Mercurial > prosody-modules
annotate mod_register_web/mod_register_web.lua @ 3568:6b3181fe5617
mod_auth_token: Timezone fix for TOTP checking
luatz.time() returns milliseconds since epoch which is in UTC time, so we don't
need to convert to UTC with gmtime.
By calling gmtime, TOTP validation was failing when this module wasn't running
on machine set to UTC time.
author | JC Brand <jc@opkode.com> |
---|---|
date | Thu, 02 May 2019 11:07:27 +0200 |
parents | 866167118d23 |
children | f9a93d7b6c50 |
rev | line source |
---|---|
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local captcha_options = module:get_option("captcha_options", {}); |
746
03595194075a
mod_register_web: nodeprep username before creating user (thanks IRON)
Matthew Wild <mwild1@gmail.com>
parents:
653
diff
changeset
|
2 local nodeprep = require "util.encodings".stringprep.nodeprep; |
1225
a3766d3baacb
mod_register_web: Import usermanager and util.http into locals
Kim Alvefur <zash@zash.se>
parents:
1223
diff
changeset
|
3 local usermanager = require "core.usermanager"; |
2739
7d864a03b509
mod_register_web: Import missing datamanager
Michel Le Bihan <michel@lebihan.pl>
parents:
2733
diff
changeset
|
4 local datamanager = require "util.datamanager"; |
1247
34fbe58d19da
mod_register_web: Use net.http instead of util.http, as we need to make requests (thanks dustin)
Matthew Wild <mwild1@gmail.com>
parents:
1239
diff
changeset
|
5 local http = require "net.http"; |
1459
742f3dc601b5
mod_register_web: Use path separator from package.config
Kim Alvefur <zash@zash.se>
parents:
1320
diff
changeset
|
6 local path_sep = package.config:sub(1,1); |
1778
32604bf33a4c
mod_register_web: Switch to the new reCAPTCHA API, including support for "nocaptcha" when users are already signed in to Google.
Thijs Alkemade <me@thijsalkema.de>
parents:
1618
diff
changeset
|
7 local json = require "util.json".decode; |
32604bf33a4c
mod_register_web: Switch to the new reCAPTCHA API, including support for "nocaptcha" when users are already signed in to Google.
Thijs Alkemade <me@thijsalkema.de>
parents:
1618
diff
changeset
|
8 local t_concat = table.concat; |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 |
3372
866167118d23
mod_register_web: Add soft dependency on mod_register_limits (0.11+)
Kim Alvefur <zash@zash.se>
parents:
2999
diff
changeset
|
10 pcall(function () |
866167118d23
mod_register_web: Add soft dependency on mod_register_limits (0.11+)
Kim Alvefur <zash@zash.se>
parents:
2999
diff
changeset
|
11 module:depends("register_limits"); |
866167118d23
mod_register_web: Add soft dependency on mod_register_limits (0.11+)
Kim Alvefur <zash@zash.se>
parents:
2999
diff
changeset
|
12 end); |
866167118d23
mod_register_web: Add soft dependency on mod_register_limits (0.11+)
Kim Alvefur <zash@zash.se>
parents:
2999
diff
changeset
|
13 |
1460
5e1f7af23cf0
mod_register_web: Add dependency on mod_http
Kim Alvefur <zash@zash.se>
parents:
1459
diff
changeset
|
14 module:depends"http"; |
5e1f7af23cf0
mod_register_web: Add dependency on mod_http
Kim Alvefur <zash@zash.se>
parents:
1459
diff
changeset
|
15 |
1235
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
16 local extra_fields = { |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
17 nick = true; name = true; first = true; last = true; email = true; |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
18 address = true; city = true; state = true; zip = true; |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
19 phone = true; url = true; date = true; |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
20 } |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
21 |
1572
1aa894db3585
mod_register_web: Add option for specifying path to templates
Kim Alvefur <zash@zash.se>
parents:
1460
diff
changeset
|
22 local template_path = module:get_option_string("register_web_template", "templates"); |
1227
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
23 function template(data) |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
24 -- Like util.template, but deals with plain text |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
25 return { apply = function(values) return (data:gsub("{([^}]+)}", values)); end } |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
26 end |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
27 |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
28 local function get_template(name) |
1572
1aa894db3585
mod_register_web: Add option for specifying path to templates
Kim Alvefur <zash@zash.se>
parents:
1460
diff
changeset
|
29 local fh = assert(module:load_resource(template_path..path_sep..name..".html")); |
1227
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
30 local data = assert(fh:read("*a")); |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
31 fh:close(); |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
32 return template(data); |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
33 end |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
34 |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
35 local function render(template, data) |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
36 return tostring(template.apply(data)); |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
37 end |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
38 |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
39 local register_tpl = get_template "register"; |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
40 local success_tpl = get_template "success"; |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
41 |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
42 if next(captcha_options) ~= nil then |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
43 local recaptcha_tpl = get_template "recaptcha"; |
1227
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
44 |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
45 function generate_captcha(display_options) |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
46 return recaptcha_tpl.apply(setmetatable({ |
2740
57d4680b86a4
mod_register_web: Normalize indentation [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2739
diff
changeset
|
47 recaptcha_display_error = display_options and display_options.recaptcha_error |
57d4680b86a4
mod_register_web: Normalize indentation [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2739
diff
changeset
|
48 and ("&error="..display_options.recaptcha_error) or ""; |
57d4680b86a4
mod_register_web: Normalize indentation [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2739
diff
changeset
|
49 }, { |
2925
049975800d1c
mod_register_web: Remove unused variables [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2924
diff
changeset
|
50 __index = function (_, k) |
2740
57d4680b86a4
mod_register_web: Normalize indentation [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2739
diff
changeset
|
51 if captcha_options[k] then return captcha_options[k]; end |
57d4680b86a4
mod_register_web: Normalize indentation [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2739
diff
changeset
|
52 module:log("error", "Missing parameter from captcha_options: %s", k); |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
53 end |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
54 })); |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
55 end |
1234
da39ba4047a7
mod_register_web: Pass request to captcha handler
Kim Alvefur <zash@zash.se>
parents:
1233
diff
changeset
|
56 function verify_captcha(request, form, callback) |
1778
32604bf33a4c
mod_register_web: Switch to the new reCAPTCHA API, including support for "nocaptcha" when users are already signed in to Google.
Thijs Alkemade <me@thijsalkema.de>
parents:
1618
diff
changeset
|
57 http.request("https://www.google.com/recaptcha/api/siteverify", { |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
58 body = http.formencode { |
1778
32604bf33a4c
mod_register_web: Switch to the new reCAPTCHA API, including support for "nocaptcha" when users are already signed in to Google.
Thijs Alkemade <me@thijsalkema.de>
parents:
1618
diff
changeset
|
59 secret = captcha_options.recaptcha_private_key; |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
60 remoteip = request.conn:ip(); |
1778
32604bf33a4c
mod_register_web: Switch to the new reCAPTCHA API, including support for "nocaptcha" when users are already signed in to Google.
Thijs Alkemade <me@thijsalkema.de>
parents:
1618
diff
changeset
|
61 response = form["g-recaptcha-response"]; |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
62 }; |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
63 }, function (verify_result, code) |
1778
32604bf33a4c
mod_register_web: Switch to the new reCAPTCHA API, including support for "nocaptcha" when users are already signed in to Google.
Thijs Alkemade <me@thijsalkema.de>
parents:
1618
diff
changeset
|
64 local result = json(verify_result); |
2999
d631fd9a3300
mod_register_web: Handle errors contacting upstream API
Matthew Wild <mwild1@gmail.com>
parents:
2929
diff
changeset
|
65 if not result then |
d631fd9a3300
mod_register_web: Handle errors contacting upstream API
Matthew Wild <mwild1@gmail.com>
parents:
2929
diff
changeset
|
66 module:log("warn", "Unable to decode response from recaptcha: [%d] %s", code, verify_result); |
d631fd9a3300
mod_register_web: Handle errors contacting upstream API
Matthew Wild <mwild1@gmail.com>
parents:
2929
diff
changeset
|
67 callback(false, "Captcha API error"); |
d631fd9a3300
mod_register_web: Handle errors contacting upstream API
Matthew Wild <mwild1@gmail.com>
parents:
2929
diff
changeset
|
68 elseif result.success == true then |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
69 callback(true); |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
70 else |
1778
32604bf33a4c
mod_register_web: Switch to the new reCAPTCHA API, including support for "nocaptcha" when users are already signed in to Google.
Thijs Alkemade <me@thijsalkema.de>
parents:
1618
diff
changeset
|
71 callback(false, t_concat(result["error-codes"])); |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
72 end |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
73 end); |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
74 end |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
75 else |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
76 module:log("debug", "No Recaptcha options set, using fallback captcha") |
1231 | 77 local random = math.random; |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
78 local hmac_sha1 = require "util.hashes".hmac_sha1; |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
79 local secret = require "util.uuid".generate() |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
80 local ops = { '+', '-' }; |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
81 local captcha_tpl = get_template "simplecaptcha"; |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
82 function generate_captcha() |
1231 | 83 local op = ops[random(1, #ops)]; |
84 local x, y = random(1, 9) | |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
85 repeat |
1231 | 86 y = random(1, 9); |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
87 until x ~= y; |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
88 local answer; |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
89 if op == '+' then |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
90 answer = x + y; |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
91 elseif op == '-' then |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
92 if x < y then |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
93 -- Avoid negative numbers |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
94 x, y = y, x; |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
95 end |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
96 answer = x - y; |
1227
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
97 end |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
98 local challenge = hmac_sha1(secret, answer, true); |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
99 return captcha_tpl.apply { |
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
100 op = op, x = x, y = y, challenge = challenge; |
1226
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
101 }; |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
102 end |
1234
da39ba4047a7
mod_register_web: Pass request to captcha handler
Kim Alvefur <zash@zash.se>
parents:
1233
diff
changeset
|
103 function verify_captcha(request, form, callback) |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
104 if hmac_sha1(secret, form.captcha_reply, true) == form.captcha_challenge then |
1226
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
105 callback(true); |
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
106 else |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
107 callback(false, "Captcha verification failed"); |
1226
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
108 end |
1228
db85ff22ae97
mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents:
1227
diff
changeset
|
109 end |
1226
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
110 end |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
111 |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
112 function generate_page(event, display_options) |
1618
c56baec031e8
mod_register_web: Send Content-Type headers
Kim Alvefur <zash@zash.se>
parents:
1572
diff
changeset
|
113 local request, response = event.request, event.response; |
1227
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
114 |
1618
c56baec031e8
mod_register_web: Send Content-Type headers
Kim Alvefur <zash@zash.se>
parents:
1572
diff
changeset
|
115 response.headers.content_type = "text/html; charset=utf-8"; |
1227
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
116 return render(register_tpl, { |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
117 path = request.path; hostname = module.host; |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
118 notice = display_options and display_options.register_error or ""; |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
119 captcha = generate_captcha(display_options); |
6015434f0e05
mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents:
1226
diff
changeset
|
120 }) |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
121 end |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
122 |
1320
e670d4cc5027
mod_register_web: Pass request around so IP address can be reported
Kim Alvefur <zash@zash.se>
parents:
1247
diff
changeset
|
123 function register_user(form, origin) |
2924
edf5e8a77d0c
mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents:
2923
diff
changeset
|
124 local username = form.username; |
edf5e8a77d0c
mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents:
2923
diff
changeset
|
125 local password = form.password; |
edf5e8a77d0c
mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents:
2923
diff
changeset
|
126 local confirm_password = form.confirm_password; |
2929
3a104a900af1
mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents:
2925
diff
changeset
|
127 local jid = nil; |
2924
edf5e8a77d0c
mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents:
2923
diff
changeset
|
128 form.username, form.password, form.confirm_password = nil, nil, nil; |
edf5e8a77d0c
mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents:
2923
diff
changeset
|
129 |
edf5e8a77d0c
mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents:
2923
diff
changeset
|
130 local prepped_username = nodeprep(username); |
1230
f7c561fbd5a6
mod_register_web: Friendly error messages if the username is taken or failed nodeprep
Kim Alvefur <zash@zash.se>
parents:
1229
diff
changeset
|
131 if not prepped_username then |
f7c561fbd5a6
mod_register_web: Friendly error messages if the username is taken or failed nodeprep
Kim Alvefur <zash@zash.se>
parents:
1229
diff
changeset
|
132 return nil, "Username contains forbidden characters"; |
f7c561fbd5a6
mod_register_web: Friendly error messages if the username is taken or failed nodeprep
Kim Alvefur <zash@zash.se>
parents:
1229
diff
changeset
|
133 end |
1236
59332e0bfbdc
mod_register_web: Check for empty username
Kim Alvefur <zash@zash.se>
parents:
1235
diff
changeset
|
134 if #prepped_username == 0 then |
59332e0bfbdc
mod_register_web: Check for empty username
Kim Alvefur <zash@zash.se>
parents:
1235
diff
changeset
|
135 return nil, "The username field was empty"; |
59332e0bfbdc
mod_register_web: Check for empty username
Kim Alvefur <zash@zash.se>
parents:
1235
diff
changeset
|
136 end |
1229
12e3bc0fd6ed
mod_register_web: Indentation fix
Kim Alvefur <zash@zash.se>
parents:
1228
diff
changeset
|
137 if usermanager.user_exists(prepped_username, module.host) then |
1230
f7c561fbd5a6
mod_register_web: Friendly error messages if the username is taken or failed nodeprep
Kim Alvefur <zash@zash.se>
parents:
1229
diff
changeset
|
138 return nil, "Username already taken"; |
1229
12e3bc0fd6ed
mod_register_web: Indentation fix
Kim Alvefur <zash@zash.se>
parents:
1228
diff
changeset
|
139 end |
2924
edf5e8a77d0c
mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents:
2923
diff
changeset
|
140 local registering = { username = prepped_username , host = module.host, additional = form, ip = origin.conn:ip(), allowed = true } |
1237
c669cb78b293
mod_register_web: Fire user-registering event like mod_register
Kim Alvefur <zash@zash.se>
parents:
1236
diff
changeset
|
141 module:fire_event("user-registering", registering); |
c669cb78b293
mod_register_web: Fire user-registering event like mod_register
Kim Alvefur <zash@zash.se>
parents:
1236
diff
changeset
|
142 if not registering.allowed then |
2923
9d53134a0b29
mod_register_web: Return reason for rejection if one was provided by another plugin during pre-registration checks
Kim Alvefur <zash@zash.se>
parents:
2922
diff
changeset
|
143 return nil, registering.reason or "Registration not allowed"; |
1237
c669cb78b293
mod_register_web: Fire user-registering event like mod_register
Kim Alvefur <zash@zash.se>
parents:
1236
diff
changeset
|
144 end |
2924
edf5e8a77d0c
mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents:
2923
diff
changeset
|
145 if confirm_password ~= password then |
2733
c8161146c698
mod_register_web: Add password confirmation field
Michel Le Bihan <michel@lebihan.pl>
parents:
1778
diff
changeset
|
146 return nil, "Passwords don't match"; |
c8161146c698
mod_register_web: Add password confirmation field
Michel Le Bihan <michel@lebihan.pl>
parents:
1778
diff
changeset
|
147 end |
2924
edf5e8a77d0c
mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents:
2923
diff
changeset
|
148 local ok, err = usermanager.create_user(prepped_username, password, module.host); |
1232
12f59489ef6e
mod_register_web: Fire user-registered event
Kim Alvefur <zash@zash.se>
parents:
1231
diff
changeset
|
149 if ok then |
2929
3a104a900af1
mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents:
2925
diff
changeset
|
150 jid = prepped_username.."@"..module.host |
1235
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
151 local extra_data = {}; |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
152 for field in pairs(extra_fields) do |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
153 local field_value = form[field]; |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
154 if field_value and #field_value > 0 then |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
155 extra_data[field] = field_value; |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
156 end |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
157 end |
1238
752285859607
mod_register_web: Use correct variables
Kim Alvefur <zash@zash.se>
parents:
1237
diff
changeset
|
158 if next(extra_data) ~= nil then |
1235
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
159 datamanager.store(prepped_username, module.host, "account_details", extra_data); |
9277e0a3922f
mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents:
1234
diff
changeset
|
160 end |
1232
12f59489ef6e
mod_register_web: Fire user-registered event
Kim Alvefur <zash@zash.se>
parents:
1231
diff
changeset
|
161 module:fire_event("user-registered", { |
12f59489ef6e
mod_register_web: Fire user-registered event
Kim Alvefur <zash@zash.se>
parents:
1231
diff
changeset
|
162 username = prepped_username, |
12f59489ef6e
mod_register_web: Fire user-registered event
Kim Alvefur <zash@zash.se>
parents:
1231
diff
changeset
|
163 host = module.host, |
1320
e670d4cc5027
mod_register_web: Pass request around so IP address can be reported
Kim Alvefur <zash@zash.se>
parents:
1247
diff
changeset
|
164 source = module.name, |
e670d4cc5027
mod_register_web: Pass request around so IP address can be reported
Kim Alvefur <zash@zash.se>
parents:
1247
diff
changeset
|
165 ip = origin.conn:ip(), |
1232
12f59489ef6e
mod_register_web: Fire user-registered event
Kim Alvefur <zash@zash.se>
parents:
1231
diff
changeset
|
166 }); |
12f59489ef6e
mod_register_web: Fire user-registered event
Kim Alvefur <zash@zash.se>
parents:
1231
diff
changeset
|
167 end |
2929
3a104a900af1
mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents:
2925
diff
changeset
|
168 return jid, err; |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
169 end |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
170 |
2929
3a104a900af1
mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents:
2925
diff
changeset
|
171 function generate_success(event, jid) |
3a104a900af1
mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents:
2925
diff
changeset
|
172 return render(success_tpl, { jid = jid }); |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
173 end |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
174 |
2929
3a104a900af1
mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents:
2925
diff
changeset
|
175 function generate_register_response(event, jid, err) |
1618
c56baec031e8
mod_register_web: Send Content-Type headers
Kim Alvefur <zash@zash.se>
parents:
1572
diff
changeset
|
176 event.response.headers.content_type = "text/html; charset=utf-8"; |
2929
3a104a900af1
mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents:
2925
diff
changeset
|
177 if jid then |
3a104a900af1
mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents:
2925
diff
changeset
|
178 return generate_success(event, jid); |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
179 else |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
180 return generate_page(event, { register_error = err }); |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
181 end |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
182 end |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
183 |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
184 function handle_form(event) |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
185 local request, response = event.request, event.response; |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
186 local form = http.formdecode(request.body); |
1234
da39ba4047a7
mod_register_web: Pass request to captcha handler
Kim Alvefur <zash@zash.se>
parents:
1233
diff
changeset
|
187 verify_captcha(request, form, function (ok, err) |
1226
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
188 if ok then |
2929
3a104a900af1
mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents:
2925
diff
changeset
|
189 local jid, register_err = register_user(form, request); |
3a104a900af1
mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents:
2925
diff
changeset
|
190 response:send(generate_register_response(event, jid, register_err)); |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
191 else |
1226
0667624637da
mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents:
1225
diff
changeset
|
192 response:send(generate_page(event, { register_error = err })); |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
193 end |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
194 end); |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
195 return true; -- Leave connection open until we respond above |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
196 end |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
197 |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
198 module:provides("http", { |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
199 route = { |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
200 GET = generate_page; |
1239
cc5cbeeb9fc7
mod_register_web: Handle URLs with a trailing slash
Kim Alvefur <zash@zash.se>
parents:
1238
diff
changeset
|
201 ["GET /"] = generate_page; |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
202 POST = handle_form; |
1239
cc5cbeeb9fc7
mod_register_web: Handle URLs with a trailing slash
Kim Alvefur <zash@zash.se>
parents:
1238
diff
changeset
|
203 ["POST /"] = handle_form; |
653
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
204 }; |
c08b0e4b7b38
mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
205 }); |