Mercurial > prosody-modules

changeset 2924:edf5e8a77d0c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_register_web: Remove username and password from form data and provide the rest in pre-registration event
author Kim Alvefur <zash@zash.se>
date Sat, 10 Mar 2018 02:44:27 +0100
parents 9d53134a0b29
children 049975800d1c
files mod_register_web/mod_register_web.lua
diffstat 1 files changed, 9 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/mod_register_web/mod_register_web.lua	Sat Mar 10 02:39:54 2018 +0100
+++ b/mod_register_web/mod_register_web.lua	Sat Mar 10 02:44:27 2018 +0100
@@ -114,7 +114,12 @@
 end
 
 function register_user(form, origin)
-	local prepped_username = nodeprep(form.username);
+	local username = form.username;
+	local password = form.password;
+	local confirm_password = form.confirm_password;
+	form.username, form.password, form.confirm_password = nil, nil, nil;
+
+	local prepped_username = nodeprep(username);
 	if not prepped_username then
 		return nil, "Username contains forbidden characters";
 	end
@@ -124,15 +129,15 @@
 	if usermanager.user_exists(prepped_username, module.host) then
 		return nil, "Username already taken";
 	end
-	local registering = { username = prepped_username , host = module.host, ip = origin.conn:ip(), allowed = true }
+	local registering = { username = prepped_username , host = module.host, additional = form, ip = origin.conn:ip(), allowed = true }
 	module:fire_event("user-registering", registering);
 	if not registering.allowed then
 		return nil, registering.reason or "Registration not allowed";
 	end
-	if form.confirm_password ~= form.password then
+	if confirm_password ~= password then
 		return nil, "Passwords don't match";
 	end
-	local ok, err = usermanager.create_user(prepped_username, form.password, module.host);
+	local ok, err = usermanager.create_user(prepped_username, password, module.host);
 	if ok then
 		local extra_data = {};
 		for field in pairs(extra_fields) do