# HG changeset patch # User Matthew Wild # Date 1577443261 0 # Node ID 26559776a87e5966f0f866aad232aaffe805bfd4 # Parent 80830d97da81b1e646fa4f439be24437824e965a mod_easy_invite: New module that implements XEP-0401/XEP-0379 diff -r 80830d97da81 -r 26559776a87e mod_easy_invite/README.markdown --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_easy_invite/README.markdown Fri Dec 27 10:41:01 2019 +0000 @@ -0,0 +1,31 @@ + +This module allows admins and users to create invitations suitable for sharing +to potential new users/contacts. + +User invitations can be created through the "New Invite" ad-hoc command. An overview +of the semantics and protocol can be found at [modernxmpp.org/client/invites](https://docs.modernxmpp.org/client/invites/). + +This module depends on mod_invites to actually create and store the invitation tokens. + +# Configuration + +To allow users to join your server through invitations, you must +enable mod_register_ibr and set allow_registration = true, and then +also set `registration_invite_only = true` to restrict registration. + +``` {.lua} +-- To allow invitation through a token, mod_register +registration_invite_only = true +``` + +To allow existing users of your server to send invitation links that +allow new people to join your server, you can set `allow_user_invites = true`. + +If you do not wish users to invite other users to create accounts on your +server, set `allow_user_invites = false`. They will still be able to send +contact invites, but new contacts will be required to register an account +on a different server. + +# Compatibility + +0.11 and later. diff -r 80830d97da81 -r 26559776a87e mod_easy_invite/mod_easy_invite.lua --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_easy_invite/mod_easy_invite.lua Fri Dec 27 10:41:01 2019 +0000 @@ -0,0 +1,182 @@ +-- XEP-0401: Easy User Onboarding +local dataforms = require "util.dataforms"; +local datetime = require "util.datetime"; +local jid_bare = require "util.jid".bare; +local jid_split = require "util.jid".split; +local split_jid = require "util.jid".split; +local rostermanager = require "core.rostermanager"; +local st = require "util.stanza"; + +local invite_only = module:get_option_boolean("registration_invite_only", true); +local require_encryption = module:get_option_boolean("c2s_require_encryption", + module:get_option_boolean("require_encryption", false)); + +local new_adhoc = module:require("adhoc").new; + +-- Whether local users can invite other users to create an account on this server +local allow_user_invites = module:get_option_boolean("allow_user_invites", true); + +local invites = module:depends("invites"); + +local invite_result_form = dataforms.new({ + title = "Your Invite", + -- TODO instructions = something helpful + { + name = "uri"; + label = "Invite URI"; + -- TODO desc = something helpful + }, + { + name = "url" ; + var = "landing-url"; + label = "Invite landing URL"; + }, + { + name = "expire"; + label = "Token valid until"; + }, + }); + +module:depends("adhoc"); +module:provides("adhoc", new_adhoc("New Invite", "urn:xmpp:invite#invite", + function (_, data) + local username = split_jid(data.from); + local invite = invites.create_contact(username, allow_user_invites); + --TODO: check errors + return { + status = "completed"; + form = { + layout = invite_result_form; + values = { + uri = invite.uri; + url = invite.landing_page; + expire = datetime.datetime(invite.expires); + }; + }; + }; + end, "local_user")); + + +-- TODO +-- module:provides("adhoc", new_adhoc("Create account", "urn:xmpp:invite#create-account", function () end, "admin")); + +-- XEP-0379: Pre-Authenticated Roster Subscription +module:hook("presence/bare", function (event) + local stanza = event.stanza; + if stanza.attr.type ~= "subscribe" then return end + + local preauth = stanza:get_child("preauth", "urn:xmpp:pars:0"); + if not preauth then return end + local token = preauth.attr.token; + if not token then return end + + local username, host = jid_split(stanza.attr.to); + + local invite, err = invites.get(token, username); + + if not invite then + module:log("debug", "Got invalid token, error: %s", err); + return; + end + + local contact = jid_bare(stanza.attr.from); + + module:log("debug", "Approving inbound subscription to %s from %s", username, contact); + if rostermanager.set_contact_pending_in(username, host, contact, stanza) then + if rostermanager.subscribed(username, host, contact) then + invite:use(); + rostermanager.roster_push(username, host, contact); + + -- Send back a subscription request (goal is mutual subscription) + if not rostermanager.is_user_subscribed(username, host, contact) + and not rostermanager.is_contact_pending_out(username, host, contact) then + module:log("debug", "Sending automatic subscription request to %s from %s", contact, username); + if rostermanager.set_contact_pending_out(username, host, contact) then + rostermanager.roster_push(username, host, contact); + module:send(st.presence({type = "subscribe", to = contact })); + else + module:log("warn", "Failed to set contact pending out for %s", username); + end + end + end + end +end, 1); + +-- TODO sender side, magic automatic mutual subscription + +local invite_stream_feature = st.stanza("register", { xmlns = "urn:xmpp:invite" }):up(); +module:hook("stream-features", function(event) + local session, features = event.origin, event.features; + + -- Advertise to unauthorized clients only. + if session.type ~= "c2s_unauthed" or (require_encryption and not session.secure) then + return + end + + features:add_child(invite_stream_feature); +end); + +-- Client is submitting a preauth token to allow registration +module:hook("stanza/iq/urn:xmpp:pars:0:preauth", function(event) + local preauth = event.stanza.tags[1]; + local token = preauth.attr.token; + local validated_invite = invites.get(token); + if not validated_invite then + local reply = st.error_reply(event.stanza, "cancel", "forbidden", "The invite token is invalid or expired"); + event.origin.send(reply); + return true; + end + event.origin.validated_invite = validated_invite; + local reply = st.reply(event.stanza); + event.origin.send(reply); + return true; +end); + +-- Registration attempt - ensure a valid preauth token has been supplied +module:hook("user-registering", function (event) + local validated_invite = event.session.validated_invite; + if invite_only and not validated_invite then + event.allowed = false; + event.reason = "Registration on this server is through invitation only"; + return; + end +end); + +-- Make a *one-way* subscription. User will see when contact is online, +-- contact will not see when user is online. +function subscribe(host, user_username, contact_username) + local user_jid = user_username.."@"..host; + local contact_jid = contact_username.."@"..host; + -- Update user's roster to say subscription request is pending... + rostermanager.set_contact_pending_out(user_username, host, contact_jid); + -- Update contact's roster to say subscription request is pending... + rostermanager.set_contact_pending_in(contact_username, host, user_jid); + -- Update contact's roster to say subscription request approved... + rostermanager.subscribed(contact_username, host, user_jid); + -- Update user's roster to say subscription request approved... + rostermanager.process_inbound_subscription_approval(user_username, host, contact_jid); +end + +-- Make a mutual subscription between jid1 and jid2. Each JID will see +-- when the other one is online. +function subscribe_both(host, user1, user2) + subscribe(host, user1, user2); + subscribe(host, user2, user1); +end + +-- Registration successful, if there was a preauth token, mark it as used +module:hook("user-registered", function (event) + local validated_invite = event.session.validated_invite; + if not validated_invite then + return; + end + local inviter_username = validated_invite.inviter; + validated_invite:use(); + + if not inviter_username then return; end + + local contact_username = event.username; + + module:log("debug", "Creating mutual subscription between %s and %s", inviter_username, contact_username); + subscribe_both(module.host, inviter_username, contact_username); +end);