Mercurial > prosody-modules

annotate mod_register_web/mod_register_web.lua @ 1223:6617f5f79d68

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_register_web: Always use HTTPS to connect to recaptcha's API (thanks hexa)
author Matthew Wild <mwild1@gmail.com>
date Wed, 20 Nov 2013 23:35:45 +0000
parents b9d149936764
children a3766d3baacb
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
653
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 local captcha_options = module:get_option("captcha_options", {});
746
03595194075a mod_register_web: nodeprep username before creating user (thanks IRON)
Matthew Wild <mwild1@gmail.com>
parents: 653
diff changeset
2 local nodeprep = require "util.encodings".stringprep.nodeprep;
653
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4 function generate_captcha(display_options)
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 return (([[
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 <script type="text/javascript"
1223
6617f5f79d68 mod_register_web: Always use HTTPS to connect to recaptcha's API (thanks hexa)
Matthew Wild <mwild1@gmail.com>
parents: 791
diff changeset
7 src="https://www.google.com/recaptcha/api/challenge?k=$$recaptcha_public_key$$">
653
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 </script>
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 <noscript>
1223
6617f5f79d68 mod_register_web: Always use HTTPS to connect to recaptcha's API (thanks hexa)
Matthew Wild <mwild1@gmail.com>
parents: 791
diff changeset
10 <iframe src="https://www.google.com/recaptcha/api/noscript?k=$$recaptcha_public_key$$$$recaptcha_display_error$$"
653
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 height="300" width="500" frameborder="0"></iframe><br>
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 <textarea name="recaptcha_challenge_field" rows="3" cols="40">
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 </textarea>
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 <input type="hidden" name="recaptcha_response_field"
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 value="manual_challenge">
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 </noscript>
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 ]]):gsub("$$([^$]+)$%$", setmetatable({
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 recaptcha_display_error = display_options and display_options.recaptcha_error
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 and ("&error="..display_options.recaptcha_error) or "";
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 }, {
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 __index = function (t, k)
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 if captcha_options[k] then return captcha_options[k]; end
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 module:log("error", "Missing parameter from captcha_options: %s", k);
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 end })
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 ));
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 end
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 function generate_page(event, display_options)
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 local request = event.request;
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 return [[<!DOCTYPE html>
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 <html><body>
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 <h1>XMPP Account Registration</h1>
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 <form action="]]..request.path..[[" method="POST">]]
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 ..("<p>%s</p>\n"):format((display_options or {}).register_error or "")..
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 [[ <table>
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 <tr>
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 <td>Username:</td>
791
b9d149936764 mod_register_web: Show actual hostname in registration form
Kim Alvefur <zash@zash.se>
parents: 746
diff changeset
38 <td><input type="text" name="username">@]]..module.host..[[</td>
653
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 </tr>
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 <tr>
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 <td>Password:</td>
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 <td><input type="password" name="password"></td>
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 </tr>
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 <tr>
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45 <td colspan='2'>]]..generate_captcha(display_options)..[[</td>
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 </tr>
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47 </table>
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 <input type="submit" value="Register!">
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 </form>
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50 </body></html>]];
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 end
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 function register_user(form)
746
03595194075a mod_register_web: nodeprep username before creating user (thanks IRON)
Matthew Wild <mwild1@gmail.com>
parents: 653
diff changeset
54 local prepped_username = nodeprep(form.username);
03595194075a mod_register_web: nodeprep username before creating user (thanks IRON)
Matthew Wild <mwild1@gmail.com>
parents: 653
diff changeset
55 if usermanager.user_exists(prepped_username, module.host) then
03595194075a mod_register_web: nodeprep username before creating user (thanks IRON)
Matthew Wild <mwild1@gmail.com>
parents: 653
diff changeset
56 return nil, "user-exists";
03595194075a mod_register_web: nodeprep username before creating user (thanks IRON)
Matthew Wild <mwild1@gmail.com>
parents: 653
diff changeset
57 end
03595194075a mod_register_web: nodeprep username before creating user (thanks IRON)
Matthew Wild <mwild1@gmail.com>
parents: 653
diff changeset
58 return usermanager.create_user(prepped_username, form.password, module.host);
653
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
59 end
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
60
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
61 function generate_success(event, form)
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
62 return [[<!DOCTYPE html>
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
63 <html><body><p>Registration succeeded! Your account is <pre>]]
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64 ..form.username.."@"..module.host..
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65 [[</pre> - happy chatting!</p></body></html>]];
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
66 end
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
67
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
68 function generate_register_response(event, form, ok, err)
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
69 local message;
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
70 if ok then
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
71 return generate_success(event, form);
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
72 else
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
73 return generate_page(event, { register_error = err });
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
74 end
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
75 end
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
76
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
77 function handle_form(event)
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
78 local request, response = event.request, event.response;
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
79 local form = http.formdecode(request.body);
1223
6617f5f79d68 mod_register_web: Always use HTTPS to connect to recaptcha's API (thanks hexa)
Matthew Wild <mwild1@gmail.com>
parents: 791
diff changeset
80 http.request("https://www.google.com/recaptcha/api/verify", {
653
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
81 body = http.formencode {
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
82 privatekey = captcha_options.recaptcha_private_key;
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
83 remoteip = request.conn:ip();
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
84 challenge = form.recaptcha_challenge_field;
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
85 response = form.recaptcha_response_field;
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
86 };
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
87 }, function (verify_result, code)
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
88 local verify_ok, verify_err = verify_result:match("^([^\n]+)\n([^\n]+)");
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
89 if verify_ok == "true" then
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
90 local register_ok, register_err = register_user(form);
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
91 response:send(generate_register_response(event, form, register_ok, register_err));
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
92 else
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
93 response:send(generate_page(event, { register_error = verify_err }));
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
94 end
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
95 end);
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
96 return true; -- Leave connection open until we respond above
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
97 end
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
98
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
99 module:provides("http", {
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
100 route = {
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
101 GET = generate_page;
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
102 POST = handle_form;
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
103 };
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
104 });