annotate mod_adhoc_account_management/mod_adhoc_account_management.lua @ 5424:b45d9a81b3da

mod_http_oauth2: Revert role selector, going to try something else Back out f2c7bb3af600 Allowing only a single role to be encoded into the grant takes away the possibility of having multiple roles in the grant, one of which is selected when issuing an access token. It also takes away the ability to have zero roles granted, which could be useful e.g. when you only need OIDC scopes.
author Kim Alvefur <zash@zash.se>
date Sun, 07 May 2023 19:40:57 +0200
parents 6ce42aacad42
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1090
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 local dataforms_new = require "util.dataforms".new;
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 local usermanager_set_password = require "core.usermanager".set_password;
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 local usermanager_test_password = require "core.usermanager".test_password;
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 local jid_split = require"util.jid".split;
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 local close_others = module:get_option_boolean("close_sessions_on_password_change", true)
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 local require_confirm = module:get_option_boolean("require_confirm_password", true)
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 local require_current = module:get_option_boolean("require_current_password", true)
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 local change_password_layout = {
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 title = "Changing Your Password";
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 instructions = "Fill out this form to change a your password.";
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 {
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 -- This is meta
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 name = "FORM_TYPE",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 type = "hidden",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 -- Reuses form type from XEP 77
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 value = "jabber:iq:register:changepassword",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 };
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 {
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 name = "password",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 type = "text-private",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 required = true,
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 label = "New Password",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 };
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 };
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 if require_confirm then
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 table.insert(change_password_layout, {
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 name = "password-confirm",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 type = "text-private",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 required = true,
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 label = "Confirm new password",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 });
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 end
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 if require_current then
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 table.insert(change_password_layout, 2, {
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 name = "password-current",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 type = "text-private",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 required = true,
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 label = "Current password",
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 });
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 end
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 change_password_layout = dataforms_new(change_password_layout);
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 function change_password_command_handler(self, data, state)
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 if not state then -- New session, send the form
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 return { status = "executing", actions = { "complete" }, form = change_password_layout }, true;
3416
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
48 end
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
49
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
50 if data.action == "cancel" then
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
51 return { status = "canceled" };
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
52 end
1090
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53
3416
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
54 -- Who are we talking to?
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
55 local username, hostname = jid_split(data.from);
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
56 if not username or hostname ~= module.host then
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
57 return { status = "error", error = { type = "cancel",
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
58 condition = "forbidden", message = "Invalid user or hostname." } };
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
59 end
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
60
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
61 -- Extract data from the form
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
62 local fields = change_password_layout:data(data.form);
1090
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63
3416
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
64 -- Validate
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
65 if require_current then
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
66 if not fields["password-current"] or #fields["password-current"] == 0 then
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
67 return { status = "error", error = { type = "modify",
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
68 condition = "bad-request", message = "Please enter your current password" } };
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
69 elseif not usermanager_test_password(username, hostname, fields["password-current"]) then
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
70 return { status = "error", error = { type = "modify",
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
71 condition = "bad-request", message = "Your current password was incorrect" } };
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
72 end
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
73 end
1090
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
74
3416
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
75 if require_confirm and fields["password-confirm"] ~= fields["password"] then
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
76 return { status = "error", error = { type = "modify",
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
77 condition = "bad-request", message = "New password didn't match the confirmation" } };
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
78 end
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
79
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
80 if not fields.password or #fields.password == 0 then
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
81 return { status = "error", error = { type = "modify",
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
82 condition = "bad-request", message = "Please enter a new password" } };
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
83 end
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
84
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
85 -- All is good, so change password.
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
86 module:log("debug", "About to usermanager.set_password(%q, password, %q)", username, hostname);
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
87 local ok, err = usermanager_set_password(username, fields.password, hostname);
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
88 if ok then
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
89 if close_others then
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
90 for _, sess in pairs(hosts[hostname].sessions[username].sessions) do
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
91 if sess.full_jid ~= data.from then
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
92 sess:close{ condition = "reset", text = "Password changed" }
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
93 end
1090
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
94 end
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
95 end
3416
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
96 return { status = "completed", info = "Password successfully changed" };
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
97 else
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
98 module:log("warn", "%s@%s could not change password: %s", username, hostname, tostring(err));
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
99 return { status = "error", error = { type = "cancel",
c6dd65354db0 mod_adhoc_account_management: Reduce indentation of one in the main function.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 1090
diff changeset
100 condition = "internal-server-error", message = "Could not save new password: "..tostring(err) } };
1090
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
101 end
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
102 end
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
103
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
104 -- Feature requests? What could fit under account management?
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
105
4909
6ce42aacad42 mod_adhoc_account_management: Add compatibility with 0.12 permission string (thanks mirux)
Matthew Wild <mwild1@gmail.com>
parents: 3416
diff changeset
106 -- COMPAT w/0.11 (uses "user" instead of "any")
6ce42aacad42 mod_adhoc_account_management: Add compatibility with 0.12 permission string (thanks mirux)
Matthew Wild <mwild1@gmail.com>
parents: 3416
diff changeset
107 local permission = pcall(require, "core.features") and "any" or "user";
1090
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
108
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
109 local adhoc_new = module:require "adhoc".new;
4909
6ce42aacad42 mod_adhoc_account_management: Add compatibility with 0.12 permission string (thanks mirux)
Matthew Wild <mwild1@gmail.com>
parents: 3416
diff changeset
110 local adhoc_passwd = adhoc_new("Change Password", "passwd", change_password_command_handler, permission);
1090
1aa48916eb8b mod_adhoc_account_management: Initial commit of module meant to let user manage their accounts.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
111 module:add_item ("adhoc", adhoc_passwd);