diff options
Diffstat (limited to 'plugins/mod_register.lua')
| -rw-r--r-- | plugins/mod_register.lua | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua index eaeb8867..c04eca0a 100644 --- a/plugins/mod_register.lua +++ b/plugins/mod_register.lua @@ -13,6 +13,7 @@ local usermanager_user_exists = require "core.usermanager".user_exists; local usermanager_create_user = require "core.usermanager".create_user; local datamanager_store = require "util.datamanager".store; local os_time = os.time; +local nodeprep = require "util.encodings".stringprep.nodeprep; module:add_feature("jabber:iq:register"); @@ -29,22 +30,23 @@ module:add_iq_handler("c2s", "jabber:iq:register", function (session, stanza) elseif stanza.attr.type == "set" then if query.tags[1] and query.tags[1].name == "remove" then -- TODO delete user auth data, send iq response, kick all user resources with a <not-authorized/>, delete all user data + local username, host = session.username, session.host; --session.send(st.error_reply(stanza, "cancel", "not-allowed")); --return; - usermanager_create_user(session.username, nil, session.host); -- Disable account + usermanager_create_user(username, nil, host); -- Disable account -- FIXME the disabling currently allows a different user to recreate the account -- we should add an in-memory account block mode when we have threading session.send(st.reply(stanza)); local roster = session.roster; - for _, session in pairs(hosts[session.host].sessions[session.username].sessions) do -- disconnect all resources + for _, session in pairs(hosts[host].sessions[username].sessions) do -- disconnect all resources session:close({condition = "not-authorized", text = "Account deleted"}); end -- TODO datamanager should be able to delete all user data itself - datamanager.store(session.username, session.host, "roster", nil); - datamanager.store(session.username, session.host, "vcard", nil); - datamanager.store(session.username, session.host, "private", nil); - datamanager.store(session.username, session.host, "offline", nil); - --local bare = session.username.."@"..session.host; + datamanager.store(username, host, "roster", nil); + datamanager.store(username, host, "vcard", nil); + datamanager.store(username, host, "private", nil); + datamanager.store(username, host, "offline", nil); + --local bare = username.."@"..host; for jid, item in pairs(roster) do if jid ~= "pending" then if item.subscription == "both" or item.subscription == "to" then @@ -55,13 +57,13 @@ module:add_iq_handler("c2s", "jabber:iq:register", function (session, stanza) end end end - datamanager.store(session.username, session.host, "accounts", nil); -- delete accounts datastore at the end + datamanager.store(username, host, "accounts", nil); -- delete accounts datastore at the end else local username = query:child_with_name("username"); local password = query:child_with_name("password"); if username and password then -- FIXME shouldn't use table.concat - username = table.concat(username); + username = nodeprep(table.concat(username)); password = table.concat(password); if username == session.username then if usermanager_create_user(username, password, session.host) then -- password change -- TODO is this the right way? @@ -132,7 +134,7 @@ module:add_iq_handler("c2s_unauthed", "jabber:iq:register", function (session, s end end -- FIXME shouldn't use table.concat - username = table.concat(username); + username = nodeprep(table.concat(username)); password = table.concat(password); if usermanager_user_exists(username, session.host) then session.send(st.error_reply(stanza, "cancel", "conflict")); |