mod_invites_adhoc: Fail contact invite if user is not on current host
Only the username was being used, and the host of the requester ignored.
Luckily this only affects admins of the host. If they want to create an
account they can use the other command. If they want to create a contact
they should request from their account on this host.
-- Prosody IM
-- Copyright (C) 2008-2013 Matthew Wild
-- Copyright (C) 2008-2013 Waqas Hussain
-- Copyright (C) 2014 Kim Alvefur
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
local new_sasl = require "util.sasl".new;
local base64 = require "util.encodings".base64.encode;
local have_async, async = pcall(require, "util.async");
local http = require "net.http";
if not have_async then
error("Your version of Prosody does not support async and is incompatible");
end
local host = module.host;
local api_base = module:get_option_string("http_auth_url", ""):gsub("$host", host);
if api_base == "" then error("http_auth_url required") end
api_base = api_base:gsub("/$", "");
local auth_creds = module:get_option_string("http_auth_credentials");
local method_types = {
-- Unlisted methods default to GET
register = "POST";
set_password = "POST";
remove_user = "POST";
};
local provider = {};
local function make_request(method_name, params)
local wait, done = async.waiter();
local method_type = method_types[method_name] or "GET";
params.server = params.server or host;
local encoded_params = http.formencode(params);
local url;
local ex = {
method = method_type;
headers = { Authorization = auth_creds and ("Basic "..base64(auth_creds)) or nil; };
}
if method_type == "POST" then
url = api_base.."/"..method_name;
ex.headers["Content-Type"] = "application/x/www-form-urlencoded";
ex.body = encoded_params;
else
url = api_base.."/"..method_name.."?"..encoded_params;
end
local content, code;
local function cb(content_, code_)
content, code = content_, code_;
done();
end
http.request(url, ex, cb);
wait();
return code, content;
end
function provider.test_password(username, password)
local code, body = make_request("check_password", { user = username, pass = password });
if code == 200 and body == "true" then
return true;
end
return false;
end
function provider.users()
return function()
return nil;
end
end
function provider.set_password(username, password)
local code = make_request("set_password", { user = username, pass = password });
if code == 200 or code == 201 or code == 204 then
return true;
end
return false;
end
function provider.user_exists(username)
local code, body = make_request("user_exists", { user = username });
if code == 200 and body == "true" then
return true;
end
return false;
end
function provider.create_user(username, password)
local code = make_request("register", { user = username, pass = password });
if code == 201 then
return true;
end
return false;
end
function provider.delete_user(username)
local code = make_request("remove_user", { user = username });
if code == 200 or code == 201 or code == 204 then
return true;
end
return false;
end
function provider.get_sasl_handler()
return new_sasl(host, {
--luacheck: ignore 212/sasl 212/realm
plain_test = function(sasl, username, password, realm)
return provider.test_password(username, password), true;
end;
});
end
module:provides("auth", provider);