annotate mod_register_web/mod_register_web.lua @ 5243:d5dc8edb2695

mod_http_oauth2: Use more compact IDs UUIDs are nice but so verbose! The reduction in entropy for the nonce should be fine since the timestamp is also counts towards this, and it changes every second (modulo clock shenanigans), so the chances of someone managing to get the same client_secret by registering with the same information at the same time as another entity should be negligible.
author Kim Alvefur <zash@zash.se>
date Sat, 11 Mar 2023 22:46:27 +0100
parents 95262bd1bcb2
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
653
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 local captcha_options = module:get_option("captcha_options", {});
746
03595194075a mod_register_web: nodeprep username before creating user (thanks IRON)
Matthew Wild <mwild1@gmail.com>
parents: 653
diff changeset
2 local nodeprep = require "util.encodings".stringprep.nodeprep;
1225
a3766d3baacb mod_register_web: Import usermanager and util.http into locals
Kim Alvefur <zash@zash.se>
parents: 1223
diff changeset
3 local usermanager = require "core.usermanager";
2739
7d864a03b509 mod_register_web: Import missing datamanager
Michel Le Bihan <michel@lebihan.pl>
parents: 2733
diff changeset
4 local datamanager = require "util.datamanager";
1247
34fbe58d19da mod_register_web: Use net.http instead of util.http, as we need to make requests (thanks dustin)
Matthew Wild <mwild1@gmail.com>
parents: 1239
diff changeset
5 local http = require "net.http";
1459
742f3dc601b5 mod_register_web: Use path separator from package.config
Kim Alvefur <zash@zash.se>
parents: 1320
diff changeset
6 local path_sep = package.config:sub(1,1);
1778
32604bf33a4c mod_register_web: Switch to the new reCAPTCHA API, including support for "nocaptcha" when users are already signed in to Google.
Thijs Alkemade <me@thijsalkema.de>
parents: 1618
diff changeset
7 local json = require "util.json".decode;
32604bf33a4c mod_register_web: Switch to the new reCAPTCHA API, including support for "nocaptcha" when users are already signed in to Google.
Thijs Alkemade <me@thijsalkema.de>
parents: 1618
diff changeset
8 local t_concat = table.concat;
653
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9
3372
866167118d23 mod_register_web: Add soft dependency on mod_register_limits (0.11+)
Kim Alvefur <zash@zash.se>
parents: 2999
diff changeset
10 pcall(function ()
866167118d23 mod_register_web: Add soft dependency on mod_register_limits (0.11+)
Kim Alvefur <zash@zash.se>
parents: 2999
diff changeset
11 module:depends("register_limits");
866167118d23 mod_register_web: Add soft dependency on mod_register_limits (0.11+)
Kim Alvefur <zash@zash.se>
parents: 2999
diff changeset
12 end);
866167118d23 mod_register_web: Add soft dependency on mod_register_limits (0.11+)
Kim Alvefur <zash@zash.se>
parents: 2999
diff changeset
13
1460
5e1f7af23cf0 mod_register_web: Add dependency on mod_http
Kim Alvefur <zash@zash.se>
parents: 1459
diff changeset
14 module:depends"http";
5e1f7af23cf0 mod_register_web: Add dependency on mod_http
Kim Alvefur <zash@zash.se>
parents: 1459
diff changeset
15
1235
9277e0a3922f mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents: 1234
diff changeset
16 local extra_fields = {
9277e0a3922f mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents: 1234
diff changeset
17 nick = true; name = true; first = true; last = true; email = true;
9277e0a3922f mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents: 1234
diff changeset
18 address = true; city = true; state = true; zip = true;
9277e0a3922f mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents: 1234
diff changeset
19 phone = true; url = true; date = true;
9277e0a3922f mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents: 1234
diff changeset
20 }
9277e0a3922f mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents: 1234
diff changeset
21
1572
1aa894db3585 mod_register_web: Add option for specifying path to templates
Kim Alvefur <zash@zash.se>
parents: 1460
diff changeset
22 local template_path = module:get_option_string("register_web_template", "templates");
1227
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
23 function template(data)
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
24 -- Like util.template, but deals with plain text
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
25 return { apply = function(values) return (data:gsub("{([^}]+)}", values)); end }
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
26 end
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
27
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
28 local function get_template(name)
1572
1aa894db3585 mod_register_web: Add option for specifying path to templates
Kim Alvefur <zash@zash.se>
parents: 1460
diff changeset
29 local fh = assert(module:load_resource(template_path..path_sep..name..".html"));
1227
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
30 local data = assert(fh:read("*a"));
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
31 fh:close();
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
32 return template(data);
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
33 end
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
34
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
35 local function render(template, data)
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
36 return tostring(template.apply(data));
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
37 end
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
38
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
39 local register_tpl = get_template "register";
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
40 local success_tpl = get_template "success";
1228
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
41
3724
1c3c7d73c5a6 mod_register_web: Fix to use real client IP in case of proxy forwarding (thanks Sebastian)
Kim Alvefur <zash@zash.se>
parents: 3679
diff changeset
42 -- COMPAT `or request.conn:ip()`
1c3c7d73c5a6 mod_register_web: Fix to use real client IP in case of proxy forwarding (thanks Sebastian)
Kim Alvefur <zash@zash.se>
parents: 3679
diff changeset
43
1228
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
44 if next(captcha_options) ~= nil then
4440
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
45 local provider = captcha_options.provider;
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
46 if provider == nil or provider == "recaptcha" then
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
47 local recaptcha_tpl = get_template "recaptcha";
1227
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
48
4440
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
49 function generate_captcha(display_options)
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
50 return recaptcha_tpl.apply(setmetatable({
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
51 recaptcha_display_error = display_options and display_options.recaptcha_error
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
52 and ("&error="..display_options.recaptcha_error) or "";
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
53 }, {
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
54 __index = function (_, k)
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
55 if captcha_options[k] then return captcha_options[k]; end
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
56 module:log("error", "Missing parameter from captcha_options: %s", k);
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
57 end
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
58 }));
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
59 end
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
60 function verify_captcha(request, form, callback)
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
61 http.request("https://www.google.com/recaptcha/api/siteverify", {
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
62 body = http.formencode {
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
63 secret = captcha_options.recaptcha_private_key;
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
64 remoteip = request.ip or request.conn:ip();
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
65 response = form["g-recaptcha-response"];
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
66 };
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
67 }, function (verify_result, code)
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
68 local result = json(verify_result);
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
69 if not result then
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
70 module:log("warn", "Unable to decode response from recaptcha: [%d] %s", code, verify_result);
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
71 callback(false, "Captcha API error");
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
72 elseif result.success == true then
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
73 callback(true);
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
74 else
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
75 callback(false, t_concat(result["error-codes"]));
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
76 end
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
77 end);
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
78 end
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
79 elseif provider == "hcaptcha" then
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
80 local captcha_tpl = get_template "hcaptcha";
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
81
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
82 function generate_captcha(display_options)
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
83 return captcha_tpl.apply(setmetatable({
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
84 captcha_display_error = display_options and display_options.captcha_error
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
85 and ("&error="..display_options.captcha_error) or "";
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
86 }, {
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
87 __index = function (_, k)
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
88 if captcha_options[k] then return captcha_options[k]; end
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
89 module:log("error", "Missing parameter from captcha_options: %s", k);
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
90 end
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
91 }));
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
92 end
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
93 function verify_captcha(request, form, callback)
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
94 http.request("https://hcaptcha.com/siteverify", {
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
95 body = http.formencode {
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
96 secret = captcha_options.captcha_private_key;
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
97 remoteip = request.ip or request.conn:ip();
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
98 response = form["h-captcha-response"];
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
99 };
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
100 }, function (verify_result, code)
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
101 local result = json(verify_result);
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
102 if not result then
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
103 module:log("warn", "Unable to decode response from hcaptcha: [%d] %s", code, verify_result);
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
104 callback(false, "Captcha API error");
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
105 elseif result.success == true then
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
106 callback(true);
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
107 else
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
108 callback(false, t_concat(result["error-codes"]));
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
109 end
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
110 end);
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
111 end
1228
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
112 end
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
113 else
4440
95262bd1bcb2 mod_register_web: Add hCaptcha provider
Michel Le Bihan <michel@lebihan.pl>
parents: 3753
diff changeset
114 module:log("debug", "No captcha options set, using fallback captcha")
1231
502ce9672eae mod_register_web: Use local
Kim Alvefur <zash@zash.se>
parents: 1230
diff changeset
115 local random = math.random;
1228
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
116 local hmac_sha1 = require "util.hashes".hmac_sha1;
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
117 local secret = require "util.uuid".generate()
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
118 local ops = { '+', '-' };
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
119 local captcha_tpl = get_template "simplecaptcha";
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
120 function generate_captcha()
1231
502ce9672eae mod_register_web: Use local
Kim Alvefur <zash@zash.se>
parents: 1230
diff changeset
121 local op = ops[random(1, #ops)];
502ce9672eae mod_register_web: Use local
Kim Alvefur <zash@zash.se>
parents: 1230
diff changeset
122 local x, y = random(1, 9)
1228
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
123 repeat
1231
502ce9672eae mod_register_web: Use local
Kim Alvefur <zash@zash.se>
parents: 1230
diff changeset
124 y = random(1, 9);
1228
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
125 until x ~= y;
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
126 local answer;
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
127 if op == '+' then
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
128 answer = x + y;
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
129 elseif op == '-' then
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
130 if x < y then
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
131 -- Avoid negative numbers
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
132 x, y = y, x;
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
133 end
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
134 answer = x - y;
1227
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
135 end
1228
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
136 local challenge = hmac_sha1(secret, answer, true);
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
137 return captcha_tpl.apply {
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
138 op = op, x = x, y = y, challenge = challenge;
1226
0667624637da mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents: 1225
diff changeset
139 };
1228
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
140 end
1234
da39ba4047a7 mod_register_web: Pass request to captcha handler
Kim Alvefur <zash@zash.se>
parents: 1233
diff changeset
141 function verify_captcha(request, form, callback)
3679
f9a93d7b6c50 mod_register_web: Fix traceback if captcha_reply is left out of the form (thanks woffs)
Kim Alvefur <zash@zash.se>
parents: 3372
diff changeset
142 if hmac_sha1(secret, form.captcha_reply or "", true) == form.captcha_challenge then
1226
0667624637da mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents: 1225
diff changeset
143 callback(true);
0667624637da mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents: 1225
diff changeset
144 else
1228
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
145 callback(false, "Captcha verification failed");
1226
0667624637da mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents: 1225
diff changeset
146 end
1228
db85ff22ae97 mod_register_web: Add a simple fallback captcha
Kim Alvefur <zash@zash.se>
parents: 1227
diff changeset
147 end
1226
0667624637da mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents: 1225
diff changeset
148 end
653
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
149
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
150 function generate_page(event, display_options)
1618
c56baec031e8 mod_register_web: Send Content-Type headers
Kim Alvefur <zash@zash.se>
parents: 1572
diff changeset
151 local request, response = event.request, event.response;
1227
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
152
1618
c56baec031e8 mod_register_web: Send Content-Type headers
Kim Alvefur <zash@zash.se>
parents: 1572
diff changeset
153 response.headers.content_type = "text/html; charset=utf-8";
1227
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
154 return render(register_tpl, {
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
155 path = request.path; hostname = module.host;
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
156 notice = display_options and display_options.register_error or "";
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
157 captcha = generate_captcha(display_options);
6015434f0e05 mod_register_web: Move HTML into separate template files
Kim Alvefur <zash@zash.se>
parents: 1226
diff changeset
158 })
653
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
159 end
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
160
1320
e670d4cc5027 mod_register_web: Pass request around so IP address can be reported
Kim Alvefur <zash@zash.se>
parents: 1247
diff changeset
161 function register_user(form, origin)
2924
edf5e8a77d0c mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents: 2923
diff changeset
162 local username = form.username;
edf5e8a77d0c mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents: 2923
diff changeset
163 local password = form.password;
edf5e8a77d0c mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents: 2923
diff changeset
164 local confirm_password = form.confirm_password;
2929
3a104a900af1 mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents: 2925
diff changeset
165 local jid = nil;
2924
edf5e8a77d0c mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents: 2923
diff changeset
166 form.username, form.password, form.confirm_password = nil, nil, nil;
edf5e8a77d0c mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents: 2923
diff changeset
167
3725
19e43b7a969d mod_register_web: Enforce strict username validation (on trunk, ignored otherwise)
Kim Alvefur <zash@zash.se>
parents: 3724
diff changeset
168 local prepped_username = nodeprep(username, true);
1230
f7c561fbd5a6 mod_register_web: Friendly error messages if the username is taken or failed nodeprep
Kim Alvefur <zash@zash.se>
parents: 1229
diff changeset
169 if not prepped_username then
f7c561fbd5a6 mod_register_web: Friendly error messages if the username is taken or failed nodeprep
Kim Alvefur <zash@zash.se>
parents: 1229
diff changeset
170 return nil, "Username contains forbidden characters";
f7c561fbd5a6 mod_register_web: Friendly error messages if the username is taken or failed nodeprep
Kim Alvefur <zash@zash.se>
parents: 1229
diff changeset
171 end
1236
59332e0bfbdc mod_register_web: Check for empty username
Kim Alvefur <zash@zash.se>
parents: 1235
diff changeset
172 if #prepped_username == 0 then
59332e0bfbdc mod_register_web: Check for empty username
Kim Alvefur <zash@zash.se>
parents: 1235
diff changeset
173 return nil, "The username field was empty";
59332e0bfbdc mod_register_web: Check for empty username
Kim Alvefur <zash@zash.se>
parents: 1235
diff changeset
174 end
1229
12e3bc0fd6ed mod_register_web: Indentation fix
Kim Alvefur <zash@zash.se>
parents: 1228
diff changeset
175 if usermanager.user_exists(prepped_username, module.host) then
1230
f7c561fbd5a6 mod_register_web: Friendly error messages if the username is taken or failed nodeprep
Kim Alvefur <zash@zash.se>
parents: 1229
diff changeset
176 return nil, "Username already taken";
1229
12e3bc0fd6ed mod_register_web: Indentation fix
Kim Alvefur <zash@zash.se>
parents: 1228
diff changeset
177 end
3724
1c3c7d73c5a6 mod_register_web: Fix to use real client IP in case of proxy forwarding (thanks Sebastian)
Kim Alvefur <zash@zash.se>
parents: 3679
diff changeset
178 local registering = { username = prepped_username , host = module.host, additional = form, ip = origin.ip or origin.conn:ip(), allowed = true }
1237
c669cb78b293 mod_register_web: Fire user-registering event like mod_register
Kim Alvefur <zash@zash.se>
parents: 1236
diff changeset
179 module:fire_event("user-registering", registering);
c669cb78b293 mod_register_web: Fire user-registering event like mod_register
Kim Alvefur <zash@zash.se>
parents: 1236
diff changeset
180 if not registering.allowed then
2923
9d53134a0b29 mod_register_web: Return reason for rejection if one was provided by another plugin during pre-registration checks
Kim Alvefur <zash@zash.se>
parents: 2922
diff changeset
181 return nil, registering.reason or "Registration not allowed";
1237
c669cb78b293 mod_register_web: Fire user-registering event like mod_register
Kim Alvefur <zash@zash.se>
parents: 1236
diff changeset
182 end
2924
edf5e8a77d0c mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents: 2923
diff changeset
183 if confirm_password ~= password then
2733
c8161146c698 mod_register_web: Add password confirmation field
Michel Le Bihan <michel@lebihan.pl>
parents: 1778
diff changeset
184 return nil, "Passwords don't match";
c8161146c698 mod_register_web: Add password confirmation field
Michel Le Bihan <michel@lebihan.pl>
parents: 1778
diff changeset
185 end
2924
edf5e8a77d0c mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
Kim Alvefur <zash@zash.se>
parents: 2923
diff changeset
186 local ok, err = usermanager.create_user(prepped_username, password, module.host);
1232
12f59489ef6e mod_register_web: Fire user-registered event
Kim Alvefur <zash@zash.se>
parents: 1231
diff changeset
187 if ok then
2929
3a104a900af1 mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents: 2925
diff changeset
188 jid = prepped_username.."@"..module.host
1235
9277e0a3922f mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents: 1234
diff changeset
189 local extra_data = {};
9277e0a3922f mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents: 1234
diff changeset
190 for field in pairs(extra_fields) do
9277e0a3922f mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents: 1234
diff changeset
191 local field_value = form[field];
9277e0a3922f mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents: 1234
diff changeset
192 if field_value and #field_value > 0 then
9277e0a3922f mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents: 1234
diff changeset
193 extra_data[field] = field_value;
9277e0a3922f mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents: 1234
diff changeset
194 end
9277e0a3922f mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents: 1234
diff changeset
195 end
1238
752285859607 mod_register_web: Use correct variables
Kim Alvefur <zash@zash.se>
parents: 1237
diff changeset
196 if next(extra_data) ~= nil then
1235
9277e0a3922f mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents: 1234
diff changeset
197 datamanager.store(prepped_username, module.host, "account_details", extra_data);
9277e0a3922f mod_register_web: Support additional registration fields
Kim Alvefur <zash@zash.se>
parents: 1234
diff changeset
198 end
1232
12f59489ef6e mod_register_web: Fire user-registered event
Kim Alvefur <zash@zash.se>
parents: 1231
diff changeset
199 module:fire_event("user-registered", {
12f59489ef6e mod_register_web: Fire user-registered event
Kim Alvefur <zash@zash.se>
parents: 1231
diff changeset
200 username = prepped_username,
12f59489ef6e mod_register_web: Fire user-registered event
Kim Alvefur <zash@zash.se>
parents: 1231
diff changeset
201 host = module.host,
1320
e670d4cc5027 mod_register_web: Pass request around so IP address can be reported
Kim Alvefur <zash@zash.se>
parents: 1247
diff changeset
202 source = module.name,
3724
1c3c7d73c5a6 mod_register_web: Fix to use real client IP in case of proxy forwarding (thanks Sebastian)
Kim Alvefur <zash@zash.se>
parents: 3679
diff changeset
203 ip = origin.ip or origin.conn:ip(),
1232
12f59489ef6e mod_register_web: Fire user-registered event
Kim Alvefur <zash@zash.se>
parents: 1231
diff changeset
204 });
12f59489ef6e mod_register_web: Fire user-registered event
Kim Alvefur <zash@zash.se>
parents: 1231
diff changeset
205 end
2929
3a104a900af1 mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents: 2925
diff changeset
206 return jid, err;
653
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
207 end
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
208
2929
3a104a900af1 mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents: 2925
diff changeset
209 function generate_success(event, jid)
3a104a900af1 mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents: 2925
diff changeset
210 return render(success_tpl, { jid = jid });
653
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
211 end
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
212
2929
3a104a900af1 mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents: 2925
diff changeset
213 function generate_register_response(event, jid, err)
1618
c56baec031e8 mod_register_web: Send Content-Type headers
Kim Alvefur <zash@zash.se>
parents: 1572
diff changeset
214 event.response.headers.content_type = "text/html; charset=utf-8";
2929
3a104a900af1 mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents: 2925
diff changeset
215 if jid then
3a104a900af1 mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents: 2925
diff changeset
216 return generate_success(event, jid);
653
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
217 else
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
218 return generate_page(event, { register_error = err });
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
219 end
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
220 end
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
221
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
222 function handle_form(event)
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
223 local request, response = event.request, event.response;
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
224 local form = http.formdecode(request.body);
1234
da39ba4047a7 mod_register_web: Pass request to captcha handler
Kim Alvefur <zash@zash.se>
parents: 1233
diff changeset
225 verify_captcha(request, form, function (ok, err)
1226
0667624637da mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents: 1225
diff changeset
226 if ok then
2929
3a104a900af1 mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents: 2925
diff changeset
227 local jid, register_err = register_user(form, request);
3a104a900af1 mod_register_web: Pass username to generate_register_response
Michel Le Bihan <michel@lebihan.pl>
parents: 2925
diff changeset
228 response:send(generate_register_response(event, jid, register_err));
653
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
229 else
1226
0667624637da mod_register_web: Split out recaptcha verification to a separate function
Kim Alvefur <zash@zash.se>
parents: 1225
diff changeset
230 response:send(generate_page(event, { register_error = err }));
653
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
231 end
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
232 end);
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
233 return true; -- Leave connection open until we respond above
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
234 end
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
235
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
236 module:provides("http", {
3753
cf3247ec5e01 mod_register_web: Set a (configurable) HTTP app title
Kim Alvefur <zash@zash.se>
parents: 3725
diff changeset
237 title = module:get_option_string("register_web_title", "Account Registration");
653
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
238 route = {
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
239 GET = generate_page;
1239
cc5cbeeb9fc7 mod_register_web: Handle URLs with a trailing slash
Kim Alvefur <zash@zash.se>
parents: 1238
diff changeset
240 ["GET /"] = generate_page;
653
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
241 POST = handle_form;
1239
cc5cbeeb9fc7 mod_register_web: Handle URLs with a trailing slash
Kim Alvefur <zash@zash.se>
parents: 1238
diff changeset
242 ["POST /"] = handle_form;
653
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
243 };
c08b0e4b7b38 mod_register_web: Extremely rough web registration page, with captcha
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
244 });