prosody: plugins/mod_register_ibr.lua@f591855f060d (annotated)

1523 841d61be198f Remove version number from copyright headers Matthew Wild <mwild1@gmail.com> parents: 1189 diff changeset	1	-- Prosody IM
2923 b7049746bd29 Update copyright headers for 2010 Matthew Wild <mwild1@gmail.com> parents: 2448 diff changeset	2	-- Copyright (C) 2008-2010 Matthew Wild
b7049746bd29 Update copyright headers for 2010 Matthew Wild <mwild1@gmail.com> parents: 2448 diff changeset	3	-- Copyright (C) 2008-2010 Waqas Hussain
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5763 diff changeset	4	--
758 b1885732e979 GPL->MIT! Matthew Wild <mwild1@gmail.com> parents: 691 diff changeset	5	-- This project is MIT/X11 licensed. Please see the
b1885732e979 GPL->MIT! Matthew Wild <mwild1@gmail.com> parents: 691 diff changeset	6	-- COPYING file in the source package for more information.
519 cccd610a0ef9 Insert copyright/license headers Matthew Wild <mwild1@gmail.com> parents: 438 diff changeset	7	--
cccd610a0ef9 Insert copyright/license headers Matthew Wild <mwild1@gmail.com> parents: 438 diff changeset	8
cccd610a0ef9 Insert copyright/license headers Matthew Wild <mwild1@gmail.com> parents: 438 diff changeset	9
60 44800be871f5 User registration, etc (jabber:iq:register) Waqas Hussain <waqas20@gmail.com> parents: diff changeset	10	local st = require "util.stanza";
4398 acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	11	local dataform_new = require "util.dataforms".new;
60 44800be871f5 User registration, etc (jabber:iq:register) Waqas Hussain <waqas20@gmail.com> parents: diff changeset	12	local usermanager_user_exists = require "core.usermanager".user_exists;
44800be871f5 User registration, etc (jabber:iq:register) Waqas Hussain <waqas20@gmail.com> parents: diff changeset	13	local usermanager_create_user = require "core.usermanager".create_user;
3996 7f35b292531b mod_register: Change to use new delete_user auth provider method Matthew Wild <mwild1@gmail.com> parents: 3995 diff changeset	14	local usermanager_delete_user = require "core.usermanager".delete_user;
927 cc180d25dbeb Fixed: mod_register: Node prepping was not being applied to usernames (part of issue #57) Waqas Hussain <waqas20@gmail.com> parents: 926 diff changeset	15	local nodeprep = require "util.encodings".stringprep.nodeprep;
7028 236e8d1ee96c mod_register: Switch to using util.throttle for limiting registrations per ip per time Kim Alvefur <zash@zash.se> parents: 7021 diff changeset	16	local create_throttle = require "util.throttle".create;
7029 f0dc5cc11d0e mod_register: Use util.cache to limit the number of per-ip throttles kept Kim Alvefur <zash@zash.se> parents: 7028 diff changeset	17	local new_cache = require "util.cache".new;
8455 4796fdcb7146 mod_register: Support CIDR notation in white-/blacklists (closes #941) Kim Alvefur <zash@zash.se> parents: 8197 diff changeset	18	local ip_util = require "util.ip";
4796fdcb7146 mod_register: Support CIDR notation in white-/blacklists (closes #941) Kim Alvefur <zash@zash.se> parents: 8197 diff changeset	19	local new_ip = ip_util.new_ip;
4796fdcb7146 mod_register: Support CIDR notation in white-/blacklists (closes #941) Kim Alvefur <zash@zash.se> parents: 8197 diff changeset	20	local match_ip = ip_util.match;
4796fdcb7146 mod_register: Support CIDR notation in white-/blacklists (closes #941) Kim Alvefur <zash@zash.se> parents: 8197 diff changeset	21	local parse_cidr = ip_util.parse_cidr;
3995 e504b06492c6 mod_register: Add registration_compat config option to allow account remove requests addressed to='host' (defaults to true) Matthew Wild <mwild1@gmail.com> parents: 3540 diff changeset	22
4398 acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	23	local additional_fields = module:get_option("additional_registration_fields", {});
8487 f591855f060d mod_register: Split into mod_register_ibr and mod_user_account_management (#723) Kim Alvefur <zash@zash.se> parents: 8467 diff changeset	24	local require_encryption = module:get_option_boolean("c2s_require_encryption",
f591855f060d mod_register: Split into mod_register_ibr and mod_user_account_management (#723) Kim Alvefur <zash@zash.se> parents: 8467 diff changeset	25	module:get_option_boolean("require_encryption", false));
4398 acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	26
5500 eeea0eb2602a mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store() Kim Alvefur <zash@zash.se> parents: 5371 diff changeset	27	local account_details = module:open_store("account_details");
eeea0eb2602a mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store() Kim Alvefur <zash@zash.se> parents: 5371 diff changeset	28
4398 acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	29	local field_map = {
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	30	username = { name = "username", type = "text-single", label = "Username", required = true };
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	31	password = { name = "password", type = "text-private", label = "Password", required = true };
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	32	nick = { name = "nick", type = "text-single", label = "Nickname" };
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	33	name = { name = "name", type = "text-single", label = "Full Name" };
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	34	first = { name = "first", type = "text-single", label = "Given Name" };
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	35	last = { name = "last", type = "text-single", label = "Family Name" };
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	36	email = { name = "email", type = "text-single", label = "Email" };
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	37	address = { name = "address", type = "text-single", label = "Street" };
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	38	city = { name = "city", type = "text-single", label = "City" };
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	39	state = { name = "state", type = "text-single", label = "State" };
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	40	zip = { name = "zip", type = "text-single", label = "Postal code" };
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	41	phone = { name = "phone", type = "text-single", label = "Telephone number" };
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	42	url = { name = "url", type = "text-single", label = "Webpage" };
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	43	date = { name = "date", type = "text-single", label = "Birth date" };
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	44	};
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	45
7815 2bc339352dcd mod_register: Allow 'title' and 'instructions' fields to be customized Kim Alvefur <zash@zash.se> parents: 7757 diff changeset	46	local title = module:get_option_string("registration_title",
2bc339352dcd mod_register: Allow 'title' and 'instructions' fields to be customized Kim Alvefur <zash@zash.se> parents: 7757 diff changeset	47	"Creating a new account");
2bc339352dcd mod_register: Allow 'title' and 'instructions' fields to be customized Kim Alvefur <zash@zash.se> parents: 7757 diff changeset	48	local instructions = module:get_option_string("registration_instructions",
2bc339352dcd mod_register: Allow 'title' and 'instructions' fields to be customized Kim Alvefur <zash@zash.se> parents: 7757 diff changeset	49	"Choose a username and password for use with this service.");
2bc339352dcd mod_register: Allow 'title' and 'instructions' fields to be customized Kim Alvefur <zash@zash.se> parents: 7757 diff changeset	50
4398 acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	51	local registration_form = dataform_new{
7815 2bc339352dcd mod_register: Allow 'title' and 'instructions' fields to be customized Kim Alvefur <zash@zash.se> parents: 7757 diff changeset	52	title = title;
2bc339352dcd mod_register: Allow 'title' and 'instructions' fields to be customized Kim Alvefur <zash@zash.se> parents: 7757 diff changeset	53	instructions = instructions;
4398 acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	54
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	55	field_map.username;
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	56	field_map.password;
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	57	};
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	58
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	59	local registration_query = st.stanza("query", {xmlns = "jabber:iq:register"})
7815 2bc339352dcd mod_register: Allow 'title' and 'instructions' fields to be customized Kim Alvefur <zash@zash.se> parents: 7757 diff changeset	60	:tag("instructions"):text(instructions):up()
4398 acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	61	:tag("username"):up()
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	62	:tag("password"):up();
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	63
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	64	for _, field in ipairs(additional_fields) do
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	65	if type(field) == "table" then
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	66	registration_form[#registration_form + 1] = field;
7819 2624f4ee34a2 mod_register: Fix syntax errors Kim Alvefur <zash@zash.se> parents: 7818 diff changeset	67	elseif field_map[field] or field_map[field:sub(1, -2)] then
4398 acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	68	if field:match("%+$") then
7817 2120d71b0d56 mod_register: Strip '+' char from field names without using length Kim Alvefur <zash@zash.se> parents: 7815 diff changeset	69	field = field:sub(1, -2);
4398 acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	70	field_map[field].required = true;
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	71	end
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	72
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	73	registration_form[#registration_form + 1] = field_map[field];
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	74	registration_query:tag(field):up();
7818 f8d25a2e80ea mod_register: Verify that fields are known to prevent traceback Kim Alvefur <zash@zash.se> parents: 7817 diff changeset	75	else
f8d25a2e80ea mod_register: Verify that fields are known to prevent traceback Kim Alvefur <zash@zash.se> parents: 7817 diff changeset	76	module:log("error", "Unknown field %q", field);
4398 acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	77	end
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	78	end
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	79	registration_query:add_child(registration_form:form());
60 44800be871f5 User registration, etc (jabber:iq:register) Waqas Hussain <waqas20@gmail.com> parents: diff changeset	80
4268 c249f10eb9bb Advertise in-band registration support. Glenn Maynard <glenn@zewt.org> parents: 3997 diff changeset	81	local register_stream_feature = st.stanza("register", {xmlns="http://jabber.org/features/iq-register"}):up();
c249f10eb9bb Advertise in-band registration support. Glenn Maynard <glenn@zewt.org> parents: 3997 diff changeset	82	module:hook("stream-features", function(event)
5707 36a289e9244c mod_register: Fix indentation Kim Alvefur <zash@zash.se> parents: 5637 diff changeset	83	local session, features = event.origin, event.features;
4268 c249f10eb9bb Advertise in-band registration support. Glenn Maynard <glenn@zewt.org> parents: 3997 diff changeset	84
c249f10eb9bb Advertise in-band registration support. Glenn Maynard <glenn@zewt.org> parents: 3997 diff changeset	85	-- Advertise registration to unauthorized clients only.
8487 f591855f060d mod_register: Split into mod_register_ibr and mod_user_account_management (#723) Kim Alvefur <zash@zash.se> parents: 8467 diff changeset	86	if session.type ~= "c2s_unauthed" or (require_encryption and not session.secure) then
4268 c249f10eb9bb Advertise in-band registration support. Glenn Maynard <glenn@zewt.org> parents: 3997 diff changeset	87	return
c249f10eb9bb Advertise in-band registration support. Glenn Maynard <glenn@zewt.org> parents: 3997 diff changeset	88	end
c249f10eb9bb Advertise in-band registration support. Glenn Maynard <glenn@zewt.org> parents: 3997 diff changeset	89
c249f10eb9bb Advertise in-band registration support. Glenn Maynard <glenn@zewt.org> parents: 3997 diff changeset	90	features:add_child(register_stream_feature);
c249f10eb9bb Advertise in-band registration support. Glenn Maynard <glenn@zewt.org> parents: 3997 diff changeset	91	end);
c249f10eb9bb Advertise in-band registration support. Glenn Maynard <glenn@zewt.org> parents: 3997 diff changeset	92
4398 acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	93	local function parse_response(query)
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	94	local form = query:get_child("x", "jabber:x:data");
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	95	if form then
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	96	return registration_form:data(form);
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	97	else
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	98	local data = {};
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	99	local errors = {};
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	100	for _, field in ipairs(registration_form) do
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	101	local name, required = field.name, field.required;
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	102	if field_map[name] then
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	103	data[name] = query:get_child_text(name);
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	104	if (not data[name] or #data[name] == 0) and required then
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	105	errors[name] = "Required value missing";
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	106	end
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	107	end
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	108	end
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	109	if next(errors) then
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	110	return data, errors;
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	111	end
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	112	return data;
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	113	end
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	114	end
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	115
5763 0e52f1d5ca71 mod_register: Use more specific get_option variants Kim Alvefur <zash@zash.se> parents: 5707 diff changeset	116	local min_seconds_between_registrations = module:get_option_number("min_seconds_between_registrations");
0e52f1d5ca71 mod_register: Use more specific get_option variants Kim Alvefur <zash@zash.se> parents: 5707 diff changeset	117	local whitelist_only = module:get_option_boolean("whitelist_registration_only");
8186 49a682d6b427 mod_register: Add ::1 to the default registration_whitelist. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 8073 diff changeset	118	local whitelisted_ips = module:get_option_set("registration_whitelist", { "127.0.0.1", "::1" })._items;
5763 0e52f1d5ca71 mod_register: Use more specific get_option variants Kim Alvefur <zash@zash.se> parents: 5707 diff changeset	119	local blacklisted_ips = module:get_option_set("registration_blacklist", {})._items;
690 e901a0709005 Added rate limiting to in-band registration, and added IP [black/white]lists Matthew Wild <mwild1@gmail.com> parents: 665 diff changeset	120
7028 236e8d1ee96c mod_register: Switch to using util.throttle for limiting registrations per ip per time Kim Alvefur <zash@zash.se> parents: 7021 diff changeset	121	local throttle_max = module:get_option_number("registration_throttle_max", min_seconds_between_registrations and 1);
236e8d1ee96c mod_register: Switch to using util.throttle for limiting registrations per ip per time Kim Alvefur <zash@zash.se> parents: 7021 diff changeset	122	local throttle_period = module:get_option_number("registration_throttle_period", min_seconds_between_registrations);
7029 f0dc5cc11d0e mod_register: Use util.cache to limit the number of per-ip throttles kept Kim Alvefur <zash@zash.se> parents: 7028 diff changeset	123	local throttle_cache_size = module:get_option_number("registration_throttle_cache_size", 100);
7040 5d52e4ee2ae1 mod_register: Fix typo Kim Alvefur <zash@zash.se> parents: 7030 diff changeset	124	local blacklist_overflow = module:get_option_boolean("blacklist_on_registration_throttle_overload", false);
690 e901a0709005 Added rate limiting to in-band registration, and added IP [black/white]lists Matthew Wild <mwild1@gmail.com> parents: 665 diff changeset	125
7030 77d838ba91c6 mod_register: Support for blacklisting ips that are still over limit when they get pushed out of the cache Kim Alvefur <zash@zash.se> parents: 7029 diff changeset	126	local throttle_cache = new_cache(throttle_cache_size, blacklist_overflow and function (ip, throttle)
77d838ba91c6 mod_register: Support for blacklisting ips that are still over limit when they get pushed out of the cache Kim Alvefur <zash@zash.se> parents: 7029 diff changeset	127	if not throttle:peek() then
77d838ba91c6 mod_register: Support for blacklisting ips that are still over limit when they get pushed out of the cache Kim Alvefur <zash@zash.se> parents: 7029 diff changeset	128	module:log("info", "Adding ip %s to registration blacklist", ip);
77d838ba91c6 mod_register: Support for blacklisting ips that are still over limit when they get pushed out of the cache Kim Alvefur <zash@zash.se> parents: 7029 diff changeset	129	blacklisted_ips[ip] = true;
77d838ba91c6 mod_register: Support for blacklisting ips that are still over limit when they get pushed out of the cache Kim Alvefur <zash@zash.se> parents: 7029 diff changeset	130	end
7296 c4af754d1e1b mod_register: Make sure only an on_evict function or nil is passed to util.cache Kim Alvefur <zash@zash.se> parents: 7040 diff changeset	131	end or nil);
7028 236e8d1ee96c mod_register: Switch to using util.throttle for limiting registrations per ip per time Kim Alvefur <zash@zash.se> parents: 7021 diff changeset	132
236e8d1ee96c mod_register: Switch to using util.throttle for limiting registrations per ip per time Kim Alvefur <zash@zash.se> parents: 7021 diff changeset	133	local function check_throttle(ip)
236e8d1ee96c mod_register: Switch to using util.throttle for limiting registrations per ip per time Kim Alvefur <zash@zash.se> parents: 7021 diff changeset	134	if not throttle_max then return true end
7029 f0dc5cc11d0e mod_register: Use util.cache to limit the number of per-ip throttles kept Kim Alvefur <zash@zash.se> parents: 7028 diff changeset	135	local throttle = throttle_cache:get(ip);
7028 236e8d1ee96c mod_register: Switch to using util.throttle for limiting registrations per ip per time Kim Alvefur <zash@zash.se> parents: 7021 diff changeset	136	if not throttle then
236e8d1ee96c mod_register: Switch to using util.throttle for limiting registrations per ip per time Kim Alvefur <zash@zash.se> parents: 7021 diff changeset	137	throttle = create_throttle(throttle_max, throttle_period);
236e8d1ee96c mod_register: Switch to using util.throttle for limiting registrations per ip per time Kim Alvefur <zash@zash.se> parents: 7021 diff changeset	138	end
7029 f0dc5cc11d0e mod_register: Use util.cache to limit the number of per-ip throttles kept Kim Alvefur <zash@zash.se> parents: 7028 diff changeset	139	throttle_cache:set(ip, throttle);
7028 236e8d1ee96c mod_register: Switch to using util.throttle for limiting registrations per ip per time Kim Alvefur <zash@zash.se> parents: 7021 diff changeset	140	return throttle:poll(1);
236e8d1ee96c mod_register: Switch to using util.throttle for limiting registrations per ip per time Kim Alvefur <zash@zash.se> parents: 7021 diff changeset	141	end
690 e901a0709005 Added rate limiting to in-band registration, and added IP [black/white]lists Matthew Wild <mwild1@gmail.com> parents: 665 diff changeset	142
8455 4796fdcb7146 mod_register: Support CIDR notation in white-/blacklists (closes #941) Kim Alvefur <zash@zash.se> parents: 8197 diff changeset	143	local function ip_in_set(set, ip)
4796fdcb7146 mod_register: Support CIDR notation in white-/blacklists (closes #941) Kim Alvefur <zash@zash.se> parents: 8197 diff changeset	144	if set[ip] then
4796fdcb7146 mod_register: Support CIDR notation in white-/blacklists (closes #941) Kim Alvefur <zash@zash.se> parents: 8197 diff changeset	145	return true;
4796fdcb7146 mod_register: Support CIDR notation in white-/blacklists (closes #941) Kim Alvefur <zash@zash.se> parents: 8197 diff changeset	146	end
4796fdcb7146 mod_register: Support CIDR notation in white-/blacklists (closes #941) Kim Alvefur <zash@zash.se> parents: 8197 diff changeset	147	ip = new_ip(ip);
4796fdcb7146 mod_register: Support CIDR notation in white-/blacklists (closes #941) Kim Alvefur <zash@zash.se> parents: 8197 diff changeset	148	for in_set in pairs(set) do
4796fdcb7146 mod_register: Support CIDR notation in white-/blacklists (closes #941) Kim Alvefur <zash@zash.se> parents: 8197 diff changeset	149	if match_ip(ip, parse_cidr(in_set)) then
4796fdcb7146 mod_register: Support CIDR notation in white-/blacklists (closes #941) Kim Alvefur <zash@zash.se> parents: 8197 diff changeset	150	return true;
4796fdcb7146 mod_register: Support CIDR notation in white-/blacklists (closes #941) Kim Alvefur <zash@zash.se> parents: 8197 diff changeset	151	end
4796fdcb7146 mod_register: Support CIDR notation in white-/blacklists (closes #941) Kim Alvefur <zash@zash.se> parents: 8197 diff changeset	152	end
4796fdcb7146 mod_register: Support CIDR notation in white-/blacklists (closes #941) Kim Alvefur <zash@zash.se> parents: 8197 diff changeset	153	return false;
4796fdcb7146 mod_register: Support CIDR notation in white-/blacklists (closes #941) Kim Alvefur <zash@zash.se> parents: 8197 diff changeset	154	end
4796fdcb7146 mod_register: Support CIDR notation in white-/blacklists (closes #941) Kim Alvefur <zash@zash.se> parents: 8197 diff changeset	155
8197 ba9cd8447578 mod_register: Add comments saying which section handles password change, account deletion and which is in-band registration Kim Alvefur <zash@zash.se> parents: 8195 diff changeset	156	-- In-band registration
3529 3f9cc12308aa mod_register: Updated to use the new events API. Waqas Hussain <waqas20@gmail.com> parents: 3394 diff changeset	157	module:hook("stanza/iq/jabber:iq:register:query", function(event)
3f9cc12308aa mod_register: Updated to use the new events API. Waqas Hussain <waqas20@gmail.com> parents: 3394 diff changeset	158	local session, stanza = event.origin, event.stanza;
7020 ff734a602886 mod_register: Use session log instance to ease indentification Kim Alvefur <zash@zash.se> parents: 5776 diff changeset	159	local log = session.log or module._log;
3529 3f9cc12308aa mod_register: Updated to use the new events API. Waqas Hussain <waqas20@gmail.com> parents: 3394 diff changeset	160
8487 f591855f060d mod_register: Split into mod_register_ibr and mod_user_account_management (#723) Kim Alvefur <zash@zash.se> parents: 8467 diff changeset	161	if session.type ~= "c2s_unauthed" then
7712 0af1783d1592 mod_register: Additional logging for various registration failure cases Kim Alvefur <zash@zash.se> parents: 7573 diff changeset	162	log("debug", "Attempted registration when disabled or already authenticated");
665 09e0e9c722a3 Add allow_registration option to disable account registration Matthew Wild <mwild1@gmail.com> parents: 615 diff changeset	163	session.send(st.error_reply(stanza, "cancel", "service-unavailable"));
7919 72b6d5ab4137 mod_register: Require encryption before registration if c2s_require_encryption is set (fixes #595) Kim Alvefur <zash@zash.se> parents: 5637 diff changeset	164	elseif require_encryption and not session.secure then
72b6d5ab4137 mod_register: Require encryption before registration if c2s_require_encryption is set (fixes #595) Kim Alvefur <zash@zash.se> parents: 5637 diff changeset	165	session.send(st.error_reply(stanza, "modify", "policy-violation", "Encryption is required"));
3529 3f9cc12308aa mod_register: Updated to use the new events API. Waqas Hussain <waqas20@gmail.com> parents: 3394 diff changeset	166	else
60 44800be871f5 User registration, etc (jabber:iq:register) Waqas Hussain <waqas20@gmail.com> parents: diff changeset	167	local query = stanza.tags[1];
44800be871f5 User registration, etc (jabber:iq:register) Waqas Hussain <waqas20@gmail.com> parents: diff changeset	168	if stanza.attr.type == "get" then
44800be871f5 User registration, etc (jabber:iq:register) Waqas Hussain <waqas20@gmail.com> parents: diff changeset	169	local reply = st.reply(stanza);
4398 acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	170	reply:add_child(registration_query);
311 513bd52e8e19 Fixed mod_register to use session.send for sending stanzas Waqas Hussain <waqas20@gmail.com> parents: 85 diff changeset	171	session.send(reply);
60 44800be871f5 User registration, etc (jabber:iq:register) Waqas Hussain <waqas20@gmail.com> parents: diff changeset	172	elseif stanza.attr.type == "set" then
44800be871f5 User registration, etc (jabber:iq:register) Waqas Hussain <waqas20@gmail.com> parents: diff changeset	173	if query.tags[1] and query.tags[1].name == "remove" then
311 513bd52e8e19 Fixed mod_register to use session.send for sending stanzas Waqas Hussain <waqas20@gmail.com> parents: 85 diff changeset	174	session.send(st.error_reply(stanza, "auth", "registration-required"));
60 44800be871f5 User registration, etc (jabber:iq:register) Waqas Hussain <waqas20@gmail.com> parents: diff changeset	175	else
4398 acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	176	local data, errors = parse_response(query);
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	177	if errors then
7712 0af1783d1592 mod_register: Additional logging for various registration failure cases Kim Alvefur <zash@zash.se> parents: 7573 diff changeset	178	log("debug", "Error parsing registration form:");
0af1783d1592 mod_register: Additional logging for various registration failure cases Kim Alvefur <zash@zash.se> parents: 7573 diff changeset	179	for field, err in pairs(errors) do
0af1783d1592 mod_register: Additional logging for various registration failure cases Kim Alvefur <zash@zash.se> parents: 7573 diff changeset	180	log("debug", "Field %q: %s", field, err);
0af1783d1592 mod_register: Additional logging for various registration failure cases Kim Alvefur <zash@zash.se> parents: 7573 diff changeset	181	end
4398 acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	182	session.send(st.error_reply(stanza, "modify", "not-acceptable"));
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	183	else
690 e901a0709005 Added rate limiting to in-band registration, and added IP [black/white]lists Matthew Wild <mwild1@gmail.com> parents: 665 diff changeset	184	-- Check that the user is not blacklisted or registering too often
2085 64872e216e23 mod_register: Log a debug message when a session's IP is not available. Waqas Hussain <waqas20@gmail.com> parents: 1861 diff changeset	185	if not session.ip then
7020 ff734a602886 mod_register: Use session log instance to ease indentification Kim Alvefur <zash@zash.se> parents: 5776 diff changeset	186	log("debug", "User's IP not known; can't apply blacklist/whitelist");
8455 4796fdcb7146 mod_register: Support CIDR notation in white-/blacklists (closes #941) Kim Alvefur <zash@zash.se> parents: 8197 diff changeset	187	elseif ip_in_set(blacklisted_ips, session.ip) or (whitelist_only and not ip_in_set(whitelisted_ips, session.ip)) then
1859 c965b0accc7c mod_register: Added helpful text to registration error responses. Waqas Hussain <waqas20@gmail.com> parents: 1858 diff changeset	188	session.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not allowed to register an account."));
3529 3f9cc12308aa mod_register: Updated to use the new events API. Waqas Hussain <waqas20@gmail.com> parents: 3394 diff changeset	189	return true;
8455 4796fdcb7146 mod_register: Support CIDR notation in white-/blacklists (closes #941) Kim Alvefur <zash@zash.se> parents: 8197 diff changeset	190	elseif throttle_max and not ip_in_set(whitelisted_ips, session.ip) then
7573 c61ea328fac2 mod_register: Fix inverted throttle check (fixes #724) Kim Alvefur <zash@zash.se> parents: 7296 diff changeset	191	if not check_throttle(session.ip) then
7712 0af1783d1592 mod_register: Additional logging for various registration failure cases Kim Alvefur <zash@zash.se> parents: 7573 diff changeset	192	log("debug", "Registrations over limit for ip %s", session.ip or "?");
7028 236e8d1ee96c mod_register: Switch to using util.throttle for limiting registrations per ip per time Kim Alvefur <zash@zash.se> parents: 7021 diff changeset	193	session.send(st.error_reply(stanza, "wait", "not-acceptable"));
236e8d1ee96c mod_register: Switch to using util.throttle for limiting registrations per ip per time Kim Alvefur <zash@zash.se> parents: 7021 diff changeset	194	return true;
690 e901a0709005 Added rate limiting to in-band registration, and added IP [black/white]lists Matthew Wild <mwild1@gmail.com> parents: 665 diff changeset	195	end
e901a0709005 Added rate limiting to in-band registration, and added IP [black/white]lists Matthew Wild <mwild1@gmail.com> parents: 665 diff changeset	196	end
4398 acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	197	local username, password = nodeprep(data.username), data.password;
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	198	data.username, data.password = nil, nil;
1857 ef266aa8e18f mod_register: Fixed: No error was returned if username failed nodeprep. Waqas Hussain <waqas20@gmail.com> parents: 1523 diff changeset	199	local host = module.host;
2448 542335c8a5bc mod_register: Return a <not-acceptable/> error on empty usernames (thanks Neustradamus). Waqas Hussain <waqas20@gmail.com> parents: 2260 diff changeset	200	if not username or username == "" then
7712 0af1783d1592 mod_register: Additional logging for various registration failure cases Kim Alvefur <zash@zash.se> parents: 7573 diff changeset	201	log("debug", "The requested username is invalid.");
1859 c965b0accc7c mod_register: Added helpful text to registration error responses. Waqas Hussain <waqas20@gmail.com> parents: 1858 diff changeset	202	session.send(st.error_reply(stanza, "modify", "not-acceptable", "The requested username is invalid."));
5165 39bb9344f194 mod_register: Fire event to allow blocking user registration Florian Zeitz <florob@babelmonkeys.de> parents: 5098 diff changeset	203	return true;
39bb9344f194 mod_register: Fire event to allow blocking user registration Florian Zeitz <florob@babelmonkeys.de> parents: 5098 diff changeset	204	end
8467 1a0b76b07b7a mod_register: Include the session and its IP address in user-registering event, so that plugins can use this Kim Alvefur <zash@zash.se> parents: 8455 diff changeset	205	local user = { username = username , host = host, additional = data, ip = session.ip, session = session, allowed = true }
5165 39bb9344f194 mod_register: Fire event to allow blocking user registration Florian Zeitz <florob@babelmonkeys.de> parents: 5098 diff changeset	206	module:fire_event("user-registering", user);
39bb9344f194 mod_register: Fire event to allow blocking user registration Florian Zeitz <florob@babelmonkeys.de> parents: 5098 diff changeset	207	if not user.allowed then
7712 0af1783d1592 mod_register: Additional logging for various registration failure cases Kim Alvefur <zash@zash.se> parents: 7573 diff changeset	208	log("debug", "Registration disallowed by module");
5165 39bb9344f194 mod_register: Fire event to allow blocking user registration Florian Zeitz <florob@babelmonkeys.de> parents: 5098 diff changeset	209	session.send(st.error_reply(stanza, "modify", "not-acceptable", "The requested username is forbidden."));
1857 ef266aa8e18f mod_register: Fixed: No error was returned if username failed nodeprep. Waqas Hussain <waqas20@gmail.com> parents: 1523 diff changeset	210	elseif usermanager_user_exists(username, host) then
7712 0af1783d1592 mod_register: Additional logging for various registration failure cases Kim Alvefur <zash@zash.se> parents: 7573 diff changeset	211	log("debug", "Attempt to register with existing username");
1859 c965b0accc7c mod_register: Added helpful text to registration error responses. Waqas Hussain <waqas20@gmail.com> parents: 1858 diff changeset	212	session.send(st.error_reply(stanza, "cancel", "conflict", "The requested username already exists."));
60 44800be871f5 User registration, etc (jabber:iq:register) Waqas Hussain <waqas20@gmail.com> parents: diff changeset	213	else
4398 acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	214	-- TODO unable to write file, file may be locked, etc, what's the correct error?
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	215	local error_reply = st.error_reply(stanza, "wait", "internal-server-error", "Failed to write data to disk.");
1857 ef266aa8e18f mod_register: Fixed: No error was returned if username failed nodeprep. Waqas Hussain <waqas20@gmail.com> parents: 1523 diff changeset	216	if usermanager_create_user(username, password, host) then
7757 560d2e758d4c mod_register: Record the time of registration in the account details store Kim Alvefur <zash@zash.se> parents: 7714 diff changeset	217	data.registered = os.time();
8072 8f5f197b139d mod_register: Remove check for empty table (previous line sets a field) Kim Alvefur <zash@zash.se> parents: 7920 diff changeset	218	if not account_details:set(username, data) then
7712 0af1783d1592 mod_register: Additional logging for various registration failure cases Kim Alvefur <zash@zash.se> parents: 7573 diff changeset	219	log("debug", "Could not store extra details");
4398 acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	220	usermanager_delete_user(username, host);
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	221	session.send(error_reply);
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	222	return true;
acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	223	end
311 513bd52e8e19 Fixed mod_register to use session.send for sending stanzas Waqas Hussain <waqas20@gmail.com> parents: 85 diff changeset	224	session.send(st.reply(stanza)); -- user created!
7020 ff734a602886 mod_register: Use session log instance to ease indentification Kim Alvefur <zash@zash.se> parents: 5776 diff changeset	225	log("info", "User account created: %s@%s", username, host);
3540 bc139431830b Monster whitespace commit (beware the whitespace monster). Waqas Hussain <waqas20@gmail.com> parents: 3529 diff changeset	226	module:fire_event("user-registered", {
1857 ef266aa8e18f mod_register: Fixed: No error was returned if username failed nodeprep. Waqas Hussain <waqas20@gmail.com> parents: 1523 diff changeset	227	username = username, host = host, source = "mod_register",
1189 63ed3902f357 mod_register: Attach session to user-registered and user-deregistered events Matthew Wild <mwild1@gmail.com> parents: 1184 diff changeset	228	session = session });
60 44800be871f5 User registration, etc (jabber:iq:register) Waqas Hussain <waqas20@gmail.com> parents: diff changeset	229	else
7712 0af1783d1592 mod_register: Additional logging for various registration failure cases Kim Alvefur <zash@zash.se> parents: 7573 diff changeset	230	log("debug", "Could not create user");
4398 acc37e221940 mod_register: Add support for additional registration fields Florian Zeitz <florob@babelmonkeys.de> parents: 4270 diff changeset	231	session.send(error_reply);
60 44800be871f5 User registration, etc (jabber:iq:register) Waqas Hussain <waqas20@gmail.com> parents: diff changeset	232	end
44800be871f5 User registration, etc (jabber:iq:register) Waqas Hussain <waqas20@gmail.com> parents: diff changeset	233	end
44800be871f5 User registration, etc (jabber:iq:register) Waqas Hussain <waqas20@gmail.com> parents: diff changeset	234	end
44800be871f5 User registration, etc (jabber:iq:register) Waqas Hussain <waqas20@gmail.com> parents: diff changeset	235	end
44800be871f5 User registration, etc (jabber:iq:register) Waqas Hussain <waqas20@gmail.com> parents: diff changeset	236	end
3529 3f9cc12308aa mod_register: Updated to use the new events API. Waqas Hussain <waqas20@gmail.com> parents: 3394 diff changeset	237	end
3f9cc12308aa mod_register: Updated to use the new events API. Waqas Hussain <waqas20@gmail.com> parents: 3394 diff changeset	238	return true;
60 44800be871f5 User registration, etc (jabber:iq:register) Waqas Hussain <waqas20@gmail.com> parents: diff changeset	239	end);

author	Kim Alvefur <zash@zash.se>
	Sat, 07 Oct 2017 22:00:50 +0200
changeset 8487	f591855f060d
parent 8467	plugins/mod_register.lua@1a0b76b07b7a
child 8488	0e02c6de5c02
permissions	-rw-r--r--