usermanager, mod_auth_*: Add get_account_info() returning creation/update time
This is useful for a number of things. For example, listing users that need to
rotate their passwords after some event. It also provides a safer way for code
to determine that a user password has changed without needing to set a handler
for the password change event (which is a more fragile approach).
--- a/core/usermanager.lua Wed Jun 15 23:04:17 2022 +0200
+++ b/core/usermanager.lua Tue Jul 12 13:14:47 2022 +0100
@@ -116,6 +116,12 @@
return ok, err;
end
+local function get_account_info(username, host)
+ local method = hosts[host].users.get_account_info;
+ if not method then return nil, "method-not-supported"; end
+ return method(username);
+end
+
local function user_exists(username, host)
if hosts[host].sessions[username] then return true; end
return hosts[host].users.user_exists(username);
@@ -211,6 +217,7 @@
test_password = test_password;
get_password = get_password;
set_password = set_password;
+ get_account_info = get_account_info;
user_exists = user_exists;
create_user = create_user;
delete_user = delete_user;
--- a/plugins/mod_auth_internal_hashed.lua Wed Jun 15 23:04:17 2022 +0200
+++ b/plugins/mod_auth_internal_hashed.lua Tue Jul 12 13:14:47 2022 +0100
@@ -86,11 +86,21 @@
account.server_key = server_key_hex
account.password = nil;
+ account.updated = os.time();
return accounts:set(username, account);
end
return nil, "Account not available.";
end
+function provider.get_account_info(username)
+ local account = accounts:get(username);
+ if not account then return nil, "Account not available"; end
+ return {
+ created = account.created;
+ password_updated = account.updated;
+ };
+end
+
function provider.user_exists(username)
local account = accounts:get(username);
if not account then
@@ -115,9 +125,11 @@
end
local stored_key_hex = to_hex(stored_key);
local server_key_hex = to_hex(server_key);
+ local now = os.time();
return accounts:set(username, {
stored_key = stored_key_hex, server_key = server_key_hex,
- salt = salt, iteration_count = default_iteration_count
+ salt = salt, iteration_count = default_iteration_count,
+ created = now, updated = now;
});
end
--- a/plugins/mod_auth_internal_plain.lua Wed Jun 15 23:04:17 2022 +0200
+++ b/plugins/mod_auth_internal_plain.lua Tue Jul 12 13:14:47 2022 +0100
@@ -48,11 +48,21 @@
local account = accounts:get(username);
if account then
account.password = password;
+ account.updated = os.time();
return accounts:set(username, account);
end
return nil, "Account not available.";
end
+function provider.get_account_info(username)
+ local account = accounts:get(username);
+ if not account then return nil, "Account not available"; end
+ return {
+ created = account.created;
+ password_updated = account.updated;
+ };
+end
+
function provider.user_exists(username)
local account = accounts:get(username);
if not account then
@@ -71,7 +81,11 @@
if not password then
return nil, "Password fails SASLprep.";
end
- return accounts:set(username, {password = password});
+ local now = os.time();
+ return accounts:set(username, {
+ password = password;
+ created = now, updated = now;
+ });
end
function provider.delete_user(username)