Mercurial > prosody-modules
changeset 4414:dbfa830e4504
mod_invites_register_api: Handle password resets
Those need the information for whom they are in the GET response
as well as special handling in the POST.
| author | Jonas Schäfer <jonas@wielicki.name> |
|---|---|
| date | Sat, 30 Jan 2021 10:47:57 +0100 |
| parents | 0b9501f82e63 |
| children | c7424b96c75e |
| files | mod_invites_register_api/mod_invites_register_api.lua |
| diffstat | 1 files changed, 8 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_invites_register_api/mod_invites_register_api.lua Sat Jan 30 07:19:35 2021 +0100 +++ b/mod_invites_register_api/mod_invites_register_api.lua Sat Jan 30 10:47:57 2021 +0100 @@ -29,6 +29,7 @@ type = invite.type; jid = invite.jid; inviter = invite.inviter; + reset = invite.additional_data and invite.additional_data.allow_reset or nil; }); end @@ -68,7 +69,13 @@ return 400; end - if usermanager.user_exists(prepped_username, module.host) then + local reset_for = invite.additional_data and invite.additional_data.allow_reset or nil; + if reset_for ~= nil then + module:log("debug", "handling password reset invite for %s", reset_for) + if reset_for ~= prepped_username then + return 403; -- Attempt to use reset invite for incorrect user + end + elseif usermanager.user_exists(prepped_username, module.host) then return 409; -- Conflict end