aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2022-07-12 13:14:47 +0100
committerMatthew Wild <mwild1@gmail.com>2022-07-12 13:14:47 +0100
commit4db3d1572390ce5b615282cb1112358d9e3ba892 (patch)
tree37bb45722201e08eb3e8a4ff1c88d27fbdd372ac
parentaf339f0e66480da6825fd655a5bf35e2824cfc00 (diff)
downloadprosody-4db3d1572390ce5b615282cb1112358d9e3ba892.tar.gz
prosody-4db3d1572390ce5b615282cb1112358d9e3ba892.zip
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
This is useful for a number of things. For example, listing users that need to rotate their passwords after some event. It also provides a safer way for code to determine that a user password has changed without needing to set a handler for the password change event (which is a more fragile approach).
-rw-r--r--core/usermanager.lua7
-rw-r--r--plugins/mod_auth_internal_hashed.lua14
-rw-r--r--plugins/mod_auth_internal_plain.lua16
3 files changed, 35 insertions, 2 deletions
diff --git a/core/usermanager.lua b/core/usermanager.lua
index 970140ef..23571fe7 100644
--- a/core/usermanager.lua
+++ b/core/usermanager.lua
@@ -116,6 +116,12 @@ local function set_password(username, password, host, resource)
return ok, err;
end
+local function get_account_info(username, host)
+ local method = hosts[host].users.get_account_info;
+ if not method then return nil, "method-not-supported"; end
+ return method(username);
+end
+
local function user_exists(username, host)
if hosts[host].sessions[username] then return true; end
return hosts[host].users.user_exists(username);
@@ -211,6 +217,7 @@ return {
test_password = test_password;
get_password = get_password;
set_password = set_password;
+ get_account_info = get_account_info;
user_exists = user_exists;
create_user = create_user;
delete_user = delete_user;
diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua
index cf851eef..397d82e9 100644
--- a/plugins/mod_auth_internal_hashed.lua
+++ b/plugins/mod_auth_internal_hashed.lua
@@ -86,11 +86,21 @@ function provider.set_password(username, password)
account.server_key = server_key_hex
account.password = nil;
+ account.updated = os.time();
return accounts:set(username, account);
end
return nil, "Account not available.";
end
+function provider.get_account_info(username)
+ local account = accounts:get(username);
+ if not account then return nil, "Account not available"; end
+ return {
+ created = account.created;
+ password_updated = account.updated;
+ };
+end
+
function provider.user_exists(username)
local account = accounts:get(username);
if not account then
@@ -115,9 +125,11 @@ function provider.create_user(username, password)
end
local stored_key_hex = to_hex(stored_key);
local server_key_hex = to_hex(server_key);
+ local now = os.time();
return accounts:set(username, {
stored_key = stored_key_hex, server_key = server_key_hex,
- salt = salt, iteration_count = default_iteration_count
+ salt = salt, iteration_count = default_iteration_count,
+ created = now, updated = now;
});
end
diff --git a/plugins/mod_auth_internal_plain.lua b/plugins/mod_auth_internal_plain.lua
index 8a50e820..0f65323c 100644
--- a/plugins/mod_auth_internal_plain.lua
+++ b/plugins/mod_auth_internal_plain.lua
@@ -48,11 +48,21 @@ function provider.set_password(username, password)
local account = accounts:get(username);
if account then
account.password = password;
+ account.updated = os.time();
return accounts:set(username, account);
end
return nil, "Account not available.";
end
+function provider.get_account_info(username)
+ local account = accounts:get(username);
+ if not account then return nil, "Account not available"; end
+ return {
+ created = account.created;
+ password_updated = account.updated;
+ };
+end
+
function provider.user_exists(username)
local account = accounts:get(username);
if not account then
@@ -71,7 +81,11 @@ function provider.create_user(username, password)
if not password then
return nil, "Password fails SASLprep.";
end
- return accounts:set(username, {password = password});
+ local now = os.time();
+ return accounts:set(username, {
+ password = password;
+ created = now, updated = now;
+ });
end
function provider.delete_user(username)