annotate mod_invites_register_api/mod_invites_register_api.lua @ 5715:8488ebde5739

mod_http_oauth2: Skip consent screen if requested by client and same scopes already granted This follows the intent behind the OpenID Connect 'prompt' parameter when it does not include the 'consent' keyword, that is the client wishes to skip the consent screen. If the user has already granted the exact same scopes to the exact same client in the past, then one can assume that they may grant it again.
author Kim Alvefur <zash@zash.se>
date Tue, 14 Nov 2023 23:03:37 +0100
parents dbfa830e4504
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4380
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 local id = require "util.id";
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 local json = require "util.json";
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 local usermanager = require "core.usermanager";
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4 local nodeprep = require "util.encodings".stringprep.nodeprep;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 local site_name = module:get_option_string("site_name", module.host);
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 local json_content_type = "application/json";
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10 module:depends("http");
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 local invites = module:depends("invites");
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 function get_invite_info(event, invite_token)
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 if not invite_token or #invite_token == 0 then
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 return 404;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 end
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 local invite = invites.get(invite_token);
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 if not invite then
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 return 404;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 end
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 event.response.headers["Content-Type"] = json_content_type;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 return json.encode({
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 site_name = site_name;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 token = invite.token;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 domain = module.host;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 uri = invite.uri;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 type = invite.type;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 jid = invite.jid;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 inviter = invite.inviter;
4414
dbfa830e4504 mod_invites_register_api: Handle password resets
Jonas Schäfer <jonas@wielicki.name>
parents: 4381
diff changeset
32 reset = invite.additional_data and invite.additional_data.allow_reset or nil;
4380
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 });
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 end
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35
4381
a1256e376dca mod_invites_register_api: reroute register call
Jonas Schäfer <jonas@wielicki.name>
parents: 4380
diff changeset
36 function register_with_invite(event)
4380
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 local request, response = event.request, event.response;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 if not request.body or #request.body == 0
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 or request.headers.content_type ~= json_content_type then
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 module:log("warn", "Invalid payload");
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 return 400;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 end
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45 local register_data = json.decode(event.request.body);
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 if not register_data then
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47 module:log("warn", "Invalid JSON");
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 return 400;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 end
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 local user, password, token = register_data.username, register_data.password, register_data.token;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 local invite = invites.get(token);
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54 if not invite then
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 return 404;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
56 end
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
57
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
58 response.headers["Content-Type"] = json_content_type;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
59
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
60 if not user or #user == 0 or not password or #password == 0 or not token then
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
61 module:log("warn", "Invalid data");
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
62 return 400;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
63 end
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65 -- Shamelessly copied from mod_register_web.
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
66 local prepped_username = nodeprep(user);
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
67
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
68 if not prepped_username or #prepped_username == 0 then
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
69 return 400;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
70 end
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
71
4414
dbfa830e4504 mod_invites_register_api: Handle password resets
Jonas Schäfer <jonas@wielicki.name>
parents: 4381
diff changeset
72 local reset_for = invite.additional_data and invite.additional_data.allow_reset or nil;
dbfa830e4504 mod_invites_register_api: Handle password resets
Jonas Schäfer <jonas@wielicki.name>
parents: 4381
diff changeset
73 if reset_for ~= nil then
dbfa830e4504 mod_invites_register_api: Handle password resets
Jonas Schäfer <jonas@wielicki.name>
parents: 4381
diff changeset
74 module:log("debug", "handling password reset invite for %s", reset_for)
dbfa830e4504 mod_invites_register_api: Handle password resets
Jonas Schäfer <jonas@wielicki.name>
parents: 4381
diff changeset
75 if reset_for ~= prepped_username then
dbfa830e4504 mod_invites_register_api: Handle password resets
Jonas Schäfer <jonas@wielicki.name>
parents: 4381
diff changeset
76 return 403; -- Attempt to use reset invite for incorrect user
dbfa830e4504 mod_invites_register_api: Handle password resets
Jonas Schäfer <jonas@wielicki.name>
parents: 4381
diff changeset
77 end
dbfa830e4504 mod_invites_register_api: Handle password resets
Jonas Schäfer <jonas@wielicki.name>
parents: 4381
diff changeset
78 elseif usermanager.user_exists(prepped_username, module.host) then
4380
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
79 return 409; -- Conflict
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
80 end
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
81
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
82 local registering = {
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
83 validated_invite = invite;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
84 username = prepped_username;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
85 host = module.host;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
86 ip = request.ip;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
87 allowed = true;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
88 };
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
89
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
90 module:fire_event("user-registering", registering);
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
91
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
92 if not registering.allowed then
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
93 return 403;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
94 end
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
95
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
96 local ok, err = usermanager.create_user(prepped_username, password, module.host);
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
97
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
98 if not ok then
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
99 local err_id = id.short();
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
100 module:log("warn", "Registration failed (%s): %s", err_id, tostring(err));
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
101 return 500;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
102 end
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
103
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
104 module:fire_event("user-registered", {
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
105 username = prepped_username;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
106 host = module.host;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
107 source = "mod_"..module.name;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
108 validated_invite = invite;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
109 ip = request.ip;
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
110 });
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
111
4381
a1256e376dca mod_invites_register_api: reroute register call
Jonas Schäfer <jonas@wielicki.name>
parents: 4380
diff changeset
112 return json.encode({
a1256e376dca mod_invites_register_api: reroute register call
Jonas Schäfer <jonas@wielicki.name>
parents: 4380
diff changeset
113 jid = prepped_username .. "@" .. module.host;
a1256e376dca mod_invites_register_api: reroute register call
Jonas Schäfer <jonas@wielicki.name>
parents: 4380
diff changeset
114 });
4380
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
115 end
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
116
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
117 module:provides("http", {
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
118 default_path = "register_api";
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
119 route = {
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
120 ["GET /invite/*"] = get_invite_info;
4381
a1256e376dca mod_invites_register_api: reroute register call
Jonas Schäfer <jonas@wielicki.name>
parents: 4380
diff changeset
121 ["POST /register"] = register_with_invite;
4380
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
122 };
cba8cd564641 mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
123 });