Mercurial > prosody-hg
comparison plugins/mod_admin_shell.lua @ 14120:0e9e3efa381f 13.0
mod_admin_shell: Fail user creation/modification if new password fails saslprep
This saves us from setting an invalid password and preventing the new account
from authenticating.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 02 Apr 2026 20:53:04 +0100 |
| parents | b9688ac25255 |
| children | 7008869fcce2 d666e7cd8609 |
comparison
equal
deleted
inserted
replaced
| 14119:519c16c2eb21 | 14120:0e9e3efa381f |
|---|---|
| 18 local it = require "prosody.util.iterators"; | 18 local it = require "prosody.util.iterators"; |
| 19 local server = require "prosody.net.server"; | 19 local server = require "prosody.net.server"; |
| 20 local schema = require "prosody.util.jsonschema"; | 20 local schema = require "prosody.util.jsonschema"; |
| 21 local st = require "prosody.util.stanza"; | 21 local st = require "prosody.util.stanza"; |
| 22 local parse_args = require "prosody.util.argparse".parse; | 22 local parse_args = require "prosody.util.argparse".parse; |
| 23 local saslprep = require "prosody.util.encodings".stringprep.saslprep; | |
| 23 | 24 |
| 24 local _G = _G; | 25 local _G = _G; |
| 25 | 26 |
| 26 local prosody = _G.prosody; | 27 local prosody = _G.prosody; |
| 27 | 28 |
| 1867 | 1868 |
| 1868 if not role then | 1869 if not role then |
| 1869 role = module:get_option_string("default_provisioned_role", "prosody:member"); | 1870 role = module:get_option_string("default_provisioned_role", "prosody:member"); |
| 1870 end | 1871 end |
| 1871 | 1872 |
| 1872 return promise.resolve(password or self.session.request_input("password")):next(function (password_) | 1873 return promise.resolve(password or self.session.request_input("password")):next(function (raw_password) |
| 1873 local ok, err = um.create_user_with_role(username, password_, host, role); | 1874 local prepped_password = saslprep(raw_password); |
| 1875 if not prepped_password or prepped_password == "" then | |
| 1876 return promise.reject("Unacceptable password"); | |
| 1877 end | |
| 1878 | |
| 1879 self.session.print(("PW: %q"):format(raw_password)); | |
| 1880 self.session.print(("PW2: %q"):format(prepped_password)); | |
| 1881 | |
| 1882 local ok, err = um.create_user_with_role(username, prepped_password, host, role); | |
| 1874 if not ok then | 1883 if not ok then |
| 1875 return promise.reject("Could not create user: "..err); | 1884 return promise.reject("Could not create user: "..err); |
| 1876 end | 1885 end |
| 1877 return ("Created %s with role '%s'"):format(jid, role); | 1886 return ("Created %s with role '%s'"):format(jid, role); |
| 1878 end); | 1887 end); |
| 1933 return nil, "No such host: "..host; | 1942 return nil, "No such host: "..host; |
| 1934 elseif not um.user_exists(username, host) then | 1943 elseif not um.user_exists(username, host) then |
| 1935 return nil, "No such user"; | 1944 return nil, "No such user"; |
| 1936 end | 1945 end |
| 1937 | 1946 |
| 1938 return promise.resolve(password or self.session.request_input("password")):next(function (password_) | 1947 return promise.resolve(password or self.session.request_input("password")):next(function (raw_password) |
| 1939 local ok, err = um.set_password(username, password_, host, nil); | 1948 local prepped_password = saslprep(raw_password); |
| 1949 if not prepped_password or prepped_password == "" then | |
| 1950 return promise.reject("Unacceptable password"); | |
| 1951 end | |
| 1952 | |
| 1953 self.session.print(("PW: %q"):format(raw_password)); | |
| 1954 self.session.print(("PW2: %q"):format(prepped_password)); | |
| 1955 | |
| 1956 local ok, err = um.set_password(username, prepped_password, host, nil); | |
| 1940 if ok then | 1957 if ok then |
| 1941 return "User password changed"; | 1958 return "User password changed"; |
| 1942 else | 1959 else |
| 1943 return promise.reject("Could not change password for user: "..err); | 1960 return promise.reject("Could not change password for user: "..err); |
| 1944 end | 1961 end |
