apitech
/
prosody
mirror of https://github.com/bjc/prosody
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
IMPORTANT: due to a drive failure, as of 13-Mar-2021, the Mercurial repository had to be re-mirrored, which changed every commit SHA. The old SHAs and trees are backed up in the vault branches. Please migrate to the new branches as soon as you can.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13887 Commits
12 Branches
101 Tags
54 MiB
Tag: Branch: Tree: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
prosody/plugins/mod_invites.lua

506 lines
16 KiB
Raw Permalink Normal View History Unescape

plugins: Prefix module imports with prosody namespace
3 years ago
local id = require "prosody.util.id";
local it = require "prosody.util.iterators";
mod_invites: Import from prosdy-modules@5fc306239db3
4 years ago
local url = require "socket.url";
plugins: Prefix module imports with prosody namespace
3 years ago
local jid_node = require "prosody.util.jid".node;
local jid_split = require "prosody.util.jid".split;
mod_invites: Refactor argument handling using util.argparse This makes it so that --admin and --role are no longer mutually exclusive, they the former is simply treated as another --role. This was likely a leftover from when only a single role was possible. It does however become unclear which should be the primary, since the order is not preserved by argparse. Bonus: Loading of modules is avoided with only the --help is shown.
4 years ago
local argparse = require "prosody.util.argparse";
mod_invites: Allow specifying invite ttl on command line Was missing a way to pass TTL via command or shell.
2 years ago
local human_io = require "prosody.util.human.io";
mod_invites: Import from prosdy-modules@5fc306239db3
4 years ago
mod_cloud_notify, mod_cron, mod_invites: Add 'prosody.' prefix to requires
11 months ago
local url_escape = require "prosody.util.http".urlencode;
local render_url = require "prosody.util.interpolation".new("%b{}", url_escape, {
mod_invites: Add support for invites_page option to use external invites pages This allows Prosody to easily provide friendly invitation links, even without setting up mod_invites_page (which is a community module). Admins can configure it to use a third-party deployment such as https://xmpp.link or they can deploy their own based on https://github.com/modernxmpp/easy-xmpp-invitation Alternatively they can just install mod_invites_page and this will all be handled automatically by that.
12 months ago
urlescape = url_escape;
noscheme = function (urlstring)
return (urlstring:gsub("^[^:]+:", ""));
end;
});
plugins: Switch to :get_option_period() for time range options Improves readability ("1 day" vs 86400) and centralizes validation.
2 years ago
local default_ttl = module:get_option_period("invite_expiry", "1 week");
mod_invites: Import from prosdy-modules@5fc306239db3
4 years ago
local token_storage;
if prosody.process_type == "prosody" or prosody.shutdown then
token_storage = module:open_store("invite_token", "map");
end
local function get_uri(action, jid, token, params) --> string
return url.build({
scheme = "xmpp",
path = jid,
query = action..";preauth="..token..(params and (";"..params) or ""),
});
end
local function create_invite(invite_action, invite_jid, allow_registration, additional_data, ttl, reusable)
local token = id.medium();
local created_at = os.time();
local expires = created_at + (ttl or default_ttl);
local invite_params = (invite_action == "roster" and allow_registration) and "ibr=y" or nil;
local invite = {
type = invite_action;
jid = invite_jid;
token = token;
allow_registration = allow_registration;
additional_data = additional_data;
uri = get_uri(invite_action, invite_jid, token, invite_params);
created_at = created_at;
expires = expires;
reusable = reusable;
};
module:fire_event("invite-created", invite);
if allow_registration then
local ok, err = token_storage:set(nil, token, invite);
if not ok then
module:log("warn", "Failed to store account invite: %s", err);
return nil, "internal-server-error";
end
end
if invite_action == "roster" then
local username = jid_node(invite_jid);
local ok, err = token_storage:set(username, token, expires);
if not ok then
module:log("warn", "Failed to store subscription invite: %s", err);
return nil, "internal-server-error";
end
end
return invite;
end
-- Create invitation to register an account (optionally restricted to the specified username)
function create_account(account_username, additional_data, ttl) --luacheck: ignore 131/create_account
local jid = account_username and (account_username.."@"..module.host) or module.host;
return create_invite("register", jid, true, additional_data, ttl);
end
-- Create invitation to reset the password for an account
function create_account_reset(account_username, ttl) --luacheck: ignore 131/create_account_reset
return create_account(account_username, { allow_reset = account_username }, ttl or 86400);
end
-- Create invitation to become a contact of a local user
function create_contact(username, allow_registration, additional_data, ttl) --luacheck: ignore 131/create_contact
return create_invite("roster", username.."@"..module.host, allow_registration, additional_data, ttl);
end
-- Create invitation to register an account and join a user group
-- If explicit ttl is passed, invite is valid for multiple signups
-- during that time period
function create_group(group_ids, additional_data, ttl) --luacheck: ignore 131/create_group
local merged_additional_data = {
groups = group_ids;
};
if additional_data then
for k, v in pairs(additional_data) do
merged_additional_data[k] = v;
end
end
return create_invite("register", module.host, true, merged_additional_data, ttl, not not ttl);
end
-- Iterates pending (non-expired, unused) invites that allow registration
function pending_account_invites() --luacheck: ignore 131/pending_account_invites
local store = module:open_store("invite_token");
local now = os.time();
local function is_valid_invite(_, invite)
return invite.expires > now;
end
return it.filter(is_valid_invite, pairs(store:get(nil) or {}));
end
function get_account_invite_info(token) --luacheck: ignore 131/get_account_invite_info
if not token then
return nil, "no-token";
end
-- Fetch from host store (account invite)
local token_info = token_storage:get(nil, token);
if not token_info then
return nil, "token-invalid";
elseif os.time() > token_info.expires then
return nil, "token-expired";
end
return token_info;
end
function delete_account_invite(token) --luacheck: ignore 131/delete_account_invite
if not token then
return nil, "no-token";
end
return token_storage:set(nil, token, nil);
end
local valid_invite_methods = {};
local valid_invite_mt = { __index = valid_invite_methods };
function valid_invite_methods:use()
if self.reusable then
return true;
end
if self.username then
-- Also remove the contact invite if present, on the
-- assumption that they now have a mutual subscription
token_storage:set(self.username, self.token, nil);
end
token_storage:set(nil, self.token, nil);
return true;
end
-- Get a validated invite (or nil, err). Must call :use() on the
-- returned invite after it is actually successfully used
-- For "roster" invites, the username of the local user (who issued
-- the invite) must be passed.
-- If no username is passed, but the registration is a roster invite
-- from a local user, the "inviter" field of the returned invite will
-- be set to their username.
function get(token, username)
if not token then
return nil, "no-token";
end
local valid_until, inviter;
-- Fetch from host store (account invite)
local token_info = token_storage:get(nil, token);
if username then -- token being used for subscription
-- Fetch from user store (subscription invite)
valid_until = token_storage:get(username, token);
else -- token being used for account creation
valid_until = token_info and token_info.expires;
if token_info and token_info.type == "roster" then
username = jid_node(token_info.jid);
inviter = username;
end
end
if not valid_until then
module:log("debug", "Got unknown token: %s", token);
return nil, "token-invalid";
elseif os.time() > valid_until then
module:log("debug", "Got expired token: %s", token);
return nil, "token-expired";
end
return setmetatable({
token = token;
username = username;
inviter = inviter;
type = token_info and token_info.type or "roster";
uri = token_info and token_info.uri or get_uri("roster", username.."@"..module.host, token);
additional_data = token_info and token_info.additional_data or nil;
mod_invites: Fix traceback when token_info isn’t set
1 year ago
reusable = token_info and token_info.reusable or false;
mod_invites: Import from prosdy-modules@5fc306239db3
4 years ago
}, valid_invite_mt);
end
function use(token) --luacheck: ignore 131/use
local invite = get(token);
return invite and invite:use();
end
mod_invites: Add support for invites_page option to use external invites pages This allows Prosody to easily provide friendly invitation links, even without setting up mod_invites_page (which is a community module). Admins can configure it to use a third-party deployment such as https://xmpp.link or they can deploy their own based on https://github.com/modernxmpp/easy-xmpp-invitation Alternatively they can just install mod_invites_page and this will all be handled automatically by that.
12 months ago
-- Point at e.g. a deployment of https://github.com/modernxmpp/easy-xmpp-invitation
-- This URL must always be absolute, as it is shared standalone
local invite_url_template = module:get_option_string("invites_page");
local invites_page_supports = module:get_option_set("invites_page_supports", { "account", "contact", "account-and-contact" });
local function add_landing_url(invite)
if not invite_url_template or invite.landing_page then return; end
-- Determine whether this type of invitation is supported by the landing page
local invite_type;
if invite.type == "register" then
mod_invites: Consider password reset a distinct type wrt invite page This should prevent returning an invite web page unless it supports password resets.
9 months ago
if invite.additional_data and invite.additional_data.allow_reset then
invite_type = "password-reset";
else
invite_type = "account";
end
mod_invites: Add support for invites_page option to use external invites pages This allows Prosody to easily provide friendly invitation links, even without setting up mod_invites_page (which is a community module). Admins can configure it to use a third-party deployment such as https://xmpp.link or they can deploy their own based on https://github.com/modernxmpp/easy-xmpp-invitation Alternatively they can just install mod_invites_page and this will all be handled automatically by that.
12 months ago
elseif invite.type == "roster" then
if invite.allow_registration then
invite_type = "account-and-contact";
else
invite_type = "contact-only";
end
end
if not invites_page_supports:contains(invite_type) then
return; -- Invitation type unsupported
end
invite.landing_page = render_url(invite_url_template, { host = module.host, invite = invite });
end
module:hook("invite-created", add_landing_url, -1);
mod_invites: Import from prosdy-modules@5fc306239db3
4 years ago
--- shell command
mod_invites: Hide --group flag unless mod_invites_groups is enabled The WIP groups support is not complete yet, and won't work without extra modules (which are not yet a part of Prosody). For now we hide --group support unless mod_invites_groups (community module) is specified in modules_enabled.
10 months ago
-- COMPAT: Dynamic groups are work in progress as of 13.0, so we'll use the
-- presence of mod_invites_groups (a community module) to determine whether to
-- expose our support for invites to groups.
local have_group_invites = module:get_option_inherited_set("modules_enabled"):contains("invites_groups");
mod_invites: Use new shell-command API
2 years ago
module:add_item("shell-command", {
section = "invite";
section_desc = "Create and manage invitations";
name = "create_account";
desc = "Create an invitation to make an account on this server with the specified JID (supply only a hostname to allow any username)";
mod_invites: Deprecate 'mod_invites generate' in favour of new shell commands
10 months ago
args = {
{ name = "user_jid", type = "string" };
};
mod_invites: Use new shell-command API
2 years ago
host_selector = "user_jid";
mod_invites: Deprecate 'mod_invites generate' in favour of new shell commands
10 months ago
flags = {
mod_invites: Hide --group flag unless mod_invites_groups is enabled The WIP groups support is not complete yet, and won't work without extra modules (which are not yet a part of Prosody). For now we hide --group support unless mod_invites_groups (community module) is specified in modules_enabled.
10 months ago
array_params = { role = true, group = have_group_invites };
mod_invites: Deprecate 'mod_invites generate' in favour of new shell commands
10 months ago
value_params = { expires_after = true };
};
mod_invites: Use new shell-command API
2 years ago
mod_invites: Deprecate 'mod_invites generate' in favour of new shell commands
10 months ago
handler = function (self, user_jid, opts) --luacheck: ignore 212/self
mod_invites: Fix linter issues
2 years ago
local username = jid_split(user_jid);
mod_invites: Fix traceback when no flags passed
10 months ago
local roles = opts and opts.role or {};
local groups = opts and opts.group or {};
mod_invites: Deprecate 'mod_invites generate' in favour of new shell commands
10 months ago
mod_invites: Fix traceback when no flags passed
10 months ago
if opts and opts.admin then
mod_invites: Deprecate 'mod_invites generate' in favour of new shell commands
10 months ago
-- Insert it first since we don't get order out of argparse
table.insert(roles, 1, "prosody:admin");
end
local ttl;
mod_invites: Fix traceback when no flags passed
10 months ago
if opts and opts.expires_after then
mod_invites: Deprecate 'mod_invites generate' in favour of new shell commands
10 months ago
ttl = human_io.parse_duration(opts.expires_after);
if not ttl then
return false, "Unable to parse duration: "..opts.expires_after;
end
end
local invite = assert(create_account(username, {
roles = roles;
groups = groups;
}, ttl));
mod_invites: Prefer landing page over xmpp URI in shell command To mirror behavior of prosodyctl invocation
3 years ago
return true, invite.landing_page or invite.uri;
mod_invites: Use new shell-command API
2 years ago
end;
});
mod_invites: Shell command to create reset links
11 months ago
module:add_item("shell-command", {
section = "invite";
section_desc = "Create and manage invitations";
name = "create_reset";
desc = "Create a password reset link for the specified user";
mod_invites: Deprecate 'mod_invites generate' in favour of new shell commands
10 months ago
args = { { name = "user_jid", type = "string" } };
mod_invites: Shell command to create reset links
11 months ago
host_selector = "user_jid";
mod_invites: Deprecate 'mod_invites generate' in favour of new shell commands
10 months ago
flags = {
value_params = { expires_after = true };
};
mod_invites: Shell command to create reset links
11 months ago
mod_invites: Deprecate 'mod_invites generate' in favour of new shell commands
10 months ago
handler = function (self, user_jid, opts) --luacheck: ignore 212/self
mod_invites: Shell command to create reset links
11 months ago
local username = jid_split(user_jid);
mod_invites: Deprecate 'mod_invites generate' in favour of new shell commands
10 months ago
if not username then
return nil, "Supply the JID of the account you want to generate a password reset for";
end
local duration_sec = require "prosody.util.human.io".parse_duration(opts and opts.expires_after or "1d");
if not duration_sec then
return nil, "Unable to parse duration: "..opts.expires_after;
end
mod_invites: Shell command to create reset links
11 months ago
local invite, err = create_account_reset(username, duration_sec);
if not invite then return nil, err; end
self.session.print(invite.landing_page or invite.uri);
return true, ("Password reset link for %s valid until %s"):format(user_jid, os.date("%Y-%m-%d %T", invite.expires));
end;
});
mod_invites: Use new shell-command API
2 years ago
module:add_item("shell-command", {
section = "invite";
section_desc = "Create and manage invitations";
name = "create_contact";
desc = "Create an invitation to become contacts with the specified user";
mod_invites: Deprecate 'mod_invites generate' in favour of new shell commands
10 months ago
args = { { name = "user_jid", type = "string" } };
mod_invites: Use new shell-command API
2 years ago
host_selector = "user_jid";
mod_invites: Deprecate 'mod_invites generate' in favour of new shell commands
10 months ago
flags = {
value_params = { expires_after = true };
kv_params = { allow_registration = true };
};
mod_invites: Use new shell-command API
2 years ago
mod_invites: Deprecate 'mod_invites generate' in favour of new shell commands
10 months ago
handler = function (self, user_jid, opts) --luacheck: ignore 212/self
mod_invites: Fix linter issues
2 years ago
local username = jid_split(user_jid);
mod_invites: Deprecate 'mod_invites generate' in favour of new shell commands
10 months ago
if not username then
return nil, "Supply the JID of the account you want the recipient to become a contact of";
end
local ttl;
mod_invites: Fix traceback when no flags passed
10 months ago
if opts and opts.expires_after then
mod_invites: Deprecate 'mod_invites generate' in favour of new shell commands
10 months ago
ttl = require "prosody.util.human.io".parse_duration(opts.expires_after);
if not ttl then
return nil, "Unable to parse duration: "..opts.expires_after;
end
end
mod_invites: Fix traceback when no flags passed
10 months ago
local invite, err = create_contact(username, opts and opts.allow_registration, nil, ttl);
mod_invites: Import from prosdy-modules@5fc306239db3
4 years ago
if not invite then return nil, err; end
mod_invites: Prefer landing page over xmpp URI in shell command To mirror behavior of prosodyctl invocation
3 years ago
return true, invite.landing_page or invite.uri;
mod_invites: Use new shell-command API
2 years ago
end;
});
mod_invites: Import from prosdy-modules@5fc306239db3
4 years ago
mod_invites: Add shell commands to list, show and delete pending invitations
11 months ago
module:add_item("shell-command", {
section = "invite";
section_desc = "Create and manage invitations";
name = "show";
desc = "Show details of an account invitation token";
args = { { name = "host", type = "string" }, { name = "token", type = "string" } };
host_selector = "host";
handler = function (self, host, token) --luacheck: ignore 212/self 212/host
local invite, err = get_account_invite_info(token);
if not invite then return nil, err; end
local print = self.session.print;
if invite.type == "roster" then
print("Invitation to register and become a contact of "..invite.jid);
elseif invite.type == "register" then
local jid_user, jid_host = jid_split(invite.jid);
if invite.additional_data and invite.additional_data.allow_reset then
print("Password reset for "..invite.additional_data.allow_reset.."@"..jid_host);
elseif jid_user then
print("Invitation to register on "..jid_host.." with username '"..jid_user.."'");
else
print("Invitation to register on "..jid_host);
end
else
print("Unknown invitation type");
end
if invite.inviter then
print("Creator:", invite.inviter);
end
print("Created:", os.date("%Y-%m-%d %T", invite.created_at));
print("Expires:", os.date("%Y-%m-%d %T", invite.expires));
print("");
if invite.uri then
print("XMPP URI:", invite.uri);
end
if invite.landing_page then
print("Web link:", invite.landing_page);
end
if invite.additional_data then
print("");
if invite.additional_data.roles then
if invite.additional_data.roles[1] then
print("Role:", invite.additional_data.roles[1]);
end
if invite.additional_data.roles[2] then
print("Secondary roles:", table.concat(invite.additional_data.roles, ", ", 2, #invite.additional_data.roles));
end
end
if invite.additional_data.groups then
print("Groups:", table.concat(invite.additional_data.groups, ", "));
end
if invite.additional_data.note then
print("Comment:", invite.additional_data.note);
end
end
return true, "Invitation valid";
end;
});
module:add_item("shell-command", {
section = "invite";
section_desc = "Create and manage invitations";
name = "delete";
desc = "Delete/revoke an invitation token";
args = { { name = "host", type = "string" }, { name = "token", type = "string" } };
host_selector = "host";
handler = function (self, host, token) --luacheck: ignore 212/self 212/host
local invite, err = delete_account_invite(token);
if not invite then return nil, err; end
return true, "Invitation deleted";
end;
});
module:add_item("shell-command", {
section = "invite";
section_desc = "Create and manage invitations";
name = "list";
desc = "List pending invitations which allow account registration";
args = { { name = "host", type = "string" } };
host_selector = "host";
handler = function (self, host) -- luacheck: ignore 212/host
local print_row = human_io.table({
{
title = "Token";
key = "invite";
width = 24;
mapper = function (invite)
return invite.token;
end;
};
{
title = "Expires";
key = "invite";
width = 20;
mapper = function (invite)
return os.date("%Y-%m-%dT%T", invite.expires);
end;
};
{
title = "Description";
key = "invite";
width = "100%";
mapper = function (invite)
if invite.type == "roster" then
return "Contact with "..invite.jid;
elseif invite.type == "register" then
local jid_user, jid_host = jid_split(invite.jid);
if invite.additional_data and invite.additional_data.allow_reset then
return "Password reset for "..invite.additional_data.allow_reset.."@"..jid_host;
end
if jid_user then
return "Register on "..jid_host.." with username "..jid_user;
end
return "Register on "..jid_host;
end
end;
};
}, self.session.width);
self.session.print(print_row());
local count = 0;
for _, invite in pending_account_invites() do
count = count + 1;
self.session.print(print_row({ invite = invite }));
end
return true, ("%d pending invites"):format(count);
end;
});
mod_invites: Refactor argument handling using util.argparse This makes it so that --admin and --role are no longer mutually exclusive, they the former is simply treated as another --role. This was likely a leftover from when only a single role was possible. It does however become unclear which should be the primary, since the order is not preserved by argparse. Bonus: Loading of modules is avoided with only the --help is shown.
4 years ago
local subcommands = {};
mod_invites: Import from prosdy-modules@5fc306239db3
4 years ago
--- prosodyctl command
function module.command(arg)
mod_invites: Refactor argument handling using util.argparse This makes it so that --admin and --role are no longer mutually exclusive, they the former is simply treated as another --role. This was likely a leftover from when only a single role was possible. It does however become unclear which should be the primary, since the order is not preserved by argparse. Bonus: Loading of modules is avoided with only the --help is shown.
4 years ago
local opts = argparse.parse(arg, { short_params = { h = "help"; ["?"] = "help" } });
local cmd = table.remove(arg, 1); -- pop command
if opts.help or not cmd or not subcommands[cmd] then
mod_invites: Import from prosdy-modules@5fc306239db3
4 years ago
print("usage: prosodyctl mod_"..module.name.." generate example.com");
return 2;
end
mod_invites: Refactor argument handling using util.argparse This makes it so that --admin and --role are no longer mutually exclusive, they the former is simply treated as another --role. This was likely a leftover from when only a single role was possible. It does however become unclear which should be the primary, since the order is not preserved by argparse. Bonus: Loading of modules is avoided with only the --help is shown.
4 years ago
return subcommands[cmd](arg);
end
mod_invites: Deprecate 'mod_invites generate' in favour of new shell commands
10 months ago
function subcommands.generate()
print("This command is deprecated. Please see 'prosodyctl shell help invite' for available commands.");
return 1;
mod_invites: Import from prosdy-modules@5fc306239db3
4 years ago
end