Mercurial > prosody-modules
comparison mod_http_admin_api/mod_http_admin_api.lua @ 4997:1b5869c34026
mod_http_admin_api: Updates for new role auth API in Prosody (trunk/0.13 only)
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Wed, 13 Jul 2022 11:18:46 +0100 |
| parents | 65870d42a7b1 |
| children | d68348323406 |
comparison
equal
deleted
inserted
replaced
| 4996:031e0dd90f4b | 4997:1b5869c34026 |
|---|---|
| 31 if not (auth_type and auth_data) then | 31 if not (auth_type and auth_data) then |
| 32 return false; | 32 return false; |
| 33 end | 33 end |
| 34 | 34 |
| 35 if auth_type == "Bearer" then | 35 if auth_type == "Bearer" then |
| 36 local token_info = tokens.get_token_info(auth_data); | 36 return tokens.get_token_session(auth_data); |
| 37 if not token_info or not token_info.session then | |
| 38 return false; | |
| 39 end | |
| 40 return token_info.session; | |
| 41 end | 37 end |
| 42 return nil; | 38 return nil; |
| 43 end | 39 end |
| 40 | |
| 41 module:default_permission("prosody:admin", ":access-admin-api"); | |
| 44 | 42 |
| 45 function check_auth(routes) | 43 function check_auth(routes) |
| 46 local function check_request_auth(event) | 44 local function check_request_auth(event) |
| 47 local session = check_credentials(event.request); | 45 local session = check_credentials(event.request); |
| 48 if not session then | 46 if not session then |
| 49 event.response.headers.authorization = www_authenticate_header; | 47 event.response.headers.authorization = www_authenticate_header; |
| 50 return false, 401; | 48 return false, 401; |
| 51 elseif session.auth_scope ~= "prosody:scope:admin" then | 49 end |
| 50 event.session = session; | |
| 51 if not module:may(":access-admin-api", event) then | |
| 52 return false, 403; | 52 return false, 403; |
| 53 end | 53 end |
| 54 event.session = session; | |
| 55 return true; | 54 return true; |
| 56 end | 55 end |
| 57 | 56 |
| 58 for route, handler in pairs(routes) do | 57 for route, handler in pairs(routes) do |
| 59 routes[route] = function (event, ...) | 58 routes[route] = function (event, ...) |
| 177 if ok and nick_item then | 176 if ok and nick_item then |
| 178 display_name = nick_item:get_child_text("nick", xmlns_nick); | 177 display_name = nick_item:get_child_text("nick", xmlns_nick); |
| 179 end | 178 end |
| 180 end | 179 end |
| 181 | 180 |
| 182 local roles = nil; | 181 local roles = array(); |
| 183 if usermanager.get_roles then | 182 local roles_map = usermanager.get_user_roles(username, module.host); |
| 184 local roles_map = usermanager.get_roles(username.."@"..module.host, module.host) | 183 for role_name in pairs(roles_map) do |
| 185 roles = array() | 184 roles:push(role_name); |
| 186 if roles_map then | |
| 187 for role in pairs(roles_map) do | |
| 188 roles:push(role) | |
| 189 end | |
| 190 end | |
| 191 end | 185 end |
| 192 | 186 |
| 193 return { | 187 return { |
| 194 username = username; | 188 username = username; |
| 195 display_name = display_name; | 189 display_name = display_name; |
| 414 final_user.display_name = new_user.display_name; | 408 final_user.display_name = new_user.display_name; |
| 415 end | 409 end |
| 416 end | 410 end |
| 417 | 411 |
| 418 if new_user.roles then | 412 if new_user.roles then |
| 419 if not usermanager.set_roles then | 413 if not usermanager.set_user_roles then |
| 420 return 500, "feature-not-implemented" | 414 return 500, "feature-not-implemented" |
| 421 end | 415 end |
| 422 | 416 |
| 423 local backend_roles = {}; | 417 local backend_roles = {}; |
| 424 for _, role in ipairs(new_user.roles) do | 418 for _, role in ipairs(new_user.roles) do |
| 425 backend_roles[role] = true; | 419 backend_roles[role] = true; |
| 426 end | 420 end |
| 427 local jid = username.."@"..module.host; | 421 local jid = username.."@"..module.host; |
| 428 if not usermanager.set_roles(jid, module.host, backend_roles) then | 422 if not usermanager.set_user_roles(username, module.host, backend_roles) then |
| 429 module:log("error", "failed to set roles %q for %s", backend_roles, jid) | 423 module:log("error", "failed to set roles %q for %s", backend_roles, jid) |
| 430 return 500 | 424 return 500 |
| 431 end | 425 end |
| 432 end | 426 end |
| 433 | 427 |
