1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
|
local id = require "prosody.util.id";
local it = require "prosody.util.iterators";
local url = require "socket.url";
local jid_node = require "prosody.util.jid".node;
local jid_split = require "prosody.util.jid".split;
local argparse = require "prosody.util.argparse";
local human_io = require "prosody.util.human.io";
local url_escape = require "prosody.util.http".urlencode;
local render_url = require "prosody.util.interpolation".new("%b{}", url_escape, {
urlescape = url_escape;
noscheme = function (urlstring)
return (urlstring:gsub("^[^:]+:", ""));
end;
});
local default_ttl = module:get_option_period("invite_expiry", "1 week");
local token_storage;
if prosody.process_type == "prosody" or prosody.shutdown then
token_storage = module:open_store("invite_token", "map");
end
local function get_uri(action, jid, token, params) --> string
return url.build({
scheme = "xmpp",
path = jid,
query = action..";preauth="..token..(params and (";"..params) or ""),
});
end
local function create_invite(invite_action, invite_jid, allow_registration, additional_data, ttl, reusable)
local token = id.medium();
local created_at = os.time();
local expires = created_at + (ttl or default_ttl);
local invite_params = (invite_action == "roster" and allow_registration) and "ibr=y" or nil;
local invite = {
type = invite_action;
jid = invite_jid;
token = token;
allow_registration = allow_registration;
additional_data = additional_data;
uri = get_uri(invite_action, invite_jid, token, invite_params);
created_at = created_at;
expires = expires;
reusable = reusable;
};
module:fire_event("invite-created", invite);
if allow_registration then
local ok, err = token_storage:set(nil, token, invite);
if not ok then
module:log("warn", "Failed to store account invite: %s", err);
return nil, "internal-server-error";
end
end
if invite_action == "roster" then
local username = jid_node(invite_jid);
local ok, err = token_storage:set(username, token, expires);
if not ok then
module:log("warn", "Failed to store subscription invite: %s", err);
return nil, "internal-server-error";
end
end
return invite;
end
-- Create invitation to register an account (optionally restricted to the specified username)
function create_account(account_username, additional_data, ttl) --luacheck: ignore 131/create_account
local jid = account_username and (account_username.."@"..module.host) or module.host;
return create_invite("register", jid, true, additional_data, ttl);
end
-- Create invitation to reset the password for an account
function create_account_reset(account_username, ttl) --luacheck: ignore 131/create_account_reset
return create_account(account_username, { allow_reset = account_username }, ttl or 86400);
end
-- Create invitation to become a contact of a local user
function create_contact(username, allow_registration, additional_data, ttl) --luacheck: ignore 131/create_contact
return create_invite("roster", username.."@"..module.host, allow_registration, additional_data, ttl);
end
-- Create invitation to register an account and join a user group
-- If explicit ttl is passed, invite is valid for multiple signups
-- during that time period
function create_group(group_ids, additional_data, ttl) --luacheck: ignore 131/create_group
local merged_additional_data = {
groups = group_ids;
};
if additional_data then
for k, v in pairs(additional_data) do
merged_additional_data[k] = v;
end
end
return create_invite("register", module.host, true, merged_additional_data, ttl, not not ttl);
end
-- Iterates pending (non-expired, unused) invites that allow registration
function pending_account_invites() --luacheck: ignore 131/pending_account_invites
local store = module:open_store("invite_token");
local now = os.time();
local function is_valid_invite(_, invite)
return invite.expires > now;
end
return it.filter(is_valid_invite, pairs(store:get(nil) or {}));
end
function get_account_invite_info(token) --luacheck: ignore 131/get_account_invite_info
if not token then
return nil, "no-token";
end
-- Fetch from host store (account invite)
local token_info = token_storage:get(nil, token);
if not token_info then
return nil, "token-invalid";
elseif os.time() > token_info.expires then
return nil, "token-expired";
end
return token_info;
end
function delete_account_invite(token) --luacheck: ignore 131/delete_account_invite
if not token then
return nil, "no-token";
end
return token_storage:set(nil, token, nil);
end
local valid_invite_methods = {};
local valid_invite_mt = { __index = valid_invite_methods };
function valid_invite_methods:use()
if self.reusable then
return true;
end
if self.username then
-- Also remove the contact invite if present, on the
-- assumption that they now have a mutual subscription
token_storage:set(self.username, self.token, nil);
end
token_storage:set(nil, self.token, nil);
return true;
end
-- Get a validated invite (or nil, err). Must call :use() on the
-- returned invite after it is actually successfully used
-- For "roster" invites, the username of the local user (who issued
-- the invite) must be passed.
-- If no username is passed, but the registration is a roster invite
-- from a local user, the "inviter" field of the returned invite will
-- be set to their username.
function get(token, username)
if not token then
return nil, "no-token";
end
local valid_until, inviter;
-- Fetch from host store (account invite)
local token_info = token_storage:get(nil, token);
if username then -- token being used for subscription
-- Fetch from user store (subscription invite)
valid_until = token_storage:get(username, token);
else -- token being used for account creation
valid_until = token_info and token_info.expires;
if token_info and token_info.type == "roster" then
username = jid_node(token_info.jid);
inviter = username;
end
end
if not valid_until then
module:log("debug", "Got unknown token: %s", token);
return nil, "token-invalid";
elseif os.time() > valid_until then
module:log("debug", "Got expired token: %s", token);
return nil, "token-expired";
end
return setmetatable({
token = token;
username = username;
inviter = inviter;
type = token_info and token_info.type or "roster";
uri = token_info and token_info.uri or get_uri("roster", username.."@"..module.host, token);
additional_data = token_info and token_info.additional_data or nil;
reusable = token_info and token_info.reusable or false;
}, valid_invite_mt);
end
function use(token) --luacheck: ignore 131/use
local invite = get(token);
return invite and invite:use();
end
-- Point at e.g. a deployment of https://github.com/modernxmpp/easy-xmpp-invitation
-- This URL must always be absolute, as it is shared standalone
local invite_url_template = module:get_option_string("invites_page");
local invites_page_supports = module:get_option_set("invites_page_supports", { "account", "contact", "account-and-contact" });
local function add_landing_url(invite)
if not invite_url_template or invite.landing_page then return; end
-- Determine whether this type of invitation is supported by the landing page
local invite_type;
if invite.type == "register" then
invite_type = "account";
elseif invite.type == "roster" then
if invite.allow_registration then
invite_type = "account-and-contact";
else
invite_type = "contact-only";
end
end
if not invites_page_supports:contains(invite_type) then
return; -- Invitation type unsupported
end
invite.landing_page = render_url(invite_url_template, { host = module.host, invite = invite });
end
module:hook("invite-created", add_landing_url, -1);
--- shell command
-- COMPAT: Dynamic groups are work in progress as of 13.0, so we'll use the
-- presence of mod_invites_groups (a community module) to determine whether to
-- expose our support for invites to groups.
local have_group_invites = module:get_option_inherited_set("modules_enabled"):contains("invites_groups");
module:add_item("shell-command", {
section = "invite";
section_desc = "Create and manage invitations";
name = "create_account";
desc = "Create an invitation to make an account on this server with the specified JID (supply only a hostname to allow any username)";
args = {
{ name = "user_jid", type = "string" };
};
host_selector = "user_jid";
flags = {
array_params = { role = true, group = have_group_invites };
value_params = { expires_after = true };
};
handler = function (self, user_jid, opts) --luacheck: ignore 212/self
local username = jid_split(user_jid);
local roles = opts and opts.role or {};
local groups = opts and opts.group or {};
if opts and opts.admin then
-- Insert it first since we don't get order out of argparse
table.insert(roles, 1, "prosody:admin");
end
local ttl;
if opts and opts.expires_after then
ttl = human_io.parse_duration(opts.expires_after);
if not ttl then
return false, "Unable to parse duration: "..opts.expires_after;
end
end
local invite = assert(create_account(username, {
roles = roles;
groups = groups;
}, ttl));
return true, invite.landing_page or invite.uri;
end;
});
module:add_item("shell-command", {
section = "invite";
section_desc = "Create and manage invitations";
name = "create_reset";
desc = "Create a password reset link for the specified user";
args = { { name = "user_jid", type = "string" } };
host_selector = "user_jid";
flags = {
value_params = { expires_after = true };
};
handler = function (self, user_jid, opts) --luacheck: ignore 212/self
local username = jid_split(user_jid);
if not username then
return nil, "Supply the JID of the account you want to generate a password reset for";
end
local duration_sec = require "prosody.util.human.io".parse_duration(opts and opts.expires_after or "1d");
if not duration_sec then
return nil, "Unable to parse duration: "..opts.expires_after;
end
local invite, err = create_account_reset(username, duration_sec);
if not invite then return nil, err; end
self.session.print(invite.landing_page or invite.uri);
return true, ("Password reset link for %s valid until %s"):format(user_jid, os.date("%Y-%m-%d %T", invite.expires));
end;
});
module:add_item("shell-command", {
section = "invite";
section_desc = "Create and manage invitations";
name = "create_contact";
desc = "Create an invitation to become contacts with the specified user";
args = { { name = "user_jid", type = "string" } };
host_selector = "user_jid";
flags = {
value_params = { expires_after = true };
kv_params = { allow_registration = true };
};
handler = function (self, user_jid, opts) --luacheck: ignore 212/self
local username = jid_split(user_jid);
if not username then
return nil, "Supply the JID of the account you want the recipient to become a contact of";
end
local ttl;
if opts and opts.expires_after then
ttl = require "prosody.util.human.io".parse_duration(opts.expires_after);
if not ttl then
return nil, "Unable to parse duration: "..opts.expires_after;
end
end
local invite, err = create_contact(username, opts and opts.allow_registration, nil, ttl);
if not invite then return nil, err; end
return true, invite.landing_page or invite.uri;
end;
});
module:add_item("shell-command", {
section = "invite";
section_desc = "Create and manage invitations";
name = "show";
desc = "Show details of an account invitation token";
args = { { name = "host", type = "string" }, { name = "token", type = "string" } };
host_selector = "host";
handler = function (self, host, token) --luacheck: ignore 212/self 212/host
local invite, err = get_account_invite_info(token);
if not invite then return nil, err; end
local print = self.session.print;
if invite.type == "roster" then
print("Invitation to register and become a contact of "..invite.jid);
elseif invite.type == "register" then
local jid_user, jid_host = jid_split(invite.jid);
if invite.additional_data and invite.additional_data.allow_reset then
print("Password reset for "..invite.additional_data.allow_reset.."@"..jid_host);
elseif jid_user then
print("Invitation to register on "..jid_host.." with username '"..jid_user.."'");
else
print("Invitation to register on "..jid_host);
end
else
print("Unknown invitation type");
end
if invite.inviter then
print("Creator:", invite.inviter);
end
print("Created:", os.date("%Y-%m-%d %T", invite.created_at));
print("Expires:", os.date("%Y-%m-%d %T", invite.expires));
print("");
if invite.uri then
print("XMPP URI:", invite.uri);
end
if invite.landing_page then
print("Web link:", invite.landing_page);
end
if invite.additional_data then
print("");
if invite.additional_data.roles then
if invite.additional_data.roles[1] then
print("Role:", invite.additional_data.roles[1]);
end
if invite.additional_data.roles[2] then
print("Secondary roles:", table.concat(invite.additional_data.roles, ", ", 2, #invite.additional_data.roles));
end
end
if invite.additional_data.groups then
print("Groups:", table.concat(invite.additional_data.groups, ", "));
end
if invite.additional_data.note then
print("Comment:", invite.additional_data.note);
end
end
return true, "Invitation valid";
end;
});
module:add_item("shell-command", {
section = "invite";
section_desc = "Create and manage invitations";
name = "delete";
desc = "Delete/revoke an invitation token";
args = { { name = "host", type = "string" }, { name = "token", type = "string" } };
host_selector = "host";
handler = function (self, host, token) --luacheck: ignore 212/self 212/host
local invite, err = delete_account_invite(token);
if not invite then return nil, err; end
return true, "Invitation deleted";
end;
});
module:add_item("shell-command", {
section = "invite";
section_desc = "Create and manage invitations";
name = "list";
desc = "List pending invitations which allow account registration";
args = { { name = "host", type = "string" } };
host_selector = "host";
handler = function (self, host) -- luacheck: ignore 212/host
local print_row = human_io.table({
{
title = "Token";
key = "invite";
width = 24;
mapper = function (invite)
return invite.token;
end;
};
{
title = "Expires";
key = "invite";
width = 20;
mapper = function (invite)
return os.date("%Y-%m-%dT%T", invite.expires);
end;
};
{
title = "Description";
key = "invite";
width = "100%";
mapper = function (invite)
if invite.type == "roster" then
return "Contact with "..invite.jid;
elseif invite.type == "register" then
local jid_user, jid_host = jid_split(invite.jid);
if invite.additional_data and invite.additional_data.allow_reset then
return "Password reset for "..invite.additional_data.allow_reset.."@"..jid_host;
end
if jid_user then
return "Register on "..jid_host.." with username "..jid_user;
end
return "Register on "..jid_host;
end
end;
};
}, self.session.width);
self.session.print(print_row());
local count = 0;
for _, invite in pending_account_invites() do
count = count + 1;
self.session.print(print_row({ invite = invite }));
end
return true, ("%d pending invites"):format(count);
end;
});
local subcommands = {};
--- prosodyctl command
function module.command(arg)
local opts = argparse.parse(arg, { short_params = { h = "help"; ["?"] = "help" } });
local cmd = table.remove(arg, 1); -- pop command
if opts.help or not cmd or not subcommands[cmd] then
print("usage: prosodyctl mod_"..module.name.." generate example.com");
return 2;
end
return subcommands[cmd](arg);
end
function subcommands.generate()
print("This command is deprecated. Please see 'prosodyctl shell help invite' for available commands.");
return 1;
end
|
