annotate mod_client_management/mod_client_management.lua @ 5390:f2363e6d9a64

mod_http_oauth2: Advertise the currently supported id_token signing algorithm This field is REQUIRED. The algorithm RS256 MUST be included, but isn't because we don't implement it, as that would require implementing a pile of additional cryptography and JWT stuff. Instead the id_token is signed using the client secret, which allows verification by the client, since it's a shared secret per OpenID Connect Core 1.0 ยง 10.1 under Symmetric Signatures. OpenID Connect Discovery 1.0 has a lot of REQUIRED and MUST clauses that are not supported here, but that's okay because this is served from the RFC 8414 OAuth 2.0 Authorization Server Metadata .well-known endpoint!
author Kim Alvefur <zash@zash.se>
date Sun, 30 Apr 2023 16:13:40 +0200
parents d9397d6a5513
children f25df3af02c1
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
5294
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 local modulemanager = require "core.modulemanager";
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 local usermanager = require "core.usermanager";
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3
5301
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
4 local array = require "util.array";
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
5 local dt = require "util.datetime";
5294
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 local id = require "util.id";
5301
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
7 local it = require "util.iterators";
5294
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 local jid = require "util.jid";
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 local st = require "util.stanza";
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 local strict = module:get_option_boolean("enforce_client_ids", false);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12
5312
22e6b9f09439 mod_client_management: Add list-clients + manage-clients permissions to users
Matthew Wild <mwild1@gmail.com>
parents: 5311
diff changeset
13 module:default_permission("prosody:user", ":list-clients");
22e6b9f09439 mod_client_management: Add list-clients + manage-clients permissions to users
Matthew Wild <mwild1@gmail.com>
parents: 5311
diff changeset
14 module:default_permission("prosody:user", ":manage-clients");
22e6b9f09439 mod_client_management: Add list-clients + manage-clients permissions to users
Matthew Wild <mwild1@gmail.com>
parents: 5311
diff changeset
15
5294
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 local tokenauth = module:depends("tokenauth");
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 local mod_fast = module:depends("sasl2_fast");
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 local client_store = assert(module:open_store("clients", "keyval+"));
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 --[[{
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 id = id;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 first_seen =
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 last_seen =
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 user_agent = {
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 name =
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 os =
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 }
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 --}]]
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 local xmlns_sasl2 = "urn:xmpp:sasl:2";
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 local function get_user_agent(sasl_handler, token_info)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 local sasl_agent = sasl_handler and sasl_handler.user_agent;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 local token_agent = token_info and token_info.data and token_info.data.oauth2_client;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 if not (sasl_agent or token_agent) then return; end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 return {
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 software = sasl_agent and sasl_agent.software or token_agent and token_agent.name or nil;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38 uri = token_agent and token_agent.uri or nil;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 device = sasl_agent and sasl_agent.device or nil;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 };
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 module:hook("sasl2/c2s/success", function (event)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 local session = event.session;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45 local username, client_id = session.username, session.client_id;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 local mechanism = session.sasl_handler.selected;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47 local token_info = session.sasl_handler.token_info;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 local token_id = token_info and token_info.id or nil;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50 local now = os.time();
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 if client_id then -- SASL2, have client identifier
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52 local is_new_client;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54 local client_state = client_store:get_key(username, client_id);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 if not client_state then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
56 is_new_client = true;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
57 client_state = {
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
58 id = client_id;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
59 first_seen = now;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
60 user_agent = get_user_agent(session.sasl_handler, token_info);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
61 full_jid = nil;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
62 last_seen = nil;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
63 mechanisms = {};
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64 };
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
66 -- Update state
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
67 client_state.full_jid = session.full_jid;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
68 client_state.last_seen = now;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
69 client_state.mechanisms[mechanism] = now;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
70 if session.sasl_handler.fast_auth then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
71 client_state.fast_auth = now;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
72 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
73 if token_id then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
74 client_state.auth_token_id = token_id;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
75 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
76 -- Store updated state
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
77 client_store:set_key(username, client_id, client_state);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
78
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
79 if is_new_client then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
80 module:fire_event("client_management/new-client", { client = client_state });
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
81 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
82 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
83 end);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
84
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
85 local function find_client_by_resource(username, resource)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
86 local full_jid = jid.join(username, module.host, resource);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
87 local clients = client_store:get(username);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
88 if not clients then return; end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
89
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
90 for _, client_state in pairs(clients) do
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
91 if client_state.full_jid == full_jid then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
92 return client_state;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
93 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
94 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
95 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
96
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
97 module:hook("resource-bind", function (event)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
98 local session = event.session;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
99 if session.client_id then return; end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
100 local is_new_client;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
101 local client_state = find_client_by_resource(event.session.username, event.session.resource);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
102 local now = os.time();
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
103 if not client_state then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
104 is_new_client = true;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
105 client_state = {
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
106 id = id.short();
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
107 first_seen = now;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
108 user_agent = nil;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
109 full_jid = nil;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
110 last_seen = nil;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
111 mechanisms = {};
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
112 legacy = true;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
113 };
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
114 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
115
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
116 -- Update state
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
117 local legacy_info = session.client_management_info;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
118 client_state.full_jid = session.full_jid;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
119 client_state.last_seen = now;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
120 client_state.mechanisms[legacy_info.mechanism] = now;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
121 if legacy_info.fast_auth then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
122 client_state.fast_auth = now;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
123 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
124
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
125 local token_id = legacy_info.token_info and legacy_info.token_info.id;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
126 if token_id then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
127 client_state.auth_token_id = token_id;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
128 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
129
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
130 -- Store updated state
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
131 client_store:set_key(session.username, client_state.id, client_state);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
132
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
133 if is_new_client then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
134 module:fire_event("client_management/new-client", { client = client_state });
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
135 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
136 end);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
137
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
138 if strict then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
139 module:hook_tag(xmlns_sasl2, "authenticate", function (session, auth)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
140 local user_agent = auth:get_child("user-agent");
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
141 if not user_agent or not user_agent.attr.id then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
142 local failure = st.stanza("failure", { xmlns = xmlns_sasl2 })
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
143 :tag("malformed-request", { xmlns = "urn:ietf:params:xml:ns:xmpp-sasl" }):up()
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
144 :text_tag("text", "Client identifier required but not supplied");
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
145 session.send(failure);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
146 return true;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
147 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
148 end, 500);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
149
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
150 if modulemanager.get_modules_for_host(module.host):contains("saslauth") then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
151 module:log("error", "mod_saslauth is enabled, but enforce_client_ids is enabled and will prevent it from working");
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
152 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
153
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
154 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:auth", function (event)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
155 -- Block legacy SASL, if for some reason it is being used (either mod_saslauth is loaded,
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
156 -- or clients try it without advertisement)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
157 module:log("warn", "Blocking legacy SASL authentication because enforce_client_ids is enabled");
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
158 local failure = st.stanza("failure", { xmlns = xmlns_sasl2 })
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
159 :tag("malformed-request", { xmlns = "urn:ietf:params:xml:ns:xmpp-sasl" }):up()
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
160 :text_tag("text", "Legacy SASL authentication is not available on this server");
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
161 event.session.send(failure);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
162 return true;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
163 end);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
164 else
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
165 -- Legacy client compat code
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
166 module:hook("authentication-success", function (event)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
167 local session = event.session;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
168 if session.client_id then return; end -- SASL2 client
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
169
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
170 local sasl_handler = session.sasl_handler;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
171 session.client_management_info = {
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
172 mechanism = sasl_handler.selected;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
173 token_info = sasl_handler.token_info;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
174 fast_auth = sasl_handler.fast_auth;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
175 };
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
176 end);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
177 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
178
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
179 local function is_password_mechanism(mech_name)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
180 if mech_name == "OAUTHBEARER" then return false; end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
181 if mech_name:match("^HT%-") then return false; end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
182 return true;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
183 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
184
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
185 local function is_client_active(client)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
186 local username, host = jid.split(client.full_jid);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
187 local account_info = usermanager.get_account_info(username, host);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
188 local last_password_change = account_info and account_info.password_updated;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
189
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
190 local status = {};
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
191
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
192 -- Check for an active token grant that has been previously used by this client
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
193 if client.auth_token_id then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
194 local grant = tokenauth.get_grant_info(client.auth_token_id);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
195 if grant then
5301
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
196 status.grant = grant;
5294
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
197 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
198 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
199
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
200 -- Check for active FAST tokens
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
201 if client.fast_auth then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
202 if mod_fast.is_client_fast(username, client.id, last_password_change) then
5301
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
203 status.fast = client.fast_auth;
5294
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
204 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
205 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
206
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
207 -- Client has access if any password-based SASL mechanisms have been used since last password change
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
208 for mech, mech_last_used in pairs(client.mechanisms) do
5369
1a58a11407ac mod_client_management: Fix error when last password change is unknown (or never)
Kim Alvefur <zash@zash.se>
parents: 5343
diff changeset
209 if is_password_mechanism(mech) and (not last_password_change or mech_last_used >= last_password_change) then
5301
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
210 status.password = mech_last_used;
5294
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
211 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
212 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
213
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
214 if prosody.full_sessions[client.full_jid] then
5301
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
215 status.connected = true;
5294
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
216 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
217
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
218 if next(status) == nil then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
219 return nil;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
220 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
221 return status;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
222 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
223
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
224 -- Public API
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
225 --luacheck: ignore 131
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
226 function get_active_clients(username)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
227 local clients = client_store:get(username);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
228 local active_clients = {};
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
229 local used_grants = {};
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
230
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
231 -- Go through known clients, check whether they could possibly log in
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
232 for client_id, client in pairs(clients or {}) do --luacheck: ignore 213/client_id
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
233 local active = is_client_active(client);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
234 if active then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
235 client.type = "session";
5305
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
236 client.id = "client/"..client.id;
5294
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
237 client.active = active;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
238 table.insert(active_clients, client);
5301
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
239 if active.grant then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
240 used_grants[active.grant.id] = true;
5294
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
241 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
242 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
243 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
244
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
245 -- Next, account for any grants that have been issued, but never actually logged in
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
246 for grant_id, grant in pairs(tokenauth.get_user_grants(username) or {}) do
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
247 if not used_grants[grant_id] then -- exclude grants already accounted for
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
248 table.insert(active_clients, {
5307
2bb27dfd10d5 mod_client_management: Use grant id from key
Matthew Wild <mwild1@gmail.com>
parents: 5306
diff changeset
249 id = "grant/"..grant_id;
5294
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
250 type = "access";
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
251 first_seen = grant.created;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
252 last_seen = grant.accessed;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
253 active = {
5301
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
254 grant = grant;
5294
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
255 };
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
256 user_agent = get_user_agent(nil, grant);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
257 });
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
258 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
259 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
260
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
261 table.sort(active_clients, function (a, b)
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
262 if a.last_seen and b.last_seen then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
263 return a.last_seen < b.last_seen;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
264 elseif not (a.last_seen or b.last_seen) then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
265 if a.first_seen and b.first_seen then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
266 return a.first_seen < b.first_seen;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
267 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
268 elseif b.last_seen then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
269 return true;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
270 elseif a.last_seen then
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
271 return false;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
272 end
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
273 return a.id < b.id;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
274 end);
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
275
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
276 return active_clients;
385346b6c81d mod_client_management: New module for users to view/manage permitted clients
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
277 end
5301
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
278
5305
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
279 function revoke_client_access(username, client_selector)
5370
d9d52ad8c1ae mod_client_management: Fix type confusion
Kim Alvefur <zash@zash.se>
parents: 5369
diff changeset
280 if client_selector then
d9d52ad8c1ae mod_client_management: Fix type confusion
Kim Alvefur <zash@zash.se>
parents: 5369
diff changeset
281 local c_type, c_id = client_selector:match("^(%w+)/(.+)$");
5305
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
282 if c_type == "client" then
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
283 local client = client_store:get_key(username, c_id);
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
284 if not client then
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
285 return nil, "item-not-found";
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
286 end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
287 local status = is_client_active(client);
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
288 if status.connected then
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
289 local ok, err = prosody.full_sessions[client.full_jid]:close();
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
290 if not ok then return ok, err; end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
291 end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
292 if status.fast then
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
293 local ok = mod_fast.revoke_fast_tokens(username, client.id);
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
294 if not ok then return nil, "internal-server-error"; end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
295 end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
296 if status.grant then
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
297 local ok = tokenauth.revoke_grant(username, status.grant.id);
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
298 if not ok then return nil, "internal-server-error"; end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
299 end
5306
210aeb5afe42 mod_client_management: Fail to revoke clients that have used passwords
Matthew Wild <mwild1@gmail.com>
parents: 5305
diff changeset
300 if status.password then
210aeb5afe42 mod_client_management: Fail to revoke clients that have used passwords
Matthew Wild <mwild1@gmail.com>
parents: 5305
diff changeset
301 return nil, "password-reset-required";
210aeb5afe42 mod_client_management: Fail to revoke clients that have used passwords
Matthew Wild <mwild1@gmail.com>
parents: 5305
diff changeset
302 end
5305
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
303 return true;
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
304 elseif c_type == "grant" then
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
305 local grant = tokenauth.get_grant_info(username, c_id);
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
306 if not grant then
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
307 return nil, "item-not-found";
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
308 end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
309 local ok = tokenauth.revoke_grant(username, c_id);
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
310 if not ok then return nil, "internal-server-error"; end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
311 return true;
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
312 end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
313 end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
314
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
315 return nil, "item-not-found";
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
316 end
9b9f35aaeb91 mod_client_management: Add support for revocation of clients (when possible)
Matthew Wild <mwild1@gmail.com>
parents: 5304
diff changeset
317
5301
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
318 -- Protocol
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
319
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
320 local xmlns_manage_clients = "xmpp:prosody.im/protocol/manage-clients";
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
321
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
322 module:hook("iq-get/self/xmpp:prosody.im/protocol/manage-clients:list", function (event)
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
323 local origin, stanza = event.origin, event.stanza;
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
324
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
325 if not module:may(":list-clients", event) then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
326 origin.send(st.error_reply(stanza, "auth", "forbidden"));
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
327 return true;
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
328 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
329
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
330 local reply = st.reply(stanza)
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
331 :tag("clients", { xmlns = xmlns_manage_clients });
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
332
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
333 local active_clients = get_active_clients(event.origin.username);
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
334 for _, client in ipairs(active_clients) do
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
335 local auth_type = st.stanza("auth");
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
336 if client.active then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
337 if client.active.password then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
338 auth_type:text_tag("password");
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
339 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
340 if client.active.grant then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
341 auth_type:text_tag("bearer-token");
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
342 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
343 if client.active.fast then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
344 auth_type:text_tag("fast");
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
345 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
346 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
347
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
348 local user_agent = st.stanza("user-agent");
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
349 if client.user_agent then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
350 if client.user_agent.software then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
351 user_agent:text_tag("software", client.user_agent.software);
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
352 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
353 if client.user_agent.device then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
354 user_agent:text_tag("device", client.user_agent.device);
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
355 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
356 if client.user_agent.uri then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
357 user_agent:text_tag("uri", client.user_agent.uri);
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
358 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
359 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
360
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
361 local connected = client.active and client.active.connected;
5304
717ff9468464 mod_client_management: Include client type in XML response listing
Matthew Wild <mwild1@gmail.com>
parents: 5301
diff changeset
362 reply:tag("client", { id = client.id, connected = connected and "true" or "false", type = client.type })
5301
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
363 :text_tag("first-seen", dt.datetime(client.first_seen))
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
364 :text_tag("last-seen", dt.datetime(client.last_seen))
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
365 :add_child(auth_type)
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
366 :add_child(user_agent)
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
367 :up();
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
368 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
369 reply:up();
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
370
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
371 origin.send(reply);
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
372 return true;
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
373 end);
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
374
5343
5c1c70e52635 mod_client_management: Fix import of util.error (not errors)
Kim Alvefur <zash@zash.se>
parents: 5312
diff changeset
375 local revocation_errors = require "util.error".init(module.name, xmlns_manage_clients, {
5311
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
376 ["item-not-found"] = { "cancel", "item-not-found", "Client not found" };
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
377 ["internal-server-error"] = { "wait", "internal-server-error", "Unable to revoke client access" };
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
378 ["password-reset-required"] = { "cancel", "service-unavailable", "Password reset required", "password-reset-required" };
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
379 });
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
380
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
381 module:hook("iq-set/self/xmpp:prosody.im/protocol/manage-clients:revoke", function (event)
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
382 local origin, stanza = event.origin, event.stanza;
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
383
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
384 if not module:may(":manage-clients", event) then
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
385 origin.send(st.error_reply(stanza, "auth", "forbidden"));
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
386 return true;
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
387 end
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
388
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
389 local client_id = stanza.tags[1].attr.id;
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
390
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
391 local ok, err = revocation_errors.coerce(revoke_client_access(origin.username, client_id));
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
392 if not ok then
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
393 origin.send(st.error_reply(stanza, err));
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
394 return true;
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
395 end
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
396
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
397 origin.send(st.reply(stanza));
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
398 return true;
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
399 end);
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
400
d4a0d2b5343a mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com>
parents: 5310
diff changeset
401
5301
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
402 -- Command
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
403
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
404 module:once(function ()
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
405 local console_env = module:shared("/*/admin_shell/env");
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
406 if not console_env.user then return; end -- admin_shell probably not loaded
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
407
5308
f370ccb15f05 mod_client_management: Fix user:clients() shell command to take a JID
Matthew Wild <mwild1@gmail.com>
parents: 5307
diff changeset
408 function console_env.user:clients(user_jid)
f370ccb15f05 mod_client_management: Fix user:clients() shell command to take a JID
Matthew Wild <mwild1@gmail.com>
parents: 5307
diff changeset
409 local username, host = jid.split(user_jid);
f370ccb15f05 mod_client_management: Fix user:clients() shell command to take a JID
Matthew Wild <mwild1@gmail.com>
parents: 5307
diff changeset
410 local mod = prosody.hosts[host] and prosody.hosts[host].modules.client_management;
f370ccb15f05 mod_client_management: Fix user:clients() shell command to take a JID
Matthew Wild <mwild1@gmail.com>
parents: 5307
diff changeset
411 if not mod then
5372
2d8076577e14 mod_client_management: Fix error when called against host without this module
Kim Alvefur <zash@zash.se>
parents: 5371
diff changeset
412 return false, ("Host does not exist on this server, or does not have mod_client_management loaded");
5308
f370ccb15f05 mod_client_management: Fix user:clients() shell command to take a JID
Matthew Wild <mwild1@gmail.com>
parents: 5307
diff changeset
413 end
f370ccb15f05 mod_client_management: Fix user:clients() shell command to take a JID
Matthew Wild <mwild1@gmail.com>
parents: 5307
diff changeset
414
f370ccb15f05 mod_client_management: Fix user:clients() shell command to take a JID
Matthew Wild <mwild1@gmail.com>
parents: 5307
diff changeset
415 local clients = mod.get_active_clients(username);
5301
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
416 if not clients or #clients == 0 then
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
417 return true, "No clients associated with this account";
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
418 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
419
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
420 local colspec = {
5371
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
421 {
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
422 title = "Software";
5373
93d6ed7dc779 mod_client_management: Fix changed column cell "key"
Kim Alvefur <zash@zash.se>
parents: 5372
diff changeset
423 key = "user_agent";
5371
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
424 width = "1p";
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
425 mapper = function(user_agent)
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
426 return user_agent and user_agent.software;
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
427 end;
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
428 };
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
429 {
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
430 title = "Last seen";
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
431 key = "last_seen";
5374
d9397d6a5513 mod_client_management: Show time for recent timestamps in shell command
Kim Alvefur <zash@zash.se>
parents: 5373
diff changeset
432 width = math.max(#os.date("%Y-%m-%d"), #os.date("%H:%M:%S"));
d9397d6a5513 mod_client_management: Show time for recent timestamps in shell command
Kim Alvefur <zash@zash.se>
parents: 5373
diff changeset
433 align = "right";
5371
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
434 mapper = function(last_seen)
5374
d9397d6a5513 mod_client_management: Show time for recent timestamps in shell command
Kim Alvefur <zash@zash.se>
parents: 5373
diff changeset
435 return os.date(os.difftime(os.time(), last_seen) >= 86400 and "%Y-%m-%d" or "%H:%M:%S", last_seen);
5371
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
436 end;
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
437 };
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
438 {
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
439 title = "Authentication";
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
440 key = "active";
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
441 width = "2p";
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
442 mapper = function(active)
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
443 return array.collect(it.keys(active)):sort():concat(", ");
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
444 end;
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
445 };
5301
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
446 };
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
447
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
448 local row = require "util.human.io".table(colspec, self.session.width);
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
449
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
450 local print = self.session.print;
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
451 print(row());
5309
09656e2b4927 mod_client_management: Improve table output
Matthew Wild <mwild1@gmail.com>
parents: 5308
diff changeset
452 print(string.rep("-", self.session.width));
5301
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
453 for _, client in ipairs(clients) do
5371
b2d51c6ae89a mod_client_management: Move table cell formatting into column specification
Kim Alvefur <zash@zash.se>
parents: 5370
diff changeset
454 print(row(client));
5301
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
455 end
5309
09656e2b4927 mod_client_management: Improve table output
Matthew Wild <mwild1@gmail.com>
parents: 5308
diff changeset
456 print(string.rep("-", self.session.width));
09656e2b4927 mod_client_management: Improve table output
Matthew Wild <mwild1@gmail.com>
parents: 5308
diff changeset
457 return true, ("%d clients"):format(#clients);
5301
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
458 end
8ef197cccd74 mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com>
parents: 5294
diff changeset
459 end);