
diff
changeset
|
148 return nil, "Passwords don't match"; |
c8161146c698
mod_register_web: Add password confirmation field
Michel Le Bihan <michel@lebihan.pl>
parents:
1778
diff
changeset
|
149 end |
2924
edf5e8a77d0c
mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents:
2923
diff
changeset
|
150 local ok, err = usermanager.create_user(prepped_username, password, module.host); |
1232
12f59489ef6e
mod_register_web: Fire user-registered event
Kim Alvefur <zash@zash.se>
parents:
1231
diff
changeset
|
151 if ok then |
2929
3a104a900af1
mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents:
2925
diff
changeset
|
152 jid = prepped_username.."@"..module.host |
1235
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
153 local extra_data = {}; |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
154 for field in pairs(extra_fields) do |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
155 local field_value = form[field]; |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
156 if field_value and #field_value > 0 then |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
157 extra_data[field] = field_value; |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
158 end |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
159 end |
1238
752285859607
mod_register_web: Use correct variables
Kim Alvefur <zash@zash.se>
parents:
1237
diff
changeset
|
160 if next(extra_data) ~= nil then |
1235
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
161 datamanager.store(prepped_username, module.host, "account_details", extra_data); |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
162 end |
1232
12f59489ef6e
mod_register_web: Fire user-registered event
Kim Alvefur <zash@zash.se>
parents:
1231
diff
changeset
|
163 module:fire_event("user-registered", { |
12f59489ef6e
mod_register_web: Fire user-registered event
Kim Alvefur <zash@zash.se>
parents:
1231
diff
changeset
|
164 username = prepped_username, |
12f59489ef6e
mod_register_web: Fire user-registered event
Kim Alvefur <zash@zash.se>
parents:
1231
diff
changeset
|
165 host = module.host, |
1320
e670d4cc5027
mod_register_web: Pass request around so IP address can be reported
Kim Alvefur <zash@zash.se>
parents:
1247
diff
changeset
|
166 source = module.name, |
3724
1c3c7d73c5a6
mod_register_web: Fix to use real client IP in case of proxy forwarding (thanks Sebastian)
Kim Alvefur <zash@zash.se>
parents:
3679
diff
changeset
|
167 ip = origin.ip or origin.conn:ip(), |
1232
12f59489ef6e
mod_register_web: Fire user-registered event
Kim Alvefur <zash@zash.se>
parents:
1231
diff
changeset
|
168 }); |
12f59489ef6e
mod_register_web: Fire user-registered event
Kim Alvefur <zash@zash.se>
parents:
1231
diff
changeset
|
169 end |
2929
3a104a900af1
mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents:
2925
diff
changeset
|
170 return jid, err; |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
171 end |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
172 |
2929
3a104a900af1
mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents:
2925
diff
changeset
|
173 function generate_success(event, jid) |
3a104a900af1
mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents:
2925
diff
changeset
|
174 return render(success_tpl, { jid = jid }); |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
175 end |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
176 |
2929
3a104a900af1
mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents:
2925
diff
changeset
|
177 function generate_register_response(event, jid, err) |
1618
c56baec031e8
mod_register_web: Send Content-Type headers
Kim Alvefur <zash@zash.se>
parents:
1572
diff
changeset
|
178 event.response.headers.content_type = "text/html; charset=utf-8"; |
2929
3a104a900af1
mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents:
2925
diff
changeset
|
179 if jid then |
3a104a900af1
mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents:
2925
diff
changeset
|
180 return generate_success(event, jid); |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
181 else |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
182 return generate_page(event, { register_error = err }); |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
183 end |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
184 end |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
185 |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
186 function handle_form(event) |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
187 local request, response = event.request, event.response; |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
188 local form = http.formdecode(request.body); |
1234
da39ba4047a7
mod_register_web: Pass request to captcha handler
Kim Alvefur <zash@zash.se>
parents:
1233
diff
changeset
|
189 verify_captcha(request, form, function (ok, err) |
1226
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
190 if ok then |
2929
3a104a900af1
mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents:
2925
diff
changeset
|
191 local jid, register_err = register_user(form, request); |
3a104a900af1
mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents:
2925
diff
changeset
|
192 response:send(generate_register_response(event, jid, register_err)); |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
193 else |
1226
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
194 response:send(generate_page(event, { register_error = err })); |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
195 end |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
196 end); |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
197 return true; -- Leave connection open until we respond above |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
198 end |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
199 |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
200 module:provides("http", { |
3753
cf3247ec5e01
mod_register_web: Set a (configurable) HTTP app title
Kim Alvefur <zash@zash.se>
parents:
3725
diff
changeset
|
201 title = module:get_option_string("register_web_title", "Account Registration"); |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
202 route = { |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
203 GET = generate_page; |
1239
cc5cbeeb9fc7
mod_register_web: Handle URLs with a trailing slash
Kim Alvefur <zash@zash.se>
parents:
1238
diff
changeset
|
204 ["GET /"] = generate_page; |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
205 POST = handle_form; |
1239
cc5cbeeb9fc7
mod_register_web: Handle URLs with a trailing slash
Kim Alvefur <zash@zash.se>
parents:
1238
diff
changeset
|
206 ["POST /"] = handle_form; |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
207 }; |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
208 }); |