New allow_modules option to restrict registration modules

2021-12-03 12:16:20 +01:00 · 2021-12-03 12:16:20 +01:00 · dab4c0cc10
parent 0372878ba5
commit dab4c0cc10
2 changed files with 23 additions and 5 deletions
--- a/src/mod_register.erl
+++ b/src/mod_register.erl
@ -32,11 +32,13 @@
 -behaviour(gen_mod).

 -export([start/2, stop/1, reload/3, stream_feature_register/2,
-	 c2s_unauthenticated_packet/2, try_register/4,
+	 c2s_unauthenticated_packet/2, try_register/4, try_register/5,
 	 process_iq/1, send_registration_notifications/3,
 	 mod_opt_type/1, mod_options/1, depends/2,
 	 format_error/1, mod_doc/0]).

+-deprecated({try_register, 4}).
+
 -include("logger.hrl").
 -include_lib("xmpp/include/xmpp.hrl").
 -include("translate.hrl").
@ -283,7 +285,7 @@ try_register_or_set_password(User, Server, Password,
 	_ when CaptchaSucceed ->
 	    case check_from(From, Server) of
 		allow ->
-		    case try_register(User, Server, Password, Source, Lang) of
+		    case try_register(User, Server, Password, Source, ?MODULE, Lang) of
 			ok ->
 			    xmpp:make_iq_result(IQ);
 			{error, Error} ->
@ -328,6 +330,13 @@ try_set_password(User, Server, Password, #iq{lang = Lang, meta = M} = IQ) ->
 	    xmpp:make_error(IQ, xmpp:err_internal_server_error(format_error(Why), Lang))
    end.

+try_register(User, Server, Password, SourceRaw, Module) ->
+    Modules = mod_register_opt:allow_modules(Server),
+    case (Modules == all) orelse lists:member(Module, Modules) of
+        true -> try_register(User, Server, Password, SourceRaw);
+        false -> {error, eaccess}
+    end.
+
 try_register(User, Server, Password, SourceRaw) ->
    case jid:is_nodename(User) of
 	false ->
@ -363,8 +372,8 @@ try_register(User, Server, Password, SourceRaw) ->
 	    end
    end.

-try_register(User, Server, Password, SourceRaw, Lang) ->
-    case try_register(User, Server, Password, SourceRaw) of
+try_register(User, Server, Password, SourceRaw, Module, Lang) ->
+    case try_register(User, Server, Password, SourceRaw, Module) of
 	ok ->
 	    JID = jid:make(User, Server),
 	    Source = may_remove_resource(SourceRaw),
@ -597,6 +606,8 @@ mod_opt_type(access_from) ->
    econf:acl();
 mod_opt_type(access_remove) ->
    econf:acl();
+mod_opt_type(allow_modules) ->
+    econf:either(all, econf:list(econf:atom()));
 mod_opt_type(captcha_protected) ->
    econf:bool();
 mod_opt_type(ip_access) ->
@ -623,6 +634,7 @@ mod_options(_Host) ->
    [{access, all},
     {access_from, none},
     {access_remove, all},
+     {allow_modules, all},
     {captcha_protected, false},
     {ip_access, all},
     {password_strength, 0},
@ -661,6 +673,12 @@ mod_doc() ->
              desc =>
                  ?T("Specify rules to restrict access for user unregistration. "
                     "By default any user is able to unregister their account.")}},
+           {allow_modules,
+            #{value => "all | [Module, ...]",
+              desc =>
+                  ?T("List of modules that can register accounts, or 'all'. "
+                     "The default value is 'all', which is equivalent to "
+                     "something like '[mod_register, mod_register_web]'.")}},
           {captcha_protected,
            #{value => "true | false",
              desc =>
--- a/src/mod_register_web.erl
+++ b/src/mod_register_web.erl
@ -521,7 +521,7 @@ register_account(Username, Host, Password, Ip) ->
    end.

 register_account2(Username, Host, Password, Ip) ->
-    case mod_register:try_register(Username, Host, Password, Ip)
+    case mod_register:try_register(Username, Host, Password, Ip, ?MODULE)
 	of
      ok ->
 	  {success, ok, {Username, Host, Password}};