|
1 --- |
|
2 labels: |
|
3 - 'Stage-Stable' |
|
4 summary: 'Token based JSON registration & verification servlet.' |
|
5 ... |
|
6 |
|
7 Introduction |
|
8 ------------ |
|
9 |
|
10 This module let's you activate a httpserver interface to handle data |
|
11 from webforms with POST and Base64 encoded JSON. |
|
12 |
|
13 Implementation Details |
|
14 ---------------------- |
|
15 |
|
16 Example Request format: |
|
17 |
|
18 POST /your_register_base_url HTTP/1.1 |
|
19 Host: yourserveraddress.com:yourchoosenport |
|
20 Content-Type: application/encoded |
|
21 Content-Transfer-Encoding: base64 |
|
22 |
|
23 eyJ1c2VybmFtZSI6InVzZXJuYW1lb2ZjaG9pY2UiLCJwYXNzd29yZCI6InRoZXVzZXJwYXNzd29yZCIsImlwIjoidGhlcmVtb3RlYWRkcm9mdGhldXNlciIsIm1haWwiOiJ1c2VybWFpbEB1c2VybWFpbGRvbWFpbi50bGQiLCJhdXRoX3Rva2VuIjoieW91cmF1dGh0b2tlbm9mY2hvaWNlIn0= |
|
24 |
|
25 Where the encoded content is this (example) JSON Array: |
|
26 |
|
27 {"username":"usernameofchoice","password":"theuserpassword","ip":"theremoteaddroftheuser","mail":"usermail@usermaildomain.tld","auth\_token":"yourauthtokenofchoice"}\</code\> |
|
28 |
|
29 Your form implementation needs to pass **all** parameters, the |
|
30 auth\_token is needed to prevent misuses, if the request is successfull |
|
31 the server will answer with status code 200 and with the body of the |
|
32 response containing the token which your web app can send via e-mail to |
|
33 the user to complete the registration. |
|
34 |
|
35 Else, it will reply with the following http error codes: |
|
36 |
|
37 - 400 - if there's an error syntax; |
|
38 - 401 - whenever an username is already pending registration or the |
|
39 auth token supplied is invalid; |
|
40 - 403 - whenever registration is forbidden (blacklist, filtered mail |
|
41 etc.); |
|
42 - 406 - if the username supplied fails nodeprepping; |
|
43 - 409 - if the user already exists, or an user is associated already |
|
44 with the supplied e-mail; |
|
45 - 503 - whenever a request is throttled. |
|
46 |
|
47 The verification URL path to direct the users to will be: |
|
48 **/your-base-path-of-choice/verify/** - on your Prosody's http server. |
|
49 |
|
50 The module for now stores a hash of the user's mail address to help slow |
|
51 down duplicated registrations. |
|
52 |
|
53 It's strongly encouraged to have the web server communicate with the |
|
54 servlet via https. |
|
55 |
|
56 Usage |
|
57 ----- |
|
58 |
|
59 Copy the module folder and all its contents (register\_json) into your |
|
60 prosody modules' directory.Add the module your vhost of choice |
|
61 modules\_enabled. |
|
62 |
|
63 Hint: pairing with mod\_register\_redirect is helpful, to allow server |
|
64 registrations only via your webform. |
|
65 |
|
66 Optional configuration directives: |
|
67 |
|
68 reg_servlet_base = "/base-path/" -- Base path of the plugin (default is register_account) |
|
69 reg_servlet_secure = true -- Have the plugin only process requests on https (default is true) |
|
70 reg_servlet_ttime = seconds -- Specifies the time (in seconds) between each request coming from the same remote address. |
|
71 reg_servlet_bl = { "1.2.3.4", "4.3.2.1" } -- The ip addresses in this list will be blacklisted and will not be able to submit registrations. |
|
72 reg_servlet_wl = { "1.2.3.4", "4.3.2.1" } -- The ip addresses in this list will be ignored by the throttling. |
|
73 reg_servlet_filtered_mails = { ".*banneddomain.tld", ".*deamailprovider.tld" } -- allows filtering of mail addresses via Lua patterns. |
|
74 |
|
75 Compatibility |
|
76 ------------- |
|
77 |
|
78 0.9 |