25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-22 16:20:52 +01:00

Use mod_register in web register form, so its restrictions are used (#3688)

This commit is contained in:
Badlop 2021-10-04 11:24:24 +02:00
parent 85408662ff
commit 595b016019

View File

@ -85,7 +85,7 @@ process([Section],
process([<<"new">>], process([<<"new">>],
#request{method = 'POST', q = Q, ip = {Ip, _Port}, #request{method = 'POST', q = Q, ip = {Ip, _Port},
lang = Lang, host = _HTTPHost}) -> lang = Lang, host = _HTTPHost}) ->
case form_new_post(Q) of case form_new_post(Q, Ip) of
{success, ok, {Username, Host, _Password}} -> {success, ok, {Username, Host, _Password}} ->
Jid = jid:make(Username, Host), Jid = jid:make(Username, Host),
mod_register:send_registration_notifications(?MODULE, Jid, Ip), mod_register:send_registration_notifications(?MODULE, Jid, Ip),
@ -290,10 +290,10 @@ form_new_get2(Host, Lang, CaptchaEls) ->
%%% Formulary new POST %%% Formulary new POST
%%%---------------------------------------------------------------------- %%%----------------------------------------------------------------------
form_new_post(Q) -> form_new_post(Q, Ip) ->
case catch get_register_parameters(Q) of case catch get_register_parameters(Q) of
[Username, Host, Password, Password, Id, Key] -> [Username, Host, Password, Password, Id, Key] ->
form_new_post(Username, Host, Password, {Id, Key}); form_new_post(Username, Host, Password, {Id, Key}, Ip);
[_Username, _Host, _Password, _Password2, false, false] -> [_Username, _Host, _Password, _Password2, false, false] ->
{error, passwords_not_identical}; {error, passwords_not_identical};
[_Username, _Host, _Password, _Password2, Id, Key] -> [_Username, _Host, _Password, _Password2, Id, Key] ->
@ -312,13 +312,12 @@ get_register_parameters(Q) ->
[<<"username">>, <<"host">>, <<"password">>, <<"password2">>, [<<"username">>, <<"host">>, <<"password">>, <<"password2">>,
<<"id">>, <<"key">>]). <<"id">>, <<"key">>]).
form_new_post(Username, Host, Password, form_new_post(Username, Host, Password, {false, false}, Ip) ->
{false, false}) -> register_account(Username, Host, Password, Ip);
register_account(Username, Host, Password); form_new_post(Username, Host, Password, {Id, Key}, Ip) ->
form_new_post(Username, Host, Password, {Id, Key}) ->
case ejabberd_captcha:check_captcha(Id, Key) of case ejabberd_captcha:check_captcha(Id, Key) of
captcha_valid -> captcha_valid ->
register_account(Username, Host, Password); register_account(Username, Host, Password, Ip);
captcha_non_valid -> {error, captcha_non_valid}; captcha_non_valid -> {error, captcha_non_valid};
captcha_not_found -> {error, captcha_non_valid} captcha_not_found -> {error, captcha_non_valid}
end. end.
@ -502,11 +501,11 @@ form_del_get(Host, Lang) ->
{<<"Content-Type">>, <<"text/html">>}], {<<"Content-Type">>, <<"text/html">>}],
ejabberd_web:make_xhtml(HeadEls, Els)}. ejabberd_web:make_xhtml(HeadEls, Els)}.
%% @spec(Username, Host, Password) -> {success, ok, {Username, Host, Password} | %% @spec(Username, Host, Password, Ip) -> {success, ok, {Username, Host, Password} |
%% {success, exists, {Username, Host, Password}} | %% {success, exists, {Username, Host, Password}} |
%% {error, not_allowed} | %% {error, not_allowed} |
%% {error, invalid_jid} %% {error, invalid_jid}
register_account(Username, Host, Password) -> register_account(Username, Host, Password, Ip) ->
try mod_register_opt:access(Host) of try mod_register_opt:access(Host) of
Access -> Access ->
case jid:make(Username, Host) of case jid:make(Username, Host) of
@ -514,16 +513,15 @@ register_account(Username, Host, Password) ->
JID -> JID ->
case acl:match_rule(Host, Access, JID) of case acl:match_rule(Host, Access, JID) of
deny -> {error, not_allowed}; deny -> {error, not_allowed};
allow -> register_account2(Username, Host, Password) allow -> register_account2(Username, Host, Password, Ip)
end end
end end
catch _:{module_not_loaded, mod_register, _Host} -> catch _:{module_not_loaded, mod_register, _Host} ->
{error, host_unknown} {error, host_unknown}
end. end.
register_account2(Username, Host, Password) -> register_account2(Username, Host, Password, Ip) ->
case ejabberd_auth:try_register(Username, Host, case mod_register:try_register(Username, Host, Password, Ip)
Password)
of of
ok -> ok ->
{success, ok, {Username, Host, Password}}; {success, ok, {Username, Host, Password}};