annotate mod_adhoc_account_management/mod_adhoc_account_management.lua @ 5458:813fe4f76286

mod_http_oauth2: Do minimal validation of private-use URI schemes Per draft-ietf-oauth-v2-1-08#section-2.3.1 > At a minimum, any private-use URI scheme that doesn't contain a period > character (.) SHOULD be rejected. Since this would rule out the OOB URI, which is useful for CLI tools and such without a built-in http server, it is explicitly allowed.
author Kim Alvefur <zash@zash.se>
date Tue, 16 May 2023 22:18:12 +0200
parents 6ce42aacad42
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1090
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 local dataforms_new = require "util.dataforms".new;
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 local usermanager_set_password = require "core.usermanager".set_password;
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 local usermanager_test_password = require "core.usermanager".test_password;
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 local jid_split = require"util.jid".split;
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 local close_others = module:get_option_boolean("close_sessions_on_password_change", true)
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 local require_confirm = module:get_option_boolean("require_confirm_password", true)
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 local require_current = module:get_option_boolean("require_current_password", true)
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 local change_password_layout = {
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 title = "Changing Your Password";
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 instructions = "Fill out this form to change a your password.";
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 {
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 -- This is meta
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 name = "FORM_TYPE",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 type = "hidden",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 -- Reuses form type from XEP 77
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 value = "jabber:iq:register:changepassword",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 };
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 {
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 name = "password",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 type = "text-private",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 required = true,
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 label = "New Password",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 };
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 };
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 if require_confirm then
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 table.insert(change_password_layout, {
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 name = "password-confirm",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 type = "text-private",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 required = true,
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 label = "Confirm new password",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 });
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 end
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 if require_current then
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 table.insert(change_password_layout, 2, {
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 name = "password-current",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 type = "text-private",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 required = true,
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 label = "Current password",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 });
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 end
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 change_password_layout = dataforms_new(change_password_layout);
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 function change_password_command_handler(self, data, state)
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 if not state then -- New session, send the form
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 return { status = "executing", actions = { "complete" }, form = change_password_layout }, true;
3416
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
48 end
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
49
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
50 if data.action == "cancel" then
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
51 return { status = "canceled" };
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
52 end
1090
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53
3416
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
54 -- Who are we talking to?
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
55 local username, hostname = jid_split(data.from);
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
56 if not username or hostname ~= module.host then
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
57 return { status = "error", error = { type = "cancel",
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
58 condition = "forbidden", message = "Invalid user or hostname." } };
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
59 end
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
60
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
61 -- Extract data from the form
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
62 local fields = change_password_layout:data(data.form);
1090
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63
3416
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
64 -- Validate
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
65 if require_current then
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
66 if not fields["password-current"] or #fields["password-current"] == 0 then
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
67 return { status = "error", error = { type = "modify",
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
68 condition = "bad-request", message = "Please enter your current password" } };
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
69 elseif not usermanager_test_password(username, hostname, fields["password-current"]) then
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
70 return { status = "error", error = { type = "modify",
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
71 condition = "bad-request", message = "Your current password was incorrect" } };
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
72 end
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
73 end
1090
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
74
3416
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
75 if require_confirm and fields["password-confirm"] ~= fields["password"] then
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
76 return { status = "error", error = { type = "modify",
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
77 condition = "bad-request", message = "New password didn't match the confirmation" } };
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
78 end
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
79
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
80 if not fields.password or #fields.password == 0 then
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
81 return { status = "error", error = { type = "modify",
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
82 condition = "bad-request", message = "Please enter a new password" } };
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
83 end
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
84
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
85 -- All is good, so change password.
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
86 module:log("debug", "About to usermanager.set_password(%q, password, %q)", username, hostname);
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
87 local ok, err = usermanager_set_password(username, fields.password, hostname);
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
88 if ok then
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
89 if close_others then
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
90 for _, sess in pairs(hosts[hostname].sessions[username].sessions) do
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
91 if sess.full_jid ~= data.from then
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
92 sess:close{ condition = "reset", text = "Password changed" }
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
93 end
1090
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
94 end
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
95 end
3416
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
96 return { status = "completed", info = "Password successfully changed" };
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
97 else
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
98 module:log("warn", "%s@%s could not change password: %s", username, hostname, tostring(err));
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
99 return { status = "error", error = { type = "cancel",
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
100 condition = "internal-server-error", message = "Could not save new password: "..tostring(err) } };
1090
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
101 end
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
102 end
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
103
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
104 -- Feature requests? What could fit under account management?
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
105
4909
6ce42aacad42 mod_adhoc_account_management: Add compatibility with 0.12 permission string (thanks mirux)
Matthew Wild <mwild1@gmail.com>
parents: 3416
diff changeset
106 -- COMPAT w/0.11 (uses "user" instead of "any")
6ce42aacad42 mod_adhoc_account_management: Add compatibility with 0.12 permission string (thanks mirux)
Matthew Wild <mwild1@gmail.com>
parents: 3416
diff changeset
107 local permission = pcall(require, "core.features") and "any" or "user";
1090
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
108
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
109 local adhoc_new = module:require "adhoc".new;
4909
6ce42aacad42 mod_adhoc_account_management: Add compatibility with 0.12 permission string (thanks mirux)
Matthew Wild <mwild1@gmail.com>
parents: 3416
diff changeset
110 local adhoc_passwd = adhoc_new("Change Password", "passwd", change_password_command_handler, permission);
1090
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
111 module:add_item ("adhoc", adhoc_passwd);