Chapril/xmpp.chapril.org-ejabberd
26
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-12-26 17:38:45 +01:00
Code Releases Activity

Protect users from delete_old_users command using a fixed access rule (#1462)

Browse Source
This commit is contained in:
Badlop 2017-02-23 19:38:17 +01:00
parent 4294ba6b52
commit 6314a96b05
1 changed files with 32 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
src/mod_admin_extra.erl
View File

@ -181,6 +181,11 @@ get_commands_spec() ->
result_desc = "Number of users active on given server in last n days"}, result_desc = "Number of users active on given server in last n days"},
#ejabberd_commands{name = delete_old_users, tags = [accounts, purge], #ejabberd_commands{name = delete_old_users, tags = [accounts, purge],
desc = "Delete users that didn't log in last days, or that never logged", desc = "Delete users that didn't log in last days, or that never logged",
longdesc = "To protect admin accounts, configure this for example:\n"
"access_rules:\n"
" delete_old_users:\n"
" - deny: admin\n"
" - allow: all\n",
module = ?MODULE, function = delete_old_users, module = ?MODULE, function = delete_old_users,
args = [{days, integer}], args = [{days, integer}],
args_example = [30], args_example = [30],
@ -190,6 +195,11 @@ get_commands_spec() ->
result_desc = "Result tuple"}, result_desc = "Result tuple"},
#ejabberd_commands{name = delete_old_users_vhost, tags = [accounts, purge], #ejabberd_commands{name = delete_old_users_vhost, tags = [accounts, purge],
desc = "Delete users that didn't log in last days in vhost, or that never logged", desc = "Delete users that didn't log in last days in vhost, or that never logged",
longdesc = "To protect admin accounts, configure this for example:\n"
"access_rules:\n"
" delete_old_users:\n"
" - deny: admin\n"
" - allow: all\n",
module = ?MODULE, function = delete_old_users_vhost, module = ?MODULE, function = delete_old_users_vhost,
args = [{host, binary}, {days, integer}], args = [{host, binary}, {days, integer}],
args_example = [<<"myserver.com">>, 30], args_example = [<<"myserver.com">>, 30],
@ -810,53 +820,35 @@ delete_old_users_vhost(Host, Days) ->
{ok, io_lib:format("Deleted ~p users: ~p", [N, UR])}. {ok, io_lib:format("Deleted ~p users: ~p", [N, UR])}.
delete_old_users(Days, Users) -> delete_old_users(Days, Users) ->
%% Convert older time
SecOlder = Days*24*60*60, SecOlder = Days*24*60*60,
%% Get current time
TimeStamp_now = p1_time_compat:system_time(seconds), TimeStamp_now = p1_time_compat:system_time(seconds),
TimeStamp_oldest = TimeStamp_now - SecOlder,
%% For a user, remove if required and answer true
F = fun({LUser, LServer}) -> F = fun({LUser, LServer}) ->
%% Check if the user is logged case catch delete_or_not(LUser, LServer, TimeStamp_oldest) of
case ejabberd_sm:get_user_resources(LUser, LServer) of true ->
%% If it isnt ejabberd_auth:remove_user(LUser, LServer),
[] -> true;
%% Look for his last_activity _ ->
case mod_last:get_last_info(LUser, LServer) of false
%% If it is end
%% existent:
{ok, TimeStamp, _Status} ->
%% get his age
Sec = TimeStamp_now - TimeStamp,
%% If he is
if
%% younger than SecOlder:
Sec < SecOlder ->
%% do nothing
false;
%% older:
true ->
%% remove the user
ejabberd_auth:remove_user(LUser, LServer),
true
end;
%% nonexistent:
not_found ->
%% remove the user
ejabberd_auth:remove_user(LUser, LServer),
true
end;
%% Else
_ ->
%% do nothing
false
end
end, end,
%% Apply the function to every user in the list
Users_removed = lists:filter(F, Users), Users_removed = lists:filter(F, Users),
{removed, length(Users_removed), Users_removed}. {removed, length(Users_removed), Users_removed}.
delete_or_not(LUser, LServer, TimeStamp_oldest) ->
allow = acl:match_rule(LServer, delete_old_users, jid:make(LUser, LServer)),
[] = ejabberd_sm:get_user_resources(LUser, LServer),
case mod_last:get_last_info(LUser, LServer) of
{ok, TimeStamp, _Status} ->
if TimeStamp_oldest < TimeStamp ->
false;
true ->
true
end;
not_found ->
true
end.
%% %%
%% Ban account %% Ban account