Mercurial > prosody-modules
annotate mod_sasl2_sm/mod_sasl2_sm.lua @ 5418:f2c7bb3af600
mod_http_oauth2: Add role selector to consent page
List includes all roles available to the user, if more than one.
Defaults to either the first role in the scope string or the users
primary role.
Earlier draft listed all roles, but having options that can't be
selected is bad UX and the entire list of all roles on the server could
be long, and perhaps even sensitive.
Allows e.g. picking a role with fewer permissions than what might
otherwise have been selected.
UX wise, doing this with more checkboxes or possibly radio buttons would
have been confusion and/or looked messier.
Fixes the previous situation where unselecting a role would default to
the primary role, which could be more permissions than requested.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 05 May 2023 01:23:13 +0200 |
| parents | c92c87daa09e |
| children | 92ce3859df63 |
| rev | line source |
|---|---|
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local st = require "util.stanza"; |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 local mod_smacks = module:depends("smacks"); |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 |
|
5039
c0d243b27e64
mod_sasl2, mod_sasl_bind2, mod_sasl2_sm: Bump XEP-0388 namespace
Matthew Wild <mwild1@gmail.com>
parents:
5037
diff
changeset
|
5 local xmlns_sasl2 = "urn:xmpp:sasl:2"; |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 local xmlns_sm = "urn:xmpp:sm:3"; |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
|
5094
c92c87daa09e
mod_sasl2_sm: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents:
5060
diff
changeset
|
8 module:depends("sasl2"); |
|
c92c87daa09e
mod_sasl2_sm: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents:
5060
diff
changeset
|
9 |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
10 -- Advertise what we can do |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
11 |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
12 module:hook("advertise-sasl-features", function (event) |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 local features = event.features; |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
14 features:tag("sm", { xmlns = xmlns_sm }):up(); |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
15 end); |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
16 |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
17 module:hook("advertise-bind-features", function (event) |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
18 local features = event.features; |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
19 features:tag("feature", { var = xmlns_sm }):up(); |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 end); |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 module:hook_tag(xmlns_sasl2, "authenticate", function (session, auth) |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 -- Cache action for future processing (after auth success) |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
24 session.sasl2_sm_request = auth:child_with_ns(xmlns_sm); |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 end, 100); |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
27 -- SASL 2 integration (for resume) |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
28 |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 module:hook("sasl2/c2s/success", function (event) |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 local session = event.session; |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
31 local sm_request = session.sasl2_sm_request; |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
32 if not sm_request then return; end |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
33 session.sasl2_sm_request = nil; |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 local sm_result; |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
35 if sm_request.name ~= "resume" then return; end |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
36 |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
37 local resumed, err = mod_smacks.do_resume(session, sm_request); |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
38 if not resumed then |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
39 local h = err.context and err.context.h; |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
40 sm_result = st.stanza("failed", { xmlns = xmlns_sm, h = h and ("%d"):format(h) or nil }) |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
41 :add_error(err); |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
42 else |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
43 event.session = resumed.session; -- Update to resumed session |
|
5037
8a8100fff580
mod_sasl2_bind2, mod_sasl2_sm: Move sasl2_sm_success to session
Matthew Wild <mwild1@gmail.com>
parents:
5035
diff
changeset
|
44 event.session.sasl2_sm_success = resumed; -- To be called after sending final SASL response |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
45 sm_result = st.stanza("resumed", { xmlns = xmlns_sm, |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
46 h = ("%d"):format(event.session.handled_stanza_count); |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
47 previd = resumed.id; }); |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 end |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
49 |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 if sm_result then |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 event.success:add_child(sm_result); |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 end |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
53 end, 110); |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
54 |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
55 -- Bind 2 integration (for enable) |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
56 |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
57 module:hook("advertise-bind-features", function (event) |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
58 event.features:tag("feature", { var = xmlns_sm }):up(); |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
59 end); |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
60 |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
61 module:hook("enable-bind-features", function (event) |
|
5060
bc491065c221
mod_sasl2_bind2, mod_sasl2_sm: Remove bind2 <features/> wrapper element
Matthew Wild <mwild1@gmail.com>
parents:
5039
diff
changeset
|
62 local sm_enable = event.request:get_child("enable", xmlns_sm); |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
63 if not sm_enable then return; end |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
64 |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
65 local sm_result; |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
66 local enabled, err = mod_smacks.do_enable(event.session, sm_enable); |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
67 if not enabled then |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
68 sm_result = st.stanza("failed", { xmlns = xmlns_sm }) |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
69 :add_error(err); |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
70 else |
|
5037
8a8100fff580
mod_sasl2_bind2, mod_sasl2_sm: Move sasl2_sm_success to session
Matthew Wild <mwild1@gmail.com>
parents:
5035
diff
changeset
|
71 event.session.sasl2_sm_success = enabled; -- To be called after sending final SASL response |
| 5034 | 72 sm_result = st.stanza("enabled", { |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
73 xmlns = xmlns_sm; |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
74 id = enabled.id; |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
75 resume = enabled.id and "1" or nil; |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
76 max = enabled.resume_max; |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
77 }); |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
78 end |
|
5035
baebe7452903
mod_sasl2_sm: Fix event field name
Matthew Wild <mwild1@gmail.com>
parents:
5034
diff
changeset
|
79 event.result:add_child(sm_result); |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 end, 100); |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
82 -- Finish and/or clean up after SASL 2 completed |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
83 |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 module:hook("sasl2/c2s/success", function (event) |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
85 -- The authenticate response has already been sent at this point |
|
5037
8a8100fff580
mod_sasl2_bind2, mod_sasl2_sm: Move sasl2_sm_success to session
Matthew Wild <mwild1@gmail.com>
parents:
5035
diff
changeset
|
86 local success = event.session.sasl2_sm_success; |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
87 if success then |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
88 success.finish(); -- Finish enable/resume and sync stanzas |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
89 end |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
90 end, -1100); |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 module:hook("sasl2/c2s/failure", function (event) |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
93 event.session.sasl2_sm_request = nil; |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
94 end); |