comparison plugins/mod_admin_shell.lua @ 14166:2a050069f37b 13.0

mod_admin_shell: Don't echo password back to the client Unintentional debugging introduced in 0e9e3efa381f
author Matthew Wild <mwild1@gmail.com>
date Tue, 19 May 2026 19:24:53 +0100
parents d666e7cd8609
children 4f4c346e4f39
comparison
equal deleted inserted replaced
14165:0c81b8fede94 14166:2a050069f37b
1878 local prepped_password = saslprep(raw_password); 1878 local prepped_password = saslprep(raw_password);
1879 if not prepped_password or prepped_password == "" then 1879 if not prepped_password or prepped_password == "" then
1880 return promise.reject("Unacceptable password"); 1880 return promise.reject("Unacceptable password");
1881 end 1881 end
1882 1882
1883 self.session.print(("PW: %q"):format(raw_password));
1884 self.session.print(("PW2: %q"):format(prepped_password));
1885
1886 local ok, err = um.create_user_with_role(username, prepped_password, host, role); 1883 local ok, err = um.create_user_with_role(username, prepped_password, host, role);
1887 if not ok then 1884 if not ok then
1888 return promise.reject("Could not create user: "..err); 1885 return promise.reject("Could not create user: "..err);
1889 end 1886 end
1890 return ("Created %s with role '%s'"):format(jid, role); 1887 return ("Created %s with role '%s'"):format(jid, role);
1951 return promise.resolve(password or self.session.request_input("password")):next(function (raw_password) 1948 return promise.resolve(password or self.session.request_input("password")):next(function (raw_password)
1952 local prepped_password = saslprep(raw_password); 1949 local prepped_password = saslprep(raw_password);
1953 if not prepped_password or prepped_password == "" then 1950 if not prepped_password or prepped_password == "" then
1954 return promise.reject("Unacceptable password"); 1951 return promise.reject("Unacceptable password");
1955 end 1952 end
1956
1957 self.session.print(("PW: %q"):format(raw_password));
1958 self.session.print(("PW2: %q"):format(prepped_password));
1959 1953
1960 local ok, err = um.set_password(username, prepped_password, host, nil); 1954 local ok, err = um.set_password(username, prepped_password, host, nil);
1961 if ok then 1955 if ok then
1962 return "User password changed"; 1956 return "User password changed";
1963 else 1957 else