Mercurial > prosody-modules

comparison mod_http_admin_api/mod_http_admin_api.lua @ 4997:1b5869c34026

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_admin_api: Updates for new role auth API in Prosody (trunk/0.13 only)
author Matthew Wild <mwild1@gmail.com>
date Wed, 13 Jul 2022 11:18:46 +0100
parents 65870d42a7b1
children d68348323406
comparison
equal deleted inserted replaced
4996:031e0dd90f4b 4997:1b5869c34026
31 if not (auth_type and auth_data) then 31 if not (auth_type and auth_data) then
32 return false; 32 return false;
33 end 33 end
34 34
35 if auth_type == "Bearer" then 35 if auth_type == "Bearer" then
36 local token_info = tokens.get_token_info(auth_data); 36 return tokens.get_token_session(auth_data);
37 if not token_info or not token_info.session then
38 return false;
39 end
40 return token_info.session;
41 end 37 end
42 return nil; 38 return nil;
43 end 39 end
40
41 module:default_permission("prosody:admin", ":access-admin-api");
44 42
45 function check_auth(routes) 43 function check_auth(routes)
46 local function check_request_auth(event) 44 local function check_request_auth(event)
47 local session = check_credentials(event.request); 45 local session = check_credentials(event.request);
48 if not session then 46 if not session then
49 event.response.headers.authorization = www_authenticate_header; 47 event.response.headers.authorization = www_authenticate_header;
50 return false, 401; 48 return false, 401;
51 elseif session.auth_scope ~= "prosody:scope:admin" then 49 end
50 event.session = session;
51 if not module:may(":access-admin-api", event) then
52 return false, 403; 52 return false, 403;
53 end 53 end
54 event.session = session;
55 return true; 54 return true;
56 end 55 end
57 56
58 for route, handler in pairs(routes) do 57 for route, handler in pairs(routes) do
59 routes[route] = function (event, ...) 58 routes[route] = function (event, ...)
177 if ok and nick_item then 176 if ok and nick_item then
178 display_name = nick_item:get_child_text("nick", xmlns_nick); 177 display_name = nick_item:get_child_text("nick", xmlns_nick);
179 end 178 end
180 end 179 end
181 180
182 local roles = nil; 181 local roles = array();
183 if usermanager.get_roles then 182 local roles_map = usermanager.get_user_roles(username, module.host);
184 local roles_map = usermanager.get_roles(username.."@"..module.host, module.host) 183 for role_name in pairs(roles_map) do
185 roles = array() 184 roles:push(role_name);
186 if roles_map then
187 for role in pairs(roles_map) do
188 roles:push(role)
189 end
190 end
191 end 185 end
192 186
193 return { 187 return {
194 username = username; 188 username = username;
195 display_name = display_name; 189 display_name = display_name;
414 final_user.display_name = new_user.display_name; 408 final_user.display_name = new_user.display_name;
415 end 409 end
416 end 410 end
417 411
418 if new_user.roles then 412 if new_user.roles then
419 if not usermanager.set_roles then 413 if not usermanager.set_user_roles then
420 return 500, "feature-not-implemented" 414 return 500, "feature-not-implemented"
421 end 415 end
422 416
423 local backend_roles = {}; 417 local backend_roles = {};
424 for _, role in ipairs(new_user.roles) do 418 for _, role in ipairs(new_user.roles) do
425 backend_roles[role] = true; 419 backend_roles[role] = true;
426 end 420 end
427 local jid = username.."@"..module.host; 421 local jid = username.."@"..module.host;
428 if not usermanager.set_roles(jid, module.host, backend_roles) then 422 if not usermanager.set_user_roles(username, module.host, backend_roles) then
429 module:log("error", "failed to set roles %q for %s", backend_roles, jid) 423 module:log("error", "failed to set roles %q for %s", backend_roles, jid)
430 return 500 424 return 500
431 end 425 end
432 end 426 end
433 427