Mercurial > prosody-modules
view mod_devices/mod_devices.lua @ 5213:dc0f502c12f1
mod_http_oauth2: Fix authorization code logic
I have no idea what it did before or if it even worked.
RFC 6749 section 4.1.2 says:
> A maximum authorization code lifetime of 10 minutes is RECOMMENDED.
So this should prevent use of codes older than 10 minutes and remove
them from the cache some time after they expire.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 06 Mar 2023 16:49:43 +0100 |
parents | 4cf65afd90f4 |
children |
line wrap: on
line source
local it = require "util.iterators"; local new_id = require "util.id".medium; local max_user_devices = module:get_option_number("max_user_devices", 5); local device_store = module:open_store("devices"); local device_map_store = module:open_store("devices", "map"); --- Helper functions local function _compare_device_timestamps(a, b) return (a.last_activity_at or 0) < (b.last_activity_at or 0); end local function sorted_devices(devices) return it.sorted_pairs(devices, _compare_device_timestamps); end local function new_device(username, alt_ids) local current_time = os.time(); local device = { id = "dv-"..new_id(); created_at = current_time; last_activity = "created"; last_activity_at = current_time; alt_ids = alt_ids or {}; }; local devices = device_store:get(username); if not devices then devices = {}; end devices[device.id] = device; local devices_ordered = {}; for id in sorted_devices(devices) do table.insert(devices_ordered, id); end if #devices_ordered > max_user_devices then -- Iterate through oldest devices that are above limit, backwards for i = #devices_ordered, max_user_devices+1, -1 do local id = table.remove(devices_ordered, i); devices[id] = nil; module:log("debug", "Removing old device for %s: %s", username, id); end end device_store:set(username, devices); return device; end local function get_device_with_alt_id(username, alt_id_type, alt_id) local devices = device_store:get(username); if not devices then return nil; end for _, device in pairs(devices) do if device.alt_ids[alt_id_type] == alt_id then return device; end end end local function set_device_alt_id(username, device_id, alt_id_type, alt_id) local devices = device_store:get(username); if not devices or not devices[device_id] then return nil, "no such device"; end devices[device_id].alt_ids[alt_id_type] = alt_id; end local function record_device_state(username, device_id, activity, time) local device = device_map_store:get(username, device_id); device.last_activity = activity; device.last_activity_at = time or os.time(); device_map_store:set(username, device_id, device); end local function find_device(username, info) for _, alt_id_type in ipairs({ "resumption_token", "resource" }) do local alt_id = info[alt_id_type]; if alt_id then local device = get_device_with_alt_id(username, alt_id_type, alt_id); if device then return device, alt_id_type; end end end end --- Information gathering module:hook("pre-resource-bind", function (event) event.session.device_requested_resource = event.resource; end, 1000); local function store_resumption_token(session, stanza) session.device_requested_resume = stanza.attr.previd; end module:hook_stanza("urn:xmpp:sm:2", "resume", store_resumption_token, 5); module:hook_stanza("urn:xmpp:sm:3", "resume", store_resumption_token, 5); --- Identify device after resource bind module:hook("resource-bind", function (event) local info = { resource = event.session.device_requested_resource; resumption_token = event.session.device_requested_resume; }; local device, source = find_device(event.session.username, info); if device then event.session.log("debug", "Associated with device %s (from %s)", device.id, source); event.session.device_id = device.id; else device = new_device(event.session.username, info); event.session.log("debug", "Creating new device %s for session", device.id); event.session.device_id = device.id; end record_device_state(event.session.username, device.id, "login"); end, 1000); module:hook("resource-unbind", function (event) if event.session.device_id then record_device_state(event.session.username, event.session.device_id, "logout"); end end);