2002-12-08 18:23:21 +01:00
|
|
|
%%%----------------------------------------------------------------------
|
|
|
|
%%% File : mod_register.erl
|
2007-12-24 13:58:05 +01:00
|
|
|
%%% Author : Alexey Shchepin <alexey@process-one.net>
|
2005-06-20 05:18:13 +02:00
|
|
|
%%% Purpose : Inband registration support
|
2007-12-24 13:58:05 +01:00
|
|
|
%%% Created : 8 Dec 2002 by Alexey Shchepin <alexey@process-one.net>
|
|
|
|
%%%
|
|
|
|
%%%
|
2023-01-09 17:09:06 +01:00
|
|
|
%%% ejabberd, Copyright (C) 2002-2023 ProcessOne
|
2007-12-24 13:58:05 +01:00
|
|
|
%%%
|
|
|
|
%%% This program is free software; you can redistribute it and/or
|
|
|
|
%%% modify it under the terms of the GNU General Public License as
|
|
|
|
%%% published by the Free Software Foundation; either version 2 of the
|
|
|
|
%%% License, or (at your option) any later version.
|
|
|
|
%%%
|
|
|
|
%%% This program is distributed in the hope that it will be useful,
|
|
|
|
%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
%%% General Public License for more details.
|
2009-01-12 15:44:42 +01:00
|
|
|
%%%
|
2014-02-22 11:27:40 +01:00
|
|
|
%%% You should have received a copy of the GNU General Public License along
|
|
|
|
%%% with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2007-12-24 13:58:05 +01:00
|
|
|
%%%
|
2002-12-08 18:23:21 +01:00
|
|
|
%%%----------------------------------------------------------------------
|
|
|
|
|
|
|
|
-module(mod_register).
|
2013-03-14 10:33:02 +01:00
|
|
|
|
2007-12-24 13:58:05 +01:00
|
|
|
-author('alexey@process-one.net').
|
2002-12-08 18:23:21 +01:00
|
|
|
|
2015-05-21 17:02:36 +02:00
|
|
|
-protocol({xep, 77, '2.4'}).
|
|
|
|
|
2003-01-24 21:18:33 +01:00
|
|
|
-behaviour(gen_mod).
|
|
|
|
|
2017-02-22 17:46:47 +01:00
|
|
|
-export([start/2, stop/1, reload/3, stream_feature_register/2,
|
2021-12-03 12:16:20 +01:00
|
|
|
c2s_unauthenticated_packet/2, try_register/4, try_register/5,
|
2016-07-27 17:06:54 +02:00
|
|
|
process_iq/1, send_registration_notifications/3,
|
2019-06-14 11:33:26 +02:00
|
|
|
mod_opt_type/1, mod_options/1, depends/2,
|
2020-01-08 10:24:51 +01:00
|
|
|
format_error/1, mod_doc/0]).
|
2002-12-08 18:23:21 +01:00
|
|
|
|
2021-12-03 12:16:20 +01:00
|
|
|
-deprecated({try_register, 4}).
|
|
|
|
|
2013-04-08 11:12:54 +02:00
|
|
|
-include("logger.hrl").
|
2020-09-03 13:45:57 +02:00
|
|
|
-include_lib("xmpp/include/xmpp.hrl").
|
2019-04-23 20:05:21 +02:00
|
|
|
-include("translate.hrl").
|
2002-12-08 18:23:21 +01:00
|
|
|
|
2023-08-04 17:53:50 +02:00
|
|
|
start(_Host, _Opts) ->
|
2016-11-30 11:09:17 +01:00
|
|
|
ejabberd_mnesia:create(?MODULE, mod_register_ip,
|
2013-03-14 10:33:02 +01:00
|
|
|
[{ram_copies, [node()]}, {local_content, true},
|
2008-04-22 23:51:32 +02:00
|
|
|
{attributes, [key, value]}]),
|
2023-08-04 17:53:50 +02:00
|
|
|
{ok, [{iq_handler, ejabberd_local, ?NS_REGISTER, process_iq},
|
|
|
|
{iq_handler, ejabberd_sm, ?NS_REGISTER, process_iq},
|
|
|
|
{hook, c2s_pre_auth_features, stream_feature_register, 50},
|
|
|
|
{hook, c2s_unauthenticated_packet, c2s_unauthenticated_packet, 50}]}.
|
2002-12-11 21:57:45 +01:00
|
|
|
|
2023-08-04 17:53:50 +02:00
|
|
|
stop(_Host) ->
|
|
|
|
ok.
|
2005-07-15 00:28:21 +02:00
|
|
|
|
2018-02-11 10:54:15 +01:00
|
|
|
reload(_Host, _NewOpts, _OldOpts) ->
|
|
|
|
ok.
|
2017-02-22 17:46:47 +01:00
|
|
|
|
2016-07-06 13:58:48 +02:00
|
|
|
depends(_Host, _Opts) ->
|
|
|
|
[].
|
|
|
|
|
2016-08-09 09:56:32 +02:00
|
|
|
-spec stream_feature_register([xmpp_element()], binary()) -> [xmpp_element()].
|
2018-12-01 07:21:41 +01:00
|
|
|
stream_feature_register(Acc, Host) ->
|
2019-06-14 11:33:26 +02:00
|
|
|
case {mod_register_opt:access(Host),
|
|
|
|
mod_register_opt:ip_access(Host),
|
|
|
|
mod_register_opt:redirect_url(Host)} of
|
|
|
|
{none, _, undefined} -> Acc;
|
|
|
|
{_, none, undefined} -> Acc;
|
2018-12-01 07:21:41 +01:00
|
|
|
{_, _, _} -> [#feature_register{}|Acc]
|
|
|
|
end.
|
2005-07-15 00:28:21 +02:00
|
|
|
|
2016-12-28 07:47:11 +01:00
|
|
|
c2s_unauthenticated_packet(#{ip := IP, server := Server} = State,
|
2016-12-11 13:03:37 +01:00
|
|
|
#iq{type = T, sub_els = [_]} = IQ)
|
|
|
|
when T == set; T == get ->
|
2017-12-11 07:46:26 +01:00
|
|
|
try xmpp:try_subtag(IQ, #register{}) of
|
2017-01-23 11:51:05 +01:00
|
|
|
#register{} = Register ->
|
2016-12-11 13:03:37 +01:00
|
|
|
{Address, _} = IP,
|
2017-01-23 11:51:05 +01:00
|
|
|
IQ1 = xmpp:set_els(IQ, [Register]),
|
|
|
|
IQ2 = xmpp:set_from_to(IQ1, jid:make(<<>>), jid:make(Server)),
|
|
|
|
ResIQ = process_iq(IQ2, Address),
|
2016-12-11 13:03:37 +01:00
|
|
|
ResIQ1 = xmpp:set_from_to(ResIQ, jid:make(Server), undefined),
|
|
|
|
{stop, ejabberd_c2s:send(State, ResIQ1)};
|
|
|
|
false ->
|
2016-12-28 07:47:11 +01:00
|
|
|
State
|
2017-12-11 07:46:26 +01:00
|
|
|
catch _:{xmpp_codec, Why} ->
|
|
|
|
Txt = xmpp:io_format_error(Why),
|
|
|
|
Lang = maps:get(lang, State),
|
2017-12-11 08:00:16 +01:00
|
|
|
Err = xmpp:make_error(IQ, xmpp:err_bad_request(Txt, Lang)),
|
2017-12-11 07:46:26 +01:00
|
|
|
{stop, ejabberd_c2s:send(State, Err)}
|
2016-12-11 13:03:37 +01:00
|
|
|
end;
|
2016-12-28 07:47:11 +01:00
|
|
|
c2s_unauthenticated_packet(State, _) ->
|
|
|
|
State.
|
2005-07-15 00:28:21 +02:00
|
|
|
|
2016-07-27 17:06:54 +02:00
|
|
|
process_iq(#iq{from = From} = IQ) ->
|
|
|
|
process_iq(IQ, jid:tolower(From)).
|
2008-04-22 23:51:32 +02:00
|
|
|
|
2016-07-27 17:06:54 +02:00
|
|
|
process_iq(#iq{from = From, to = To} = IQ, Source) ->
|
|
|
|
IsCaptchaEnabled =
|
2019-06-14 11:33:26 +02:00
|
|
|
case mod_register_opt:captcha_protected(To#jid.lserver) of
|
2016-07-27 17:06:54 +02:00
|
|
|
true -> true;
|
|
|
|
false -> false
|
|
|
|
end,
|
|
|
|
Server = To#jid.lserver,
|
2019-06-14 11:33:26 +02:00
|
|
|
Access = mod_register_opt:access_remove(Server),
|
2020-09-29 06:11:30 +02:00
|
|
|
Remove = case {acl:match_rule(Server, Access, From), From#jid.lserver} of
|
|
|
|
{allow, Server} ->
|
|
|
|
allow;
|
|
|
|
{_, _} ->
|
|
|
|
deny
|
|
|
|
end,
|
2019-11-24 14:21:01 +01:00
|
|
|
process_iq(IQ, Source, IsCaptchaEnabled, Remove == allow).
|
2016-07-27 17:06:54 +02:00
|
|
|
|
|
|
|
process_iq(#iq{type = set, lang = Lang,
|
|
|
|
sub_els = [#register{remove = true}]} = IQ,
|
|
|
|
_Source, _IsCaptchaEnabled, _AllowRemove = false) ->
|
2019-06-22 16:08:45 +02:00
|
|
|
Txt = ?T("Access denied by service policy"),
|
2016-07-27 17:06:54 +02:00
|
|
|
xmpp:make_error(IQ, xmpp:err_forbidden(Txt, Lang));
|
|
|
|
process_iq(#iq{type = set, lang = Lang, to = To, from = From,
|
|
|
|
sub_els = [#register{remove = true,
|
|
|
|
username = User,
|
|
|
|
password = Password}]} = IQ,
|
|
|
|
_Source, _IsCaptchaEnabled, _AllowRemove = true) ->
|
|
|
|
Server = To#jid.lserver,
|
|
|
|
if is_binary(User) ->
|
|
|
|
case From of
|
|
|
|
#jid{user = User, lserver = Server} ->
|
2019-11-24 13:43:38 +01:00
|
|
|
ResIQ = xmpp:make_iq_result(IQ),
|
|
|
|
ejabberd_router:route(ResIQ),
|
2016-07-27 17:06:54 +02:00
|
|
|
ejabberd_auth:remove_user(User, Server),
|
2019-11-24 13:43:38 +01:00
|
|
|
ignore;
|
2016-07-27 17:06:54 +02:00
|
|
|
_ ->
|
|
|
|
if is_binary(Password) ->
|
2019-11-24 13:43:38 +01:00
|
|
|
case ejabberd_auth:check_password(
|
|
|
|
User, <<"">>, Server, Password) of
|
|
|
|
true ->
|
|
|
|
ResIQ = xmpp:make_iq_result(IQ),
|
|
|
|
ejabberd_router:route(ResIQ),
|
|
|
|
ejabberd_auth:remove_user(User, Server),
|
|
|
|
ignore;
|
|
|
|
false ->
|
|
|
|
Txt = ?T("Incorrect password"),
|
|
|
|
xmpp:make_error(
|
|
|
|
IQ, xmpp:err_forbidden(Txt, Lang))
|
|
|
|
end;
|
2016-07-27 17:06:54 +02:00
|
|
|
true ->
|
2019-06-22 16:08:45 +02:00
|
|
|
Txt = ?T("No 'password' found in this query"),
|
2016-07-27 17:06:54 +02:00
|
|
|
xmpp:make_error(IQ, xmpp:err_bad_request(Txt, Lang))
|
|
|
|
end
|
|
|
|
end;
|
|
|
|
true ->
|
|
|
|
case From of
|
2016-09-13 11:30:05 +02:00
|
|
|
#jid{luser = LUser, lserver = Server} ->
|
2016-07-27 17:06:54 +02:00
|
|
|
ResIQ = xmpp:make_iq_result(IQ),
|
2017-02-16 09:00:26 +01:00
|
|
|
ejabberd_router:route(xmpp:set_from_to(ResIQ, From, From)),
|
2016-09-13 11:30:05 +02:00
|
|
|
ejabberd_auth:remove_user(LUser, Server),
|
2016-07-27 17:06:54 +02:00
|
|
|
ignore;
|
|
|
|
_ ->
|
2019-06-22 16:08:45 +02:00
|
|
|
Txt = ?T("The query is only allowed from local users"),
|
2016-07-27 17:06:54 +02:00
|
|
|
xmpp:make_error(IQ, xmpp:err_not_allowed(Txt, Lang))
|
|
|
|
end
|
|
|
|
end;
|
|
|
|
process_iq(#iq{type = set, to = To,
|
|
|
|
sub_els = [#register{username = User,
|
|
|
|
password = Password}]} = IQ,
|
|
|
|
Source, IsCaptchaEnabled, _AllowRemove) when is_binary(User),
|
|
|
|
is_binary(Password) ->
|
|
|
|
Server = To#jid.lserver,
|
|
|
|
try_register_or_set_password(
|
|
|
|
User, Server, Password, IQ, Source, not IsCaptchaEnabled);
|
|
|
|
process_iq(#iq{type = set, to = To,
|
|
|
|
lang = Lang, sub_els = [#register{xdata = #xdata{} = X}]} = IQ,
|
|
|
|
Source, true, _AllowRemove) ->
|
|
|
|
Server = To#jid.lserver,
|
2020-10-20 21:43:31 +02:00
|
|
|
XdataC = xmpp_util:set_xdata_field(
|
|
|
|
#xdata_field{
|
|
|
|
var = <<"FORM_TYPE">>,
|
|
|
|
type = hidden, values = [?NS_CAPTCHA]},
|
|
|
|
X),
|
|
|
|
case ejabberd_captcha:process_reply(XdataC) of
|
2016-07-27 17:06:54 +02:00
|
|
|
ok ->
|
|
|
|
case process_xdata_submit(X) of
|
|
|
|
{ok, User, Password} ->
|
|
|
|
try_register_or_set_password(
|
|
|
|
User, Server, Password, IQ, Source, true);
|
|
|
|
_ ->
|
2019-06-22 16:08:45 +02:00
|
|
|
Txt = ?T("Incorrect data form"),
|
2016-07-27 17:06:54 +02:00
|
|
|
xmpp:make_error(IQ, xmpp:err_bad_request(Txt, Lang))
|
|
|
|
end;
|
|
|
|
{error, malformed} ->
|
2019-06-22 16:08:45 +02:00
|
|
|
Txt = ?T("Incorrect CAPTCHA submit"),
|
2016-07-27 17:06:54 +02:00
|
|
|
xmpp:make_error(IQ, xmpp:err_bad_request(Txt, Lang));
|
|
|
|
_ ->
|
2019-06-22 16:08:45 +02:00
|
|
|
ErrText = ?T("The CAPTCHA verification has failed"),
|
2016-07-27 17:06:54 +02:00
|
|
|
xmpp:make_error(IQ, xmpp:err_not_allowed(ErrText, Lang))
|
|
|
|
end;
|
|
|
|
process_iq(#iq{type = set} = IQ, _Source, _IsCaptchaEnabled, _AllowRemove) ->
|
|
|
|
xmpp:make_error(IQ, xmpp:err_bad_request());
|
|
|
|
process_iq(#iq{type = get, from = From, to = To, id = ID, lang = Lang} = IQ,
|
|
|
|
Source, IsCaptchaEnabled, _AllowRemove) ->
|
|
|
|
Server = To#jid.lserver,
|
|
|
|
{IsRegistered, Username} =
|
|
|
|
case From of
|
|
|
|
#jid{user = User, lserver = Server} ->
|
2017-05-11 14:49:06 +02:00
|
|
|
case ejabberd_auth:user_exists(User, Server) of
|
2016-07-27 17:06:54 +02:00
|
|
|
true ->
|
|
|
|
{true, User};
|
|
|
|
false ->
|
|
|
|
{false, User}
|
|
|
|
end;
|
|
|
|
_ ->
|
|
|
|
{false, <<"">>}
|
|
|
|
end,
|
2016-11-26 08:05:22 +01:00
|
|
|
Instr = translate:translate(
|
2019-06-22 16:08:45 +02:00
|
|
|
Lang, ?T("Choose a username and password to register "
|
|
|
|
"with this server")),
|
2019-06-14 11:33:26 +02:00
|
|
|
URL = mod_register_opt:redirect_url(Server),
|
|
|
|
if (URL /= undefined) and not IsRegistered ->
|
2020-11-09 12:20:23 +01:00
|
|
|
Desc = str:translate_and_format(Lang, ?T("To register, visit ~s"), [URL]),
|
2017-09-01 11:14:01 +02:00
|
|
|
xmpp:make_iq_result(
|
|
|
|
IQ, #register{instructions = Desc,
|
|
|
|
sub_els = [#oob_x{url = URL}]});
|
|
|
|
IsCaptchaEnabled and not IsRegistered ->
|
2016-07-27 17:06:54 +02:00
|
|
|
TopInstr = translate:translate(
|
2019-06-22 16:08:45 +02:00
|
|
|
Lang, ?T("You need a client that supports x:data "
|
|
|
|
"and CAPTCHA to register")),
|
2016-07-27 17:06:54 +02:00
|
|
|
UField = #xdata_field{type = 'text-single',
|
2019-06-22 16:08:45 +02:00
|
|
|
label = translate:translate(Lang, ?T("User")),
|
2016-07-27 17:06:54 +02:00
|
|
|
var = <<"username">>,
|
|
|
|
required = true},
|
|
|
|
PField = #xdata_field{type = 'text-private',
|
2019-06-22 16:08:45 +02:00
|
|
|
label = translate:translate(Lang, ?T("Password")),
|
2016-07-27 17:06:54 +02:00
|
|
|
var = <<"password">>,
|
|
|
|
required = true},
|
|
|
|
X = #xdata{type = form, instructions = [Instr],
|
|
|
|
fields = [UField, PField]},
|
|
|
|
case ejabberd_captcha:create_captcha_x(ID, To, Lang, Source, X) of
|
2016-07-28 14:10:41 +02:00
|
|
|
{ok, CaptchaEls} ->
|
2020-10-20 21:43:31 +02:00
|
|
|
{value, XdataC, CaptchaEls2} = lists:keytake(xdata, 1, CaptchaEls),
|
|
|
|
Xdata = xmpp_util:set_xdata_field(
|
|
|
|
#xdata_field{
|
|
|
|
var = <<"FORM_TYPE">>,
|
|
|
|
type = hidden, values = [?NS_REGISTER]},
|
|
|
|
XdataC),
|
2016-07-27 17:06:54 +02:00
|
|
|
xmpp:make_iq_result(
|
|
|
|
IQ, #register{instructions = TopInstr,
|
2020-10-20 21:43:31 +02:00
|
|
|
sub_els = [Xdata | CaptchaEls2]});
|
2016-07-27 17:06:54 +02:00
|
|
|
{error, limit} ->
|
2019-06-22 16:08:45 +02:00
|
|
|
ErrText = ?T("Too many CAPTCHA requests"),
|
2016-07-27 17:06:54 +02:00
|
|
|
xmpp:make_error(
|
|
|
|
IQ, xmpp:err_resource_constraint(ErrText, Lang));
|
|
|
|
_Err ->
|
2019-06-22 16:08:45 +02:00
|
|
|
ErrText = ?T("Unable to generate a CAPTCHA"),
|
2016-07-27 17:06:54 +02:00
|
|
|
xmpp:make_error(
|
|
|
|
IQ, xmpp:err_internal_server_error(ErrText, Lang))
|
|
|
|
end;
|
|
|
|
true ->
|
|
|
|
xmpp:make_iq_result(
|
|
|
|
IQ,
|
2016-11-26 08:05:22 +01:00
|
|
|
#register{instructions = Instr,
|
2016-07-27 17:06:54 +02:00
|
|
|
username = Username,
|
|
|
|
password = <<"">>,
|
|
|
|
registered = IsRegistered})
|
2010-10-24 07:30:16 +02:00
|
|
|
end.
|
|
|
|
|
2013-03-14 10:33:02 +01:00
|
|
|
try_register_or_set_password(User, Server, Password,
|
2016-07-27 17:06:54 +02:00
|
|
|
#iq{from = From, lang = Lang} = IQ,
|
|
|
|
Source, CaptchaSucceed) ->
|
2010-10-24 07:30:16 +02:00
|
|
|
case From of
|
2016-07-27 17:06:54 +02:00
|
|
|
#jid{user = User, lserver = Server} ->
|
|
|
|
try_set_password(User, Server, Password, IQ);
|
|
|
|
_ when CaptchaSucceed ->
|
|
|
|
case check_from(From, Server) of
|
|
|
|
allow ->
|
2021-12-03 12:16:20 +01:00
|
|
|
case try_register(User, Server, Password, Source, ?MODULE, Lang) of
|
2016-07-27 17:06:54 +02:00
|
|
|
ok ->
|
|
|
|
xmpp:make_iq_result(IQ);
|
|
|
|
{error, Error} ->
|
|
|
|
xmpp:make_error(IQ, Error)
|
|
|
|
end;
|
|
|
|
deny ->
|
2019-06-22 16:08:45 +02:00
|
|
|
Txt = ?T("Access denied by service policy"),
|
2016-07-27 17:06:54 +02:00
|
|
|
xmpp:make_error(IQ, xmpp:err_forbidden(Txt, Lang))
|
|
|
|
end;
|
|
|
|
_ ->
|
|
|
|
xmpp:make_error(IQ, xmpp:err_not_allowed())
|
2002-12-08 18:23:21 +01:00
|
|
|
end.
|
|
|
|
|
2019-04-23 20:25:10 +02:00
|
|
|
try_set_password(User, Server, Password) ->
|
2010-10-24 09:17:30 +02:00
|
|
|
case is_strong_password(Server, Password) of
|
2019-04-23 20:25:10 +02:00
|
|
|
true ->
|
|
|
|
ejabberd_auth:set_password(User, Server, Password);
|
|
|
|
error_preparing_password ->
|
|
|
|
{error, invalid_password};
|
|
|
|
false ->
|
|
|
|
{error, weak_password}
|
|
|
|
end.
|
|
|
|
|
|
|
|
try_set_password(User, Server, Password, #iq{lang = Lang, meta = M} = IQ) ->
|
|
|
|
case try_set_password(User, Server, Password) of
|
|
|
|
ok ->
|
2019-09-23 14:17:20 +02:00
|
|
|
?INFO_MSG("~ts has changed password from ~ts",
|
2019-04-23 20:25:10 +02:00
|
|
|
[jid:encode({User, Server, <<"">>}),
|
|
|
|
ejabberd_config:may_hide_data(
|
|
|
|
misc:ip_to_list(maps:get(ip, M, {0,0,0,0})))]),
|
|
|
|
xmpp:make_iq_result(IQ);
|
|
|
|
{error, not_allowed} ->
|
|
|
|
Txt = ?T("Changing password is not allowed"),
|
|
|
|
xmpp:make_error(IQ, xmpp:err_not_allowed(Txt, Lang));
|
|
|
|
{error, invalid_jid = Why} ->
|
|
|
|
xmpp:make_error(IQ, xmpp:err_jid_malformed(format_error(Why), Lang));
|
|
|
|
{error, invalid_password = Why} ->
|
|
|
|
xmpp:make_error(IQ, xmpp:err_not_allowed(format_error(Why), Lang));
|
|
|
|
{error, weak_password = Why} ->
|
|
|
|
xmpp:make_error(IQ, xmpp:err_not_acceptable(format_error(Why), Lang));
|
|
|
|
{error, db_failure = Why} ->
|
|
|
|
xmpp:make_error(IQ, xmpp:err_internal_server_error(format_error(Why), Lang))
|
2008-08-18 20:21:10 +02:00
|
|
|
end.
|
2002-12-08 18:23:21 +01:00
|
|
|
|
2021-12-03 12:16:20 +01:00
|
|
|
try_register(User, Server, Password, SourceRaw, Module) ->
|
|
|
|
Modules = mod_register_opt:allow_modules(Server),
|
|
|
|
case (Modules == all) orelse lists:member(Module, Modules) of
|
|
|
|
true -> try_register(User, Server, Password, SourceRaw);
|
|
|
|
false -> {error, eaccess}
|
|
|
|
end.
|
|
|
|
|
2019-04-23 20:05:21 +02:00
|
|
|
try_register(User, Server, Password, SourceRaw) ->
|
2015-11-24 16:44:13 +01:00
|
|
|
case jid:is_nodename(User) of
|
2019-04-23 20:05:21 +02:00
|
|
|
false ->
|
|
|
|
{error, invalid_jid};
|
|
|
|
true ->
|
|
|
|
case check_access(User, Server, SourceRaw) of
|
|
|
|
deny ->
|
|
|
|
{error, eaccess};
|
|
|
|
allow ->
|
|
|
|
Source = may_remove_resource(SourceRaw),
|
|
|
|
case check_timeout(Source) of
|
2008-04-22 23:51:32 +02:00
|
|
|
true ->
|
2019-04-23 20:05:21 +02:00
|
|
|
case is_strong_password(Server, Password) of
|
|
|
|
true ->
|
|
|
|
case ejabberd_auth:try_register(
|
|
|
|
User, Server, Password) of
|
|
|
|
ok ->
|
|
|
|
ok;
|
|
|
|
{error, _} = Err ->
|
|
|
|
remove_timeout(Source),
|
|
|
|
Err
|
|
|
|
end;
|
|
|
|
false ->
|
|
|
|
remove_timeout(Source),
|
|
|
|
{error, weak_password};
|
2019-04-23 20:25:10 +02:00
|
|
|
error_preparing_password ->
|
2019-04-23 20:05:21 +02:00
|
|
|
remove_timeout(Source),
|
|
|
|
{error, invalid_password}
|
2008-04-22 23:51:32 +02:00
|
|
|
end;
|
|
|
|
false ->
|
2019-04-23 20:05:21 +02:00
|
|
|
{error, wait}
|
|
|
|
end
|
|
|
|
end
|
2002-12-08 18:23:21 +01:00
|
|
|
end.
|
|
|
|
|
2021-12-03 12:16:20 +01:00
|
|
|
try_register(User, Server, Password, SourceRaw, Module, Lang) ->
|
|
|
|
case try_register(User, Server, Password, SourceRaw, Module) of
|
2019-04-23 20:05:21 +02:00
|
|
|
ok ->
|
|
|
|
JID = jid:make(User, Server),
|
|
|
|
Source = may_remove_resource(SourceRaw),
|
2019-09-23 14:17:20 +02:00
|
|
|
?INFO_MSG("The account ~ts was registered from IP address ~ts",
|
2019-04-23 20:05:21 +02:00
|
|
|
[jid:encode({User, Server, <<"">>}),
|
|
|
|
ejabberd_config:may_hide_data(ip_to_string(Source))]),
|
|
|
|
send_welcome_message(JID),
|
|
|
|
send_registration_notifications(?MODULE, JID, Source);
|
|
|
|
{error, invalid_jid = Why} ->
|
|
|
|
{error, xmpp:err_jid_malformed(format_error(Why), Lang)};
|
|
|
|
{error, eaccess = Why} ->
|
|
|
|
{error, xmpp:err_forbidden(format_error(Why), Lang)};
|
|
|
|
{error, wait = Why} ->
|
|
|
|
{error, xmpp:err_resource_constraint(format_error(Why), Lang)};
|
|
|
|
{error, weak_password = Why} ->
|
|
|
|
{error, xmpp:err_not_acceptable(format_error(Why), Lang)};
|
|
|
|
{error, invalid_password = Why} ->
|
|
|
|
{error, xmpp:err_not_acceptable(format_error(Why), Lang)};
|
|
|
|
{error, not_allowed = Why} ->
|
|
|
|
{error, xmpp:err_not_allowed(format_error(Why), Lang)};
|
|
|
|
{error, exists = Why} ->
|
|
|
|
{error, xmpp:err_conflict(format_error(Why), Lang)};
|
|
|
|
{error, db_failure = Why} ->
|
|
|
|
{error, xmpp:err_internal_server_error(format_error(Why), Lang)}
|
|
|
|
end.
|
|
|
|
|
|
|
|
format_error(invalid_jid) ->
|
|
|
|
?T("Malformed username");
|
|
|
|
format_error(eaccess) ->
|
|
|
|
?T("Access denied by service policy");
|
|
|
|
format_error(wait) ->
|
|
|
|
?T("Users are not allowed to register accounts so quickly");
|
|
|
|
format_error(weak_password) ->
|
|
|
|
?T("The password is too weak");
|
|
|
|
format_error(invalid_password) ->
|
|
|
|
?T("The password contains unacceptable characters");
|
|
|
|
format_error(not_allowed) ->
|
|
|
|
?T("Not allowed");
|
|
|
|
format_error(exists) ->
|
|
|
|
?T("User already exists");
|
|
|
|
format_error(db_failure) ->
|
|
|
|
?T("Database failure");
|
|
|
|
format_error(Unexpected) ->
|
|
|
|
list_to_binary(io_lib:format(?T("Unexpected error condition: ~p"), [Unexpected])).
|
|
|
|
|
2003-10-14 21:34:17 +02:00
|
|
|
send_welcome_message(JID) ->
|
2005-07-13 05:24:13 +02:00
|
|
|
Host = JID#jid.lserver,
|
2019-06-14 11:33:26 +02:00
|
|
|
case mod_register_opt:welcome_message(Host) of
|
2013-03-14 10:33:02 +01:00
|
|
|
{<<"">>, <<"">>} -> ok;
|
|
|
|
{Subj, Body} ->
|
2016-07-27 17:06:54 +02:00
|
|
|
ejabberd_router:route(
|
2017-02-16 09:00:26 +01:00
|
|
|
#message{from = jid:make(Host),
|
|
|
|
to = JID,
|
|
|
|
subject = xmpp:mk_text(Subj),
|
2019-06-14 11:33:26 +02:00
|
|
|
body = xmpp:mk_text(Body)})
|
2003-10-14 21:34:17 +02:00
|
|
|
end.
|
2002-12-08 18:23:21 +01:00
|
|
|
|
2013-03-14 10:33:02 +01:00
|
|
|
send_registration_notifications(Mod, UJID, Source) ->
|
2005-07-13 05:24:13 +02:00
|
|
|
Host = UJID#jid.lserver,
|
2019-06-14 11:33:26 +02:00
|
|
|
case mod_register_opt:registration_watchers(Host) of
|
2013-03-14 10:33:02 +01:00
|
|
|
[] -> ok;
|
|
|
|
JIDs when is_list(JIDs) ->
|
|
|
|
Body =
|
2020-01-22 12:52:30 +01:00
|
|
|
(str:format("[~s] The account ~s was registered from "
|
|
|
|
"IP address ~s on node ~w using ~p.",
|
2013-03-14 10:33:02 +01:00
|
|
|
[get_time_string(),
|
2017-02-26 08:07:12 +01:00
|
|
|
jid:encode(UJID),
|
2018-03-19 16:23:52 +01:00
|
|
|
ejabberd_config:may_hide_data(
|
|
|
|
ip_to_string(Source)),
|
|
|
|
node(), Mod])),
|
2013-03-14 10:33:02 +01:00
|
|
|
lists:foreach(
|
|
|
|
fun(JID) ->
|
|
|
|
ejabberd_router:route(
|
2017-02-16 09:00:26 +01:00
|
|
|
#message{from = jid:make(Host),
|
|
|
|
to = JID,
|
|
|
|
type = chat,
|
2016-07-27 17:06:54 +02:00
|
|
|
body = xmpp:mk_text(Body)})
|
2013-03-14 10:33:02 +01:00
|
|
|
end, JIDs)
|
2003-10-19 18:19:55 +02:00
|
|
|
end.
|
2008-04-22 23:51:32 +02:00
|
|
|
|
2013-03-14 10:33:02 +01:00
|
|
|
check_from(#jid{user = <<"">>, server = <<"">>},
|
|
|
|
_Server) ->
|
2010-01-31 14:55:10 +01:00
|
|
|
allow;
|
|
|
|
check_from(JID, Server) ->
|
2019-06-14 11:33:26 +02:00
|
|
|
Access = mod_register_opt:access_from(Server),
|
2010-01-31 14:55:10 +01:00
|
|
|
acl:match_rule(Server, Access, JID).
|
2008-04-22 23:51:32 +02:00
|
|
|
|
2013-03-14 10:33:02 +01:00
|
|
|
check_timeout(undefined) -> true;
|
2008-04-22 23:51:32 +02:00
|
|
|
check_timeout(Source) ->
|
2019-06-14 11:33:26 +02:00
|
|
|
Timeout = ejabberd_option:registration_timeout(),
|
2013-03-14 10:33:02 +01:00
|
|
|
if is_integer(Timeout) ->
|
2019-07-17 21:15:56 +02:00
|
|
|
Priority = -erlang:system_time(millisecond),
|
2013-03-14 10:33:02 +01:00
|
|
|
CleanPriority = Priority + Timeout,
|
|
|
|
F = fun () ->
|
|
|
|
Treap = case mnesia:read(mod_register_ip, treap, write)
|
|
|
|
of
|
|
|
|
[] -> treap:empty();
|
|
|
|
[{mod_register_ip, treap, T}] -> T
|
|
|
|
end,
|
|
|
|
Treap1 = clean_treap(Treap, CleanPriority),
|
|
|
|
case treap:lookup(Source, Treap1) of
|
|
|
|
error ->
|
|
|
|
Treap2 = treap:insert(Source, Priority, [],
|
|
|
|
Treap1),
|
|
|
|
mnesia:write({mod_register_ip, treap, Treap2}),
|
|
|
|
true;
|
|
|
|
{ok, _, _} ->
|
|
|
|
mnesia:write({mod_register_ip, treap, Treap1}),
|
|
|
|
false
|
|
|
|
end
|
|
|
|
end,
|
|
|
|
case mnesia:transaction(F) of
|
|
|
|
{atomic, Res} -> Res;
|
|
|
|
{aborted, Reason} ->
|
2019-06-24 19:32:34 +02:00
|
|
|
?ERROR_MSG("timeout check error: ~p~n", [Reason]),
|
2013-03-14 10:33:02 +01:00
|
|
|
true
|
|
|
|
end;
|
|
|
|
true -> true
|
2008-04-22 23:51:32 +02:00
|
|
|
end.
|
|
|
|
|
|
|
|
clean_treap(Treap, CleanPriority) ->
|
|
|
|
case treap:is_empty(Treap) of
|
2013-03-14 10:33:02 +01:00
|
|
|
true -> Treap;
|
|
|
|
false ->
|
|
|
|
{_Key, Priority, _Value} = treap:get_root(Treap),
|
|
|
|
if Priority > CleanPriority ->
|
|
|
|
clean_treap(treap:delete_root(Treap), CleanPriority);
|
|
|
|
true -> Treap
|
|
|
|
end
|
2008-04-22 23:51:32 +02:00
|
|
|
end.
|
2008-04-23 15:14:08 +02:00
|
|
|
|
2013-03-14 10:33:02 +01:00
|
|
|
remove_timeout(undefined) -> true;
|
2008-04-23 15:14:08 +02:00
|
|
|
remove_timeout(Source) ->
|
2019-06-14 11:33:26 +02:00
|
|
|
Timeout = ejabberd_option:registration_timeout(),
|
2013-03-14 10:33:02 +01:00
|
|
|
if is_integer(Timeout) ->
|
|
|
|
F = fun () ->
|
|
|
|
Treap = case mnesia:read(mod_register_ip, treap, write)
|
|
|
|
of
|
|
|
|
[] -> treap:empty();
|
|
|
|
[{mod_register_ip, treap, T}] -> T
|
|
|
|
end,
|
|
|
|
Treap1 = treap:delete(Source, Treap),
|
|
|
|
mnesia:write({mod_register_ip, treap, Treap1}),
|
|
|
|
ok
|
|
|
|
end,
|
|
|
|
case mnesia:transaction(F) of
|
|
|
|
{atomic, ok} -> ok;
|
|
|
|
{aborted, Reason} ->
|
2019-06-24 19:32:34 +02:00
|
|
|
?ERROR_MSG("Mod_register: timeout remove error: "
|
2013-03-14 10:33:02 +01:00
|
|
|
"~p~n",
|
|
|
|
[Reason]),
|
|
|
|
ok
|
|
|
|
end;
|
|
|
|
true -> ok
|
2008-04-23 15:14:08 +02:00
|
|
|
end.
|
|
|
|
|
2017-11-17 16:02:12 +01:00
|
|
|
ip_to_string({_, _, _} = USR) ->
|
|
|
|
jid:encode(USR);
|
2013-03-14 10:33:02 +01:00
|
|
|
ip_to_string(Source) when is_tuple(Source) ->
|
2017-04-11 12:13:58 +02:00
|
|
|
misc:ip_to_list(Source);
|
2013-03-14 10:33:02 +01:00
|
|
|
ip_to_string(undefined) -> <<"undefined">>;
|
|
|
|
ip_to_string(_) -> <<"unknown">>.
|
2009-11-17 12:14:31 +01:00
|
|
|
|
|
|
|
get_time_string() -> write_time(erlang:localtime()).
|
|
|
|
%% Function copied from ejabberd_logger_h.erl and customized
|
2013-03-14 10:33:02 +01:00
|
|
|
|
|
|
|
write_time({{Y, Mo, D}, {H, Mi, S}}) ->
|
2009-11-17 12:14:31 +01:00
|
|
|
io_lib:format("~w-~.2.0w-~.2.0w ~.2.0w:~.2.0w:~.2.0w",
|
|
|
|
[Y, Mo, D, H, Mi, S]).
|
2010-10-24 07:30:16 +02:00
|
|
|
|
2016-07-27 17:06:54 +02:00
|
|
|
process_xdata_submit(X) ->
|
|
|
|
case {xmpp_util:get_xdata_values(<<"username">>, X),
|
|
|
|
xmpp_util:get_xdata_values(<<"password">>, X)} of
|
|
|
|
{[User], [Pass]} -> {ok, User, Pass};
|
|
|
|
_ -> error
|
2010-10-24 07:30:16 +02:00
|
|
|
end.
|
2010-10-24 09:17:30 +02:00
|
|
|
|
|
|
|
is_strong_password(Server, Password) ->
|
2016-06-14 23:35:47 +02:00
|
|
|
case jid:resourceprep(Password) of
|
|
|
|
PP when is_binary(PP) ->
|
|
|
|
is_strong_password2(Server, Password);
|
|
|
|
error ->
|
|
|
|
error_preparing_password
|
|
|
|
end.
|
|
|
|
|
|
|
|
is_strong_password2(Server, Password) ->
|
2015-11-24 16:44:13 +01:00
|
|
|
LServer = jid:nameprep(Server),
|
2019-06-14 11:33:26 +02:00
|
|
|
case mod_register_opt:password_strength(LServer) of
|
2013-03-14 10:33:02 +01:00
|
|
|
0 ->
|
|
|
|
true;
|
|
|
|
Entropy ->
|
|
|
|
ejabberd_auth:entropy(Password) >= Entropy
|
2010-10-24 09:17:30 +02:00
|
|
|
end.
|
2010-11-05 19:00:16 +01:00
|
|
|
|
|
|
|
%%%
|
|
|
|
%%% ip_access management
|
|
|
|
%%%
|
|
|
|
|
|
|
|
may_remove_resource({_, _, _} = From) ->
|
2015-11-24 16:44:13 +01:00
|
|
|
jid:remove_resource(From);
|
2013-03-14 10:33:02 +01:00
|
|
|
may_remove_resource(From) -> From.
|
2010-11-05 19:00:16 +01:00
|
|
|
|
|
|
|
get_ip_access(Host) ->
|
2019-06-14 11:33:26 +02:00
|
|
|
mod_register_opt:ip_access(Host).
|
2010-11-05 19:00:16 +01:00
|
|
|
|
|
|
|
check_ip_access({User, Server, Resource}, IPAccess) ->
|
|
|
|
case ejabberd_sm:get_user_ip(User, Server, Resource) of
|
2013-08-12 14:25:05 +02:00
|
|
|
{IPAddress, _PortNumber} ->
|
|
|
|
check_ip_access(IPAddress, IPAccess);
|
|
|
|
_ ->
|
|
|
|
deny
|
2010-11-05 19:00:16 +01:00
|
|
|
end;
|
2013-12-10 08:40:43 +01:00
|
|
|
check_ip_access(undefined, _IPAccess) ->
|
|
|
|
deny;
|
2013-08-12 14:25:05 +02:00
|
|
|
check_ip_access(IPAddress, IPAccess) ->
|
|
|
|
acl:match_rule(global, IPAccess, IPAddress).
|
2015-06-01 14:38:27 +02:00
|
|
|
|
2019-04-23 20:05:21 +02:00
|
|
|
check_access(User, Server, Source) ->
|
|
|
|
JID = jid:make(User, Server),
|
2019-06-14 11:33:26 +02:00
|
|
|
Access = mod_register_opt:access(Server),
|
2019-04-23 20:05:21 +02:00
|
|
|
IPAccess = get_ip_access(Server),
|
|
|
|
case acl:match_rule(Server, Access, JID) of
|
|
|
|
allow -> check_ip_access(Source, IPAccess);
|
|
|
|
deny -> deny
|
|
|
|
end.
|
|
|
|
|
2019-06-14 11:33:26 +02:00
|
|
|
mod_opt_type(access) ->
|
|
|
|
econf:acl();
|
|
|
|
mod_opt_type(access_from) ->
|
|
|
|
econf:acl();
|
|
|
|
mod_opt_type(access_remove) ->
|
|
|
|
econf:acl();
|
2021-12-03 12:16:20 +01:00
|
|
|
mod_opt_type(allow_modules) ->
|
|
|
|
econf:either(all, econf:list(econf:atom()));
|
2015-06-01 14:38:27 +02:00
|
|
|
mod_opt_type(captcha_protected) ->
|
2019-06-14 11:33:26 +02:00
|
|
|
econf:bool();
|
|
|
|
mod_opt_type(ip_access) ->
|
|
|
|
econf:acl();
|
2015-06-01 14:38:27 +02:00
|
|
|
mod_opt_type(password_strength) ->
|
2019-06-14 11:33:26 +02:00
|
|
|
econf:number(0);
|
2015-06-01 14:38:27 +02:00
|
|
|
mod_opt_type(registration_watchers) ->
|
2019-06-14 11:33:26 +02:00
|
|
|
econf:list(econf:jid());
|
2015-06-01 14:38:27 +02:00
|
|
|
mod_opt_type(welcome_message) ->
|
2019-06-14 11:33:26 +02:00
|
|
|
econf:and_then(
|
|
|
|
econf:options(
|
|
|
|
#{subject => econf:binary(),
|
|
|
|
body => econf:binary()}),
|
|
|
|
fun(Opts) ->
|
|
|
|
{proplists:get_value(subject, Opts, <<>>),
|
|
|
|
proplists:get_value(body, Opts, <<>>)}
|
|
|
|
end);
|
2017-09-01 11:14:01 +02:00
|
|
|
mod_opt_type(redirect_url) ->
|
2019-06-14 11:33:26 +02:00
|
|
|
econf:url().
|
2018-01-23 08:54:52 +01:00
|
|
|
|
2019-06-14 11:33:26 +02:00
|
|
|
-spec mod_options(binary()) -> [{welcome_message, {binary(), binary()}} |
|
|
|
|
{atom(), term()}].
|
2018-02-11 10:54:15 +01:00
|
|
|
mod_options(_Host) ->
|
2018-01-23 08:54:52 +01:00
|
|
|
[{access, all},
|
|
|
|
{access_from, none},
|
|
|
|
{access_remove, all},
|
2021-12-03 12:16:20 +01:00
|
|
|
{allow_modules, all},
|
2018-01-23 08:54:52 +01:00
|
|
|
{captcha_protected, false},
|
|
|
|
{ip_access, all},
|
|
|
|
{password_strength, 0},
|
|
|
|
{registration_watchers, []},
|
2019-06-14 11:33:26 +02:00
|
|
|
{redirect_url, undefined},
|
|
|
|
{welcome_message, {<<>>, <<>>}}].
|
2020-01-08 10:24:51 +01:00
|
|
|
|
|
|
|
mod_doc() ->
|
|
|
|
#{desc =>
|
|
|
|
[?T("This module adds support for https://xmpp.org/extensions/xep-0077.html"
|
|
|
|
"[XEP-0077: In-Band Registration]. "
|
2021-01-11 20:18:28 +01:00
|
|
|
"This protocol enables end users to use an XMPP client to:"), "",
|
2020-01-08 10:24:51 +01:00
|
|
|
?T("* Register a new account on the server."), "",
|
|
|
|
?T("* Change the password from an existing account on the server."), "",
|
2020-04-08 18:49:41 +02:00
|
|
|
?T("* Delete an existing account on the server."), "",
|
2021-08-23 13:40:19 +02:00
|
|
|
?T("This module reads also the top-level _`registration_timeout`_ "
|
|
|
|
"option defined globally for the server, "
|
|
|
|
"so please check that option documentation too.")],
|
2020-01-08 10:24:51 +01:00
|
|
|
opts =>
|
|
|
|
[{access,
|
|
|
|
#{value => ?T("AccessName"),
|
|
|
|
desc =>
|
2020-09-29 06:11:30 +02:00
|
|
|
?T("Specify rules to restrict what usernames can be registered. "
|
|
|
|
"If a rule returns 'deny' on the requested username, "
|
|
|
|
"registration of that user name is denied. There are no "
|
|
|
|
"restrictions by default.")}},
|
2020-01-08 10:24:51 +01:00
|
|
|
{access_from,
|
|
|
|
#{value => ?T("AccessName"),
|
|
|
|
desc =>
|
|
|
|
?T("By default, 'ejabberd' doesn't allow to register new accounts "
|
|
|
|
"from s2s or existing c2s sessions. You can change it by defining "
|
|
|
|
"access rule in this option. Use with care: allowing registration "
|
|
|
|
"from s2s leads to uncontrolled massive accounts creation by rogue users.")}},
|
|
|
|
{access_remove,
|
|
|
|
#{value => ?T("AccessName"),
|
|
|
|
desc =>
|
|
|
|
?T("Specify rules to restrict access for user unregistration. "
|
|
|
|
"By default any user is able to unregister their account.")}},
|
2021-12-03 12:16:20 +01:00
|
|
|
{allow_modules,
|
|
|
|
#{value => "all | [Module, ...]",
|
2021-12-02 16:43:17 +01:00
|
|
|
note => "added in 21.12",
|
2021-12-03 12:16:20 +01:00
|
|
|
desc =>
|
|
|
|
?T("List of modules that can register accounts, or 'all'. "
|
|
|
|
"The default value is 'all', which is equivalent to "
|
|
|
|
"something like '[mod_register, mod_register_web]'.")}},
|
2020-01-08 10:24:51 +01:00
|
|
|
{captcha_protected,
|
|
|
|
#{value => "true | false",
|
|
|
|
desc =>
|
2021-08-23 13:40:19 +02:00
|
|
|
?T("Protect registrations with http://../basic/#captcha[CAPTCHA]. "
|
|
|
|
"The default is 'false'.")}},
|
2020-01-08 10:24:51 +01:00
|
|
|
{ip_access,
|
|
|
|
#{value => ?T("AccessName"),
|
|
|
|
desc =>
|
|
|
|
?T("Define rules to allow or deny account registration depending "
|
|
|
|
"on the IP address of the XMPP client. The 'AccessName' should "
|
|
|
|
"be of type 'ip'. The default value is 'all'.")}},
|
|
|
|
{password_strength,
|
|
|
|
#{value => "Entropy",
|
|
|
|
desc =>
|
|
|
|
?T("This option sets the minimum "
|
|
|
|
"https://en.wikipedia.org/wiki/Entropy_(information_theory)"
|
|
|
|
"[Shannon entropy] for passwords. The value 'Entropy' is a "
|
|
|
|
"number of bits of entropy. The recommended minimum is 32 bits. "
|
2021-09-14 11:24:49 +02:00
|
|
|
"The default is '0', i.e. no checks are performed.")}},
|
2020-01-08 10:24:51 +01:00
|
|
|
{registration_watchers,
|
|
|
|
#{value => "[JID, ...]",
|
|
|
|
desc =>
|
|
|
|
?T("This option defines a list of JIDs which will be notified each "
|
|
|
|
"time a new account is registered.")}},
|
|
|
|
{redirect_url,
|
|
|
|
#{value => ?T("URL"),
|
|
|
|
desc =>
|
|
|
|
?T("This option enables registration redirection as described in "
|
|
|
|
"https://xmpp.org/extensions/xep-0077.html#redirect"
|
|
|
|
"[XEP-0077: In-Band Registration: Redirection].")}},
|
|
|
|
{welcome_message,
|
|
|
|
#{value => "{subject: Subject, body: Body}",
|
|
|
|
desc =>
|
|
|
|
?T("Set a welcome message that is sent to each newly registered account. "
|
|
|
|
"The message will have subject 'Subject' and text 'Body'.")}}]}.
|