mod_register_json: moved throttling logic so that if there's a failure during nick registration the user can retry and referenced usermanager from prosody's _G instead of req. it.
--- a/mod_register_json/mod_register_json.lua Mon Jun 25 22:17:40 2012 +0000
+++ b/mod_register_json/mod_register_json.lua Mon Jun 25 22:20:27 2012 +0000
@@ -6,7 +6,7 @@
local jid_prep = require "util.jid".prep
local jid_split = require "util.jid".split
-local usermanager = require "core.usermanager"
+local usermanager = usermanager
local b64_decode = require "util.encodings".base64.decode
local json_decode = require "util.json".decode
local os_time = os.time
@@ -78,20 +78,8 @@
module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"])
return http_response(event, 401, "I obey only to my masters... Have a nice day.")
else
- -- Checks for both Throttling/Whitelist and Blacklist (basically copycatted from prosody's register.lua code)
+ -- Blacklist can be checked here.
if blacklist:contains(req_body["ip"]) then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]) ; return http_response(403, "The specified address is blacklisted, sorry sorry.") end
- if throttle_time and not whitelist:contains(req_body["ip"]) then
- if not recent_ips[req_body["ip"]] then
- recent_ips[req_body["ip"]] = os_time()
- else
- if os_time() - recent_ips[req_body["ip"]] < throttle_time then
- recent_ips[req_body["ip"]] = os_time()
- module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"])
- return http_response(event, 503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again.")
- end
- recent_ips[req_body["ip"]] = os_time()
- end
- end
-- We first check if the supplied username for registration is already there.
-- And nodeprep the username
@@ -101,6 +89,20 @@
return http_response(event, 406, "Supplied username contains invalid characters, see RFC 6122.")
else
if not usermanager.user_exists(username, req_body["host"]) then
+ -- if username fails to register successive requests shouldn't be throttled until one is successful.
+ if throttle_time and not whitelist:contains(req_body["ip"]) then
+ if not recent_ips[req_body["ip"]] then
+ recent_ips[req_body["ip"]] = os_time()
+ else
+ if os_time() - recent_ips[req_body["ip"]] < throttle_time then
+ recent_ips[req_body["ip"]] = os_time()
+ module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"])
+ return http_response(event, 503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again.")
+ end
+ recent_ips[req_body["ip"]] = os_time()
+ end
+ end
+
local ok, error = usermanager.create_user(username, req_body["password"], req_body["host"])
if ok then
hosts[req_body["host"]].events.fire_event("user-registered", { username = username, host = req_body["host"], source = "mod_register_json", session = { ip = req_body["ip"] } })