Mercurial > prosody-modules
annotate mod_client_management/mod_client_management.lua @ 5472:b80b6947b079
mod_http_oauth2: Always show early errors to user
Before having validated the client_id, communicating an error back to
the client via redirect would make this an open redirect, so we may just
as well skip past that logic, and especially the warning log message.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 18 May 2023 13:43:17 +0200 |
parents | d9397d6a5513 |
children | f25df3af02c1 |
rev | line source |
---|---|
5294
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local modulemanager = require "core.modulemanager"; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 local usermanager = require "core.usermanager"; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 |
5301
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
4 local array = require "util.array"; |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
5 local dt = require "util.datetime"; |
5294
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 local id = require "util.id"; |
5301
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
7 local it = require "util.iterators"; |
5294
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 local jid = require "util.jid"; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 local st = require "util.stanza"; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 local strict = module:get_option_boolean("enforce_client_ids", false); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 |
5312
22e6b9f09439
mod_client_management: Add list-clients + manage-clients permissions to users
Matthew Wild <mwild1@gmail.com>
parents:
5311
diff
changeset
|
13 module:default_permission("prosody:user", ":list-clients"); |
22e6b9f09439
mod_client_management: Add list-clients + manage-clients permissions to users
Matthew Wild <mwild1@gmail.com>
parents:
5311
diff
changeset
|
14 module:default_permission("prosody:user", ":manage-clients"); |
22e6b9f09439
mod_client_management: Add list-clients + manage-clients permissions to users
Matthew Wild <mwild1@gmail.com>
parents:
5311
diff
changeset
|
15 |
5294
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 local tokenauth = module:depends("tokenauth"); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 local mod_fast = module:depends("sasl2_fast"); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 local client_store = assert(module:open_store("clients", "keyval+")); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 --[[{ |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 id = id; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 first_seen = |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 last_seen = |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 user_agent = { |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 name = |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 os = |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 } |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 --}]] |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 local xmlns_sasl2 = "urn:xmpp:sasl:2"; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 local function get_user_agent(sasl_handler, token_info) |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 local sasl_agent = sasl_handler and sasl_handler.user_agent; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 local token_agent = token_info and token_info.data and token_info.data.oauth2_client; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 if not (sasl_agent or token_agent) then return; end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 return { |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 software = sasl_agent and sasl_agent.software or token_agent and token_agent.name or nil; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 uri = token_agent and token_agent.uri or nil; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 device = sasl_agent and sasl_agent.device or nil; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 }; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 module:hook("sasl2/c2s/success", function (event) |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 local session = event.session; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 local username, client_id = session.username, session.client_id; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 local mechanism = session.sasl_handler.selected; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 local token_info = session.sasl_handler.token_info; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 local token_id = token_info and token_info.id or nil; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 local now = os.time(); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 if client_id then -- SASL2, have client identifier |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 local is_new_client; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 local client_state = client_store:get_key(username, client_id); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 if not client_state then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 is_new_client = true; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
57 client_state = { |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
58 id = client_id; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 first_seen = now; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 user_agent = get_user_agent(session.sasl_handler, token_info); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 full_jid = nil; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 last_seen = nil; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 mechanisms = {}; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 }; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 -- Update state |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 client_state.full_jid = session.full_jid; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
68 client_state.last_seen = now; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 client_state.mechanisms[mechanism] = now; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 if session.sasl_handler.fast_auth then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 client_state.fast_auth = now; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 if token_id then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 client_state.auth_token_id = token_id; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 -- Store updated state |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 client_store:set_key(username, client_id, client_state); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 if is_new_client then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 module:fire_event("client_management/new-client", { client = client_state }); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
82 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
83 end); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
85 local function find_client_by_resource(username, resource) |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
86 local full_jid = jid.join(username, module.host, resource); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
87 local clients = client_store:get(username); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
88 if not clients then return; end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
89 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
90 for _, client_state in pairs(clients) do |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 if client_state.full_jid == full_jid then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 return client_state; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
93 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
94 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
95 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
96 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
97 module:hook("resource-bind", function (event) |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
98 local session = event.session; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
99 if session.client_id then return; end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
100 local is_new_client; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
101 local client_state = find_client_by_resource(event.session.username, event.session.resource); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
102 local now = os.time(); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
103 if not client_state then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
104 is_new_client = true; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
105 client_state = { |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 id = id.short(); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
107 first_seen = now; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
108 user_agent = nil; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
109 full_jid = nil; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
110 last_seen = nil; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
111 mechanisms = {}; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
112 legacy = true; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
113 }; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
114 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
115 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
116 -- Update state |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
117 local legacy_info = session.client_management_info; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
118 client_state.full_jid = session.full_jid; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
119 client_state.last_seen = now; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
120 client_state.mechanisms[legacy_info.mechanism] = now; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
121 if legacy_info.fast_auth then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
122 client_state.fast_auth = now; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
123 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
124 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
125 local token_id = legacy_info.token_info and legacy_info.token_info.id; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
126 if token_id then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
127 client_state.auth_token_id = token_id; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
128 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
129 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
130 -- Store updated state |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
131 client_store:set_key(session.username, client_state.id, client_state); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
132 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
133 if is_new_client then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
134 module:fire_event("client_management/new-client", { client = client_state }); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
135 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
136 end); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
137 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
138 if strict then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
139 module:hook_tag(xmlns_sasl2, "authenticate", function (session, auth) |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
140 local user_agent = auth:get_child("user-agent"); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
141 if not user_agent or not user_agent.attr.id then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
142 local failure = st.stanza("failure", { xmlns = xmlns_sasl2 }) |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
143 :tag("malformed-request", { xmlns = "urn:ietf:params:xml:ns:xmpp-sasl" }):up() |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
144 :text_tag("text", "Client identifier required but not supplied"); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
145 session.send(failure); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
146 return true; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
147 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
148 end, 500); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
149 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
150 if modulemanager.get_modules_for_host(module.host):contains("saslauth") then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
151 module:log("error", "mod_saslauth is enabled, but enforce_client_ids is enabled and will prevent it from working"); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
152 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
153 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
154 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:auth", function (event) |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
155 -- Block legacy SASL, if for some reason it is being used (either mod_saslauth is loaded, |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
156 -- or clients try it without advertisement) |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
157 module:log("warn", "Blocking legacy SASL authentication because enforce_client_ids is enabled"); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
158 local failure = st.stanza("failure", { xmlns = xmlns_sasl2 }) |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
159 :tag("malformed-request", { xmlns = "urn:ietf:params:xml:ns:xmpp-sasl" }):up() |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
160 :text_tag("text", "Legacy SASL authentication is not available on this server"); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
161 event.session.send(failure); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
162 return true; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
163 end); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
164 else |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
165 -- Legacy client compat code |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
166 module:hook("authentication-success", function (event) |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
167 local session = event.session; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
168 if session.client_id then return; end -- SASL2 client |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
169 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
170 local sasl_handler = session.sasl_handler; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
171 session.client_management_info = { |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
172 mechanism = sasl_handler.selected; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
173 token_info = sasl_handler.token_info; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
174 fast_auth = sasl_handler.fast_auth; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
175 }; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
176 end); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
177 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
178 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
179 local function is_password_mechanism(mech_name) |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
180 if mech_name == "OAUTHBEARER" then return false; end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
181 if mech_name:match("^HT%-") then return false; end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
182 return true; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
183 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
184 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
185 local function is_client_active(client) |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
186 local username, host = jid.split(client.full_jid); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
187 local account_info = usermanager.get_account_info(username, host); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
188 local last_password_change = account_info and account_info.password_updated; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
189 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
190 local status = {}; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
191 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
192 -- Check for an active token grant that has been previously used by this client |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
193 if client.auth_token_id then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
194 local grant = tokenauth.get_grant_info(client.auth_token_id); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
195 if grant then |
5301
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
196 status.grant = grant; |
5294
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
197 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
198 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
199 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
200 -- Check for active FAST tokens |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
201 if client.fast_auth then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
202 if mod_fast.is_client_fast(username, client.id, last_password_change) then |
5301
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
203 status.fast = client.fast_auth; |
5294
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
204 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
205 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
206 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
207 -- Client has access if any password-based SASL mechanisms have been used since last password change |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
208 for mech, mech_last_used in pairs(client.mechanisms) do |
5369
1a58a11407ac
mod_client_management: Fix error when last password change is unknown (or never)
Kim Alvefur <zash@zash.se>
parents:
5343
diff
changeset
|
209 if is_password_mechanism(mech) and (not last_password_change or mech_last_used >= last_password_change) then |
5301
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
210 status.password = mech_last_used; |
5294
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
211 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
212 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
213 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
214 if prosody.full_sessions[client.full_jid] then |
5301
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
215 status.connected = true; |
5294
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
216 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
217 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
218 if next(status) == nil then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
219 return nil; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
220 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
221 return status; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
222 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
223 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
224 -- Public API |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
225 --luacheck: ignore 131 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
226 function get_active_clients(username) |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
227 local clients = client_store:get(username); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
228 local active_clients = {}; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
229 local used_grants = {}; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
230 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
231 -- Go through known clients, check whether they could possibly log in |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
232 for client_id, client in pairs(clients or {}) do --luacheck: ignore 213/client_id |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
233 local active = is_client_active(client); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
234 if active then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
235 client.type = "session"; |
5305
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
236 client.id = "client/"..client.id; |
5294
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
237 client.active = active; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
238 table.insert(active_clients, client); |
5301
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
239 if active.grant then |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
240 used_grants[active.grant.id] = true; |
5294
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
241 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
242 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
243 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
244 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
245 -- Next, account for any grants that have been issued, but never actually logged in |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
246 for grant_id, grant in pairs(tokenauth.get_user_grants(username) or {}) do |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
247 if not used_grants[grant_id] then -- exclude grants already accounted for |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
248 table.insert(active_clients, { |
5307
2bb27dfd10d5
mod_client_management: Use grant id from key
Matthew Wild <mwild1@gmail.com>
parents:
5306
diff
changeset
|
249 id = "grant/"..grant_id; |
5294
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
250 type = "access"; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
251 first_seen = grant.created; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
252 last_seen = grant.accessed; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
253 active = { |
5301
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
254 grant = grant; |
5294
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
255 }; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
256 user_agent = get_user_agent(nil, grant); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
257 }); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
258 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
259 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
260 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
261 table.sort(active_clients, function (a, b) |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
262 if a.last_seen and b.last_seen then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
263 return a.last_seen < b.last_seen; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
264 elseif not (a.last_seen or b.last_seen) then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
265 if a.first_seen and b.first_seen then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
266 return a.first_seen < b.first_seen; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
267 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
268 elseif b.last_seen then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
269 return true; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
270 elseif a.last_seen then |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
271 return false; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
272 end |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
273 return a.id < b.id; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
274 end); |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
275 |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
276 return active_clients; |
385346b6c81d
mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
277 end |
5301
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
278 |
5305
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
279 function revoke_client_access(username, client_selector) |
5370
d9d52ad8c1ae
mod_client_management: Fix type confusion
Kim Alvefur <zash@zash.se>
parents:
5369
diff
changeset
|
280 if client_selector then |
d9d52ad8c1ae
mod_client_management: Fix type confusion
Kim Alvefur <zash@zash.se>
parents:
5369
diff
changeset
|
281 local c_type, c_id = client_selector:match("^(%w+)/(.+)$"); |
5305
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
282 if c_type == "client" then |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
283 local client = client_store:get_key(username, c_id); |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
284 if not client then |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
285 return nil, "item-not-found"; |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
286 end |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
287 local status = is_client_active(client); |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
288 if status.connected then |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
289 local ok, err = prosody.full_sessions[client.full_jid]:close(); |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
290 if not ok then return ok, err; end |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
291 end |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
292 if status.fast then |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
293 local ok = mod_fast.revoke_fast_tokens(username, client.id); |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
294 if not ok then return nil, "internal-server-error"; end |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
295 end |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
296 if status.grant then |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
297 local ok = tokenauth.revoke_grant(username, status.grant.id); |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
298 if not ok then return nil, "internal-server-error"; end |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
299 end |
5306
210aeb5afe42
mod_client_management: Fail to revoke clients that have used passwords
Matthew Wild <mwild1@gmail.com>
parents:
5305
diff
changeset
|
300 if status.password then |
210aeb5afe42
mod_client_management: Fail to revoke clients that have used passwords
Matthew Wild <mwild1@gmail.com>
parents:
5305
diff
changeset
|
301 return nil, "password-reset-required"; |
210aeb5afe42
mod_client_management: Fail to revoke clients that have used passwords
Matthew Wild <mwild1@gmail.com>
parents:
5305
diff
changeset
|
302 end |
5305
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
303 return true; |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
304 elseif c_type == "grant" then |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
305 local grant = tokenauth.get_grant_info(username, c_id); |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
306 if not grant then |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
307 return nil, "item-not-found"; |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
308 end |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
309 local ok = tokenauth.revoke_grant(username, c_id); |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
310 if not ok then return nil, "internal-server-error"; end |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
311 return true; |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
312 end |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
313 end |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
314 |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
315 return nil, "item-not-found"; |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
316 end |
9b9f35aaeb91
mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents:
5304
diff
changeset
|
317 |
5301
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
318 -- Protocol |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
319 |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
320 local xmlns_manage_clients = "xmpp:prosody.im/protocol/manage-clients"; |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
321 |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
322 module:hook("iq-get/self/xmpp:prosody.im/protocol/manage-clients:list", function (event) |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
323 local origin, stanza = event.origin, event.stanza; |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
324 |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
325 if not module:may(":list-clients", event) then |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
326 origin.send(st.error_reply(stanza, "auth", "forbidden")); |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
327 return true; |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
328 end |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
329 |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
330 local reply = st.reply(stanza) |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
331 :tag("clients", { xmlns = xmlns_manage_clients }); |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
332 |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
333 local active_clients = get_active_clients(event.origin.username); |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
334 for _, client in ipairs(active_clients) do |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
335 local auth_type = st.stanza("auth"); |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
336 if client.active then |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
337 if client.active.password then |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
338 auth_type:text_tag("password"); |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
339 end |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
340 if client.active.grant then |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
341 auth_type:text_tag("bearer-token"); |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
342 end |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
343 if client.active.fast then |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
344 auth_type:text_tag("fast"); |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
345 end |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
346 end |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
347 |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
348 local user_agent = st.stanza("user-agent"); |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
349 if client.user_agent then |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
350 if client.user_agent.software then |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
351 user_agent:text_tag("software", client.user_agent.software); |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
352 end |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
353 if client.user_agent.device then |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
354 user_agent:text_tag("device", client.user_agent.device); |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
355 end |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
356 if client.user_agent.uri then |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
357 user_agent:text_tag("uri", client.user_agent.uri); |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
358 end |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
359 end |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
360 |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
361 local connected = client.active and client.active.connected; |
5304
717ff9468464
mod_client_management: Include client type in XML response listing
Matthew Wild <mwild1@gmail.com>
parents:
5301
diff
changeset
|
362 reply:tag("client", { id = client.id, connected = connected and "true" or "false", type = client.type }) |
5301
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
363 :text_tag("first-seen", dt.datetime(client.first_seen)) |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
364 :text_tag("last-seen", dt.datetime(client.last_seen)) |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
365 :add_child(auth_type) |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
366 :add_child(user_agent) |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
367 :up(); |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
368 end |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
369 reply:up(); |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
370 |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
371 origin.send(reply); |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
372 return true; |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
373 end); |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
374 |
5343
5c1c70e52635
mod_client_management: Fix import of util.error (not errors)
Kim Alvefur <zash@zash.se>
parents:
5312
diff
changeset
|
375 local revocation_errors = require "util.error".init(module.name, xmlns_manage_clients, { |
5311
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
376 ["item-not-found"] = { "cancel", "item-not-found", "Client not found" }; |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
377 ["internal-server-error"] = { "wait", "internal-server-error", "Unable to revoke client access" }; |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
378 ["password-reset-required"] = { "cancel", "service-unavailable", "Password reset required", "password-reset-required" }; |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
379 }); |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
380 |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
381 module:hook("iq-set/self/xmpp:prosody.im/protocol/manage-clients:revoke", function (event) |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
382 local origin, stanza = event.origin, event.stanza; |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
383 |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
384 if not module:may(":manage-clients", event) then |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
385 origin.send(st.error_reply(stanza, "auth", "forbidden")); |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
386 return true; |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
387 end |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
388 |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
389 local client_id = stanza.tags[1].attr.id; |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
390 |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
391 local ok, err = revocation_errors.coerce(revoke_client_access(origin.username, client_id)); |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
392 if not ok then |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
393 origin.send(st.error_reply(stanza, err)); |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
394 return true; |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
395 end |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
396 |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
397 origin.send(st.reply(stanza)); |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
398 return true; |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
399 end); |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
400 |
d4a0d2b5343a
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
5310
diff
changeset
|
401 |
5301
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
402 -- Command |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
403 |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
404 module:once(function () |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
405 local console_env = module:shared("/*/admin_shell/env"); |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
406 if not console_env.user then return; end -- admin_shell probably not loaded |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
407 |
5308
f370ccb15f05
mod_client_management: Fix user:clients() shell command to take a JID
Matthew Wild <mwild1@gmail.com>
parents:
5307
diff
changeset
|
408 function console_env.user:clients(user_jid) |
f370ccb15f05
mod_client_management: Fix user:clients() shell command to take a JID
Matthew Wild <mwild1@gmail.com>
parents:
5307
diff
changeset
|
409 local username, host = jid.split(user_jid); |
f370ccb15f05
mod_client_management: Fix user:clients() shell command to take a JID
Matthew Wild <mwild1@gmail.com>
parents:
5307
diff
changeset
|
410 local mod = prosody.hosts[host] and prosody.hosts[host].modules.client_management; |
f370ccb15f05
mod_client_management: Fix user:clients() shell command to take a JID
Matthew Wild <mwild1@gmail.com>
parents:
5307
diff
changeset
|
411 if not mod then |
5372
2d8076577e14
mod_client_management: Fix error when called against host without this module
Kim Alvefur <zash@zash.se>
parents:
5371
diff
changeset
|
412 return false, ("Host does not exist on this server, or does not have mod_client_management loaded"); |
5308
f370ccb15f05
mod_client_management: Fix user:clients() shell command to take a JID
Matthew Wild <mwild1@gmail.com>
parents:
5307
diff
changeset
|
413 end |
f370ccb15f05
mod_client_management: Fix user:clients() shell command to take a JID
Matthew Wild <mwild1@gmail.com>
parents:
5307
diff
changeset
|
414 |
f370ccb15f05
mod_client_management: Fix user:clients() shell command to take a JID
Matthew Wild <mwild1@gmail.com>
parents:
5307
diff
changeset
|
415 local clients = mod.get_active_clients(username); |
5301
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
416 if not clients or #clients == 0 then |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
417 return true, "No clients associated with this account"; |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
418 end |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
419 |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
420 local colspec = { |
5371
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
421 { |
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
422 title = "Software"; |
5373
93d6ed7dc779
mod_client_management: Fix changed column cell "key"
Kim Alvefur <zash@zash.se>
parents:
5372
diff
changeset
|
423 key = "user_agent"; |
5371
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
424 width = "1p"; |
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
425 mapper = function(user_agent) |
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
426 return user_agent and user_agent.software; |
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
427 end; |
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
428 }; |
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
429 { |
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
430 title = "Last seen"; |
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
431 key = "last_seen"; |
5374
d9397d6a5513
mod_client_management: Show time for recent timestamps in shell command
Kim Alvefur <zash@zash.se>
parents:
5373
diff
changeset
|
432 width = math.max(#os.date("%Y-%m-%d"), #os.date("%H:%M:%S")); |
d9397d6a5513
mod_client_management: Show time for recent timestamps in shell command
Kim Alvefur <zash@zash.se>
parents:
5373
diff
changeset
|
433 align = "right"; |
5371
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
434 mapper = function(last_seen) |
5374
d9397d6a5513
mod_client_management: Show time for recent timestamps in shell command
Kim Alvefur <zash@zash.se>
parents:
5373
diff
changeset
|
435 return os.date(os.difftime(os.time(), last_seen) >= 86400 and "%Y-%m-%d" or "%H:%M:%S", last_seen); |
5371
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
436 end; |
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
437 }; |
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
438 { |
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
439 title = "Authentication"; |
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
440 key = "active"; |
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
441 width = "2p"; |
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
442 mapper = function(active) |
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
443 return array.collect(it.keys(active)):sort():concat(", "); |
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
444 end; |
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
445 }; |
5301
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
446 }; |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
447 |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
448 local row = require "util.human.io".table(colspec, self.session.width); |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
449 |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
450 local print = self.session.print; |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
451 print(row()); |
5309
09656e2b4927
mod_client_management: Improve table output
Matthew Wild <mwild1@gmail.com>
parents:
5308
diff
changeset
|
452 print(string.rep("-", self.session.width)); |
5301
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
453 for _, client in ipairs(clients) do |
5371
b2d51c6ae89a
mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents:
5370
diff
changeset
|
454 print(row(client)); |
5301
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
455 end |
5309
09656e2b4927
mod_client_management: Improve table output
Matthew Wild <mwild1@gmail.com>
parents:
5308
diff
changeset
|
456 print(string.rep("-", self.session.width)); |
09656e2b4927
mod_client_management: Improve table output
Matthew Wild <mwild1@gmail.com>
parents:
5308
diff
changeset
|
457 return true, ("%d clients"):format(#clients); |
5301
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
458 end |
8ef197cccd74
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents:
5294
diff
changeset
|
459 end); |