comparison plugins/mod_admin_shell.lua @ 14120:0e9e3efa381f 13.0

mod_admin_shell: Fail user creation/modification if new password fails saslprep This saves us from setting an invalid password and preventing the new account from authenticating.
author Matthew Wild <mwild1@gmail.com>
date Thu, 02 Apr 2026 20:53:04 +0100
parents b9688ac25255
children 7008869fcce2 d666e7cd8609
comparison
equal deleted inserted replaced
14119:519c16c2eb21 14120:0e9e3efa381f
18 local it = require "prosody.util.iterators"; 18 local it = require "prosody.util.iterators";
19 local server = require "prosody.net.server"; 19 local server = require "prosody.net.server";
20 local schema = require "prosody.util.jsonschema"; 20 local schema = require "prosody.util.jsonschema";
21 local st = require "prosody.util.stanza"; 21 local st = require "prosody.util.stanza";
22 local parse_args = require "prosody.util.argparse".parse; 22 local parse_args = require "prosody.util.argparse".parse;
23 local saslprep = require "prosody.util.encodings".stringprep.saslprep;
23 24
24 local _G = _G; 25 local _G = _G;
25 26
26 local prosody = _G.prosody; 27 local prosody = _G.prosody;
27 28
1867 1868
1868 if not role then 1869 if not role then
1869 role = module:get_option_string("default_provisioned_role", "prosody:member"); 1870 role = module:get_option_string("default_provisioned_role", "prosody:member");
1870 end 1871 end
1871 1872
1872 return promise.resolve(password or self.session.request_input("password")):next(function (password_) 1873 return promise.resolve(password or self.session.request_input("password")):next(function (raw_password)
1873 local ok, err = um.create_user_with_role(username, password_, host, role); 1874 local prepped_password = saslprep(raw_password);
1875 if not prepped_password or prepped_password == "" then
1876 return promise.reject("Unacceptable password");
1877 end
1878
1879 self.session.print(("PW: %q"):format(raw_password));
1880 self.session.print(("PW2: %q"):format(prepped_password));
1881
1882 local ok, err = um.create_user_with_role(username, prepped_password, host, role);
1874 if not ok then 1883 if not ok then
1875 return promise.reject("Could not create user: "..err); 1884 return promise.reject("Could not create user: "..err);
1876 end 1885 end
1877 return ("Created %s with role '%s'"):format(jid, role); 1886 return ("Created %s with role '%s'"):format(jid, role);
1878 end); 1887 end);
1933 return nil, "No such host: "..host; 1942 return nil, "No such host: "..host;
1934 elseif not um.user_exists(username, host) then 1943 elseif not um.user_exists(username, host) then
1935 return nil, "No such user"; 1944 return nil, "No such user";
1936 end 1945 end
1937 1946
1938 return promise.resolve(password or self.session.request_input("password")):next(function (password_) 1947 return promise.resolve(password or self.session.request_input("password")):next(function (raw_password)
1939 local ok, err = um.set_password(username, password_, host, nil); 1948 local prepped_password = saslprep(raw_password);
1949 if not prepped_password or prepped_password == "" then
1950 return promise.reject("Unacceptable password");
1951 end
1952
1953 self.session.print(("PW: %q"):format(raw_password));
1954 self.session.print(("PW2: %q"):format(prepped_password));
1955
1956 local ok, err = um.set_password(username, prepped_password, host, nil);
1940 if ok then 1957 if ok then
1941 return "User password changed"; 1958 return "User password changed";
1942 else 1959 else
1943 return promise.reject("Could not change password for user: "..err); 1960 return promise.reject("Could not change password for user: "..err);
1944 end 1961 end