diff options
author | Kim Alvefur <zash@zash.se> | 2022-08-18 19:00:01 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2022-08-18 19:00:01 +0200 |
commit | 96e172167d9b0d135d2937a83b252700f458f4fe (patch) | |
tree | aa0cc2ffc3d7a80d8028dbaa6d382fb2bb1a21a0 | |
parent | 742153c55540bd9de365e775bd71c5c4544d88f8 (diff) | |
download | prosody-96e172167d9b0d135d2937a83b252700f458f4fe.tar.gz prosody-96e172167d9b0d135d2937a83b252700f458f4fe.zip |
mod_admin_shell: Ensure account has role before it is usable
By creating the account first without a password it can't be used until
the role has set. This is most important for restricted accounts, as a
failure to set the role would lead to the account having more privileges
than indented.
-rw-r--r-- | plugins/mod_admin_shell.lua | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua index 087b8768..49e07dae 100644 --- a/plugins/mod_admin_shell.lua +++ b/plugins/mod_admin_shell.lua @@ -1390,16 +1390,24 @@ function def_env.user:create(jid, password, role) elseif um.user_exists(username, host) then return nil, "User exists"; end - local ok, err = um.create_user(username, password, host); - if ok then - if ok and role then - local role_ok, rerr = um.set_user_role(jid, host, role); - if not role_ok then return nil, "User created, but could not set role: " .. tostring(rerr); end - end - return true, "User created"; - else + local ok, err = um.create_user(username, nil, host); + if not ok then return nil, "Could not create user: "..err; end + + if role then + local role_ok, rerr = um.set_user_role(jid, host, role); + if not role_ok then + return nil, "Could not set role: " .. tostring(rerr); + end + end + + local ok, err = um.set_password(username, password, host, nil); + if not ok then + return nil, "Could not set password for user: "..err; + end + + return true, "User created"; end function def_env.user:delete(jid) |