Mercurial > prosody-modules
comparison mod_register_web/mod_register_web.lua @ 3724:1c3c7d73c5a6
mod_register_web: Fix to use real client IP in case of proxy forwarding (thanks Sebastian)
mod_http since Prosody 0.11 will process the `X-Forwarded-For` header and store the result in `request.ip`.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 01 Nov 2019 17:15:29 +0100 |
| parents | f9a93d7b6c50 |
| children | 19e43b7a969d |
comparison
equal
deleted
inserted
replaced
| 3723:427879b46061 | 3724:1c3c7d73c5a6 |
|---|---|
| 37 end | 37 end |
| 38 | 38 |
| 39 local register_tpl = get_template "register"; | 39 local register_tpl = get_template "register"; |
| 40 local success_tpl = get_template "success"; | 40 local success_tpl = get_template "success"; |
| 41 | 41 |
| 42 -- COMPAT `or request.conn:ip()` | |
| 43 | |
| 42 if next(captcha_options) ~= nil then | 44 if next(captcha_options) ~= nil then |
| 43 local recaptcha_tpl = get_template "recaptcha"; | 45 local recaptcha_tpl = get_template "recaptcha"; |
| 44 | 46 |
| 45 function generate_captcha(display_options) | 47 function generate_captcha(display_options) |
| 46 return recaptcha_tpl.apply(setmetatable({ | 48 return recaptcha_tpl.apply(setmetatable({ |
| 55 end | 57 end |
| 56 function verify_captcha(request, form, callback) | 58 function verify_captcha(request, form, callback) |
| 57 http.request("https://www.google.com/recaptcha/api/siteverify", { | 59 http.request("https://www.google.com/recaptcha/api/siteverify", { |
| 58 body = http.formencode { | 60 body = http.formencode { |
| 59 secret = captcha_options.recaptcha_private_key; | 61 secret = captcha_options.recaptcha_private_key; |
| 60 remoteip = request.conn:ip(); | 62 remoteip = request.ip or request.conn:ip(); |
| 61 response = form["g-recaptcha-response"]; | 63 response = form["g-recaptcha-response"]; |
| 62 }; | 64 }; |
| 63 }, function (verify_result, code) | 65 }, function (verify_result, code) |
| 64 local result = json(verify_result); | 66 local result = json(verify_result); |
| 65 if not result then | 67 if not result then |
| 135 return nil, "The username field was empty"; | 137 return nil, "The username field was empty"; |
| 136 end | 138 end |
| 137 if usermanager.user_exists(prepped_username, module.host) then | 139 if usermanager.user_exists(prepped_username, module.host) then |
| 138 return nil, "Username already taken"; | 140 return nil, "Username already taken"; |
| 139 end | 141 end |
| 140 local registering = { username = prepped_username , host = module.host, additional = form, ip = origin.conn:ip(), allowed = true } | 142 local registering = { username = prepped_username , host = module.host, additional = form, ip = origin.ip or origin.conn:ip(), allowed = true } |
| 141 module:fire_event("user-registering", registering); | 143 module:fire_event("user-registering", registering); |
| 142 if not registering.allowed then | 144 if not registering.allowed then |
| 143 return nil, registering.reason or "Registration not allowed"; | 145 return nil, registering.reason or "Registration not allowed"; |
| 144 end | 146 end |
| 145 if confirm_password ~= password then | 147 if confirm_password ~= password then |
| 160 end | 162 end |
| 161 module:fire_event("user-registered", { | 163 module:fire_event("user-registered", { |
| 162 username = prepped_username, | 164 username = prepped_username, |
| 163 host = module.host, | 165 host = module.host, |
| 164 source = module.name, | 166 source = module.name, |
| 165 ip = origin.conn:ip(), | 167 ip = origin.ip or origin.conn:ip(), |
| 166 }); | 168 }); |
| 167 end | 169 end |
| 168 return jid, err; | 170 return jid, err; |
| 169 end | 171 end |
| 170 | 172 |