aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2022-08-15 15:25:07 +0100
committerMatthew Wild <mwild1@gmail.com>2022-08-15 15:25:07 +0100
commitae3a89375d7dcb1df54c072ddebe2a60248c58b0 (patch)
treeec938798877f70739c94681a5def6c6dbdf76eb7
parent7ccf41ebb5e7a1a21fdf5945c5dd157e40b7024c (diff)
downloadprosody-ae3a89375d7dcb1df54c072ddebe2a60248c58b0.tar.gz
prosody-ae3a89375d7dcb1df54c072ddebe2a60248c58b0.zip
usermanager: Add back temporary is_admin to warn about deprecated API usage
Goal: Introduce role-auth with minimal disruption is_admin() is unsafe in a system with per-session permissions, so it has been deprecated. Roll-out approach: 1) First, log a warning when is_admin() is used. It should continue to function normally, backed by the new role API. Nothing is really using per-session authz yet, so there is minimal security concern. The 'strict_deprecate_is_admin' global setting can be set to 'true' to force a hard failure of is_admin() attempts (it will log an error and always return false). 2) In some time (at least 1 week), but possibly longer depending on the number of affected deployments: switch 'strict_deprecate_is_admin' to 'true' by default. It can still be disabled for systems that need it. 3) Further in the future, before the next release, the option will be removed and is_admin() will be permanently disabled.
-rw-r--r--core/usermanager.lua19
1 files changed, 19 insertions, 0 deletions
diff --git a/core/usermanager.lua b/core/usermanager.lua
index 2311ce9e..0a2f5c4d 100644
--- a/core/usermanager.lua
+++ b/core/usermanager.lua
@@ -21,6 +21,8 @@ local setmetatable = setmetatable;
local default_provider = "internal_hashed";
+local debug = debug;
+
local _ENV = nil;
-- luacheck: std none
@@ -183,6 +185,20 @@ local function set_jid_role(jid, host, role_name)
return hosts[host].authz.set_jid_role(jid, role_name)
end
+local strict_deprecate_is_admin;
+local legacy_admin_roles = { ["prosody:admin"] = true, ["prosody:operator"] = true };
+local function is_admin(jid, host)
+ if strict_deprecate_is_admin == nil then
+ strict_deprecate_is_admin = (config.get("*", "strict_deprecate_is_admin") == true);
+ end
+ if strict_deprecate_is_admin then
+ log("error", "Attempt to use deprecated is_admin() API: %s", debug.traceback());
+ return false;
+ end
+ log("warn", "Usage of legacy is_admin() API, which will be disabled in a future build: %s", debug.traceback());
+ return legacy_admin_roles[get_jid_role(jid, host)] or false;
+end
+
local function get_users_with_role(role, host)
if not hosts[host] then return false; end
if type(role) ~= "string" then return false; end
@@ -222,4 +238,7 @@ return {
set_jid_role = set_jid_role;
get_jids_with_role = get_jids_with_role;
get_role_by_name = get_role_by_name;
+
+ -- Deprecated
+ is_admin = is_admin;
};