31 if not (auth_type and auth_data) then |
31 if not (auth_type and auth_data) then |
32 return false; |
32 return false; |
33 end |
33 end |
34 |
34 |
35 if auth_type == "Bearer" then |
35 if auth_type == "Bearer" then |
36 local token_info = tokens.get_token_info(auth_data); |
36 return tokens.get_token_session(auth_data); |
37 if not token_info or not token_info.session then |
|
38 return false; |
|
39 end |
|
40 return token_info.session; |
|
41 end |
37 end |
42 return nil; |
38 return nil; |
43 end |
39 end |
|
40 |
|
41 module:default_permission("prosody:admin", ":access-admin-api"); |
44 |
42 |
45 function check_auth(routes) |
43 function check_auth(routes) |
46 local function check_request_auth(event) |
44 local function check_request_auth(event) |
47 local session = check_credentials(event.request); |
45 local session = check_credentials(event.request); |
48 if not session then |
46 if not session then |
49 event.response.headers.authorization = www_authenticate_header; |
47 event.response.headers.authorization = www_authenticate_header; |
50 return false, 401; |
48 return false, 401; |
51 elseif session.auth_scope ~= "prosody:scope:admin" then |
49 end |
|
50 event.session = session; |
|
51 if not module:may(":access-admin-api", event) then |
52 return false, 403; |
52 return false, 403; |
53 end |
53 end |
54 event.session = session; |
|
55 return true; |
54 return true; |
56 end |
55 end |
57 |
56 |
58 for route, handler in pairs(routes) do |
57 for route, handler in pairs(routes) do |
59 routes[route] = function (event, ...) |
58 routes[route] = function (event, ...) |
177 if ok and nick_item then |
176 if ok and nick_item then |
178 display_name = nick_item:get_child_text("nick", xmlns_nick); |
177 display_name = nick_item:get_child_text("nick", xmlns_nick); |
179 end |
178 end |
180 end |
179 end |
181 |
180 |
182 local roles = nil; |
181 local roles = array(); |
183 if usermanager.get_roles then |
182 local roles_map = usermanager.get_user_roles(username, module.host); |
184 local roles_map = usermanager.get_roles(username.."@"..module.host, module.host) |
183 for role_name in pairs(roles_map) do |
185 roles = array() |
184 roles:push(role_name); |
186 if roles_map then |
|
187 for role in pairs(roles_map) do |
|
188 roles:push(role) |
|
189 end |
|
190 end |
|
191 end |
185 end |
192 |
186 |
193 return { |
187 return { |
194 username = username; |
188 username = username; |
195 display_name = display_name; |
189 display_name = display_name; |
414 final_user.display_name = new_user.display_name; |
408 final_user.display_name = new_user.display_name; |
415 end |
409 end |
416 end |
410 end |
417 |
411 |
418 if new_user.roles then |
412 if new_user.roles then |
419 if not usermanager.set_roles then |
413 if not usermanager.set_user_roles then |
420 return 500, "feature-not-implemented" |
414 return 500, "feature-not-implemented" |
421 end |
415 end |
422 |
416 |
423 local backend_roles = {}; |
417 local backend_roles = {}; |
424 for _, role in ipairs(new_user.roles) do |
418 for _, role in ipairs(new_user.roles) do |
425 backend_roles[role] = true; |
419 backend_roles[role] = true; |
426 end |
420 end |
427 local jid = username.."@"..module.host; |
421 local jid = username.."@"..module.host; |
428 if not usermanager.set_roles(jid, module.host, backend_roles) then |
422 if not usermanager.set_user_roles(username, module.host, backend_roles) then |
429 module:log("error", "failed to set roles %q for %s", backend_roles, jid) |
423 module:log("error", "failed to set roles %q for %s", backend_roles, jid) |
430 return 500 |
424 return 500 |
431 end |
425 end |
432 end |
426 end |
433 |
427 |