25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-28 16:34:13 +01:00
Commit Graph

150 Commits

Author SHA1 Message Date
Badlop
589521bfd8 Update copyright year to 2024 (#4139) 2024-01-22 17:29:13 +01:00
Paweł Chmielowski
12d47455ba Add auth_external_user_exists_check option
This makes `user_check` hook work better with authentication methods
that don't have a way to determine if user exists (like is the case for
jwt and cert based authentication), and as result will improve mod_offline
and mod_mam handling of offline messages to those users. This reuses
information stored by `mod_last` for this purpose.

Should fix issue #3377.
2023-10-11 14:17:18 +02:00
Badlop
243697e25a Update copyright year to 2023 (#3967) 2023-01-10 13:52:04 +01:00
Badlop
b73a9234d9 Add some missing RFCs and remove problematic leading 0 in xep versions 2022-11-04 16:17:39 +01:00
Badlop
b3211b1f71 Update copyright year to 2022 2022-02-11 09:39:25 +01:00
Badlop
6e0161470e Update newest copyright year to 2021 (#3464) 2021-01-27 17:02:06 +01:00
Paweł Chmielowski
d8d9ef32ad Make anonymous auth not override sasl mechaninsm offered by other modules
This stop overriding store_type when anonymous is enabled with other
auth modules, we don't really need that since anonymous is not taking
passwords anyway, and this was disabling scram mechanisms.

This fixes issue #2803.
2020-12-14 16:42:14 +01:00
Paweł Chmielowski
1dc0ecd1e9 Allow to use different hash for storing scram passwords 2020-12-08 12:06:52 +01:00
Paweł Chmielowski
72867f8d1e Fix more places that needed changes after scram.erl api modifications 2020-12-04 09:20:59 +01:00
Paweł Chmielowski
b4ea1625e4 Don't use same value in cache for user don't exist and wrong password
By doing this check_password that returned info about mismatched password
caused user_exists checks performed after that to return wrongly that
account doesn't exist.
2020-10-22 11:10:22 +02:00
Stu Tomlinson
bd11a00f8f
Use include_lib() to include headers from dependencies (#3369) 2020-09-03 13:45:57 +02:00
Badlop
2d32c66fd7 Update copyright to 2020 (#3149) 2020-01-28 15:49:23 +01:00
Paweł Chmielowski
71c44bff8b Make convert_to_scram work with all backends 2019-11-27 10:35:52 +01:00
Alexey Shchepin
0fe1e40a9d JWT-only authentication for some users (#3012) 2019-09-18 18:46:24 +03:00
Evgeny Khramtsov
35576b4608 Improve hooks validator and fix bugs related to hooks registration 2019-07-29 10:46:20 +03:00
Evgeny Khramtsov
3f7d9e3ad6 Remove Riak support
Reasons:
- Riak DB development is almost halted after Basho
- riak-erlang-client is abandoned and doesn't work
  correctly with OTP22
- Riak is slow in comparison to other databases
- Missing key ordering makes it impossible to implement range
  queries efficiently (e.g. MAM queries)
2019-07-18 19:31:12 +03:00
Evgeny Khramtsov
15b4b3fa1b Fix typos using codespell 2019-07-16 22:07:39 +03:00
Evgeny Khramtsov
6f5d99275b Process unexpected messages uniformly 2019-07-12 11:55:36 +03:00
Evgeny Khramtsov
368858a744 Fix return type in try_set_password()
Fixes #2932
2019-07-07 12:16:04 +03:00
Evgeny Khramtsov
253ec13971 Use new ets_cache API in ejabberd_auth 2019-06-30 17:15:43 +03:00
Evgeny Khramtsov
39cf8d86d6 Avoid using broad map() type wherever possible 2019-06-27 15:22:27 +03:00
Evgeny Khramtsov
a3e0cbbdd8 Make logging messages more consistent 2019-06-24 20:32:34 +03:00
Evgeny Khramtsov
a205ebad2b Get rid of "well-known" type 2019-06-15 12:53:16 +03:00
Evgeny Khramtsov
a02cff0e78 Use new configuration validator 2019-06-14 12:33:26 +03:00
Evgeny Khramtsov
3f7a850ae8 Use different cache tables per auth module
Fixes #2322
2019-05-23 11:32:55 +03:00
Evgeny Khramtsov
7c45b52c86 Correctly support cache tags in ejabberd_auth 2019-04-19 15:42:24 +03:00
Evgeny Khramtsov
7f14826564 Use new ets_cache api in ejabberd_auth 2019-04-19 15:08:41 +03:00
Badlop
55417dfb37 Update copyright to 2019 (#2756) 2019-01-08 22:53:27 +01:00
Paweł Chmielowski
45eb08d05c Add auth:which_user_exist to bulk checking existence of list of users 2018-12-05 14:22:09 +01:00
Evgeny Khramtsov
2d246f61dd Fix some dialyzer warnings 2018-09-09 09:59:08 +03:00
Holger Weiss
2d45832a39 ejabberd_auth: Restore lost case clause
Let check_password_with_authmodule/6 handle the case where
validate_credentials/2 returns an error.  This got lost in commit
4f8af723c6.
2018-07-26 22:37:25 +02:00
Evgeniy Khramtsov
491993d401 Reload internal room's configuration when mod_muc is reloaded
Fixes #2513
2018-07-08 14:52:12 +03:00
Evgeniy Khramtsov
ed1ee6061e Move move randoms module to p1_utils repo 2018-07-05 11:51:49 +03:00
Evgeniy Khramtsov
fd8e07af47 Get rid of ejabberd.hrl header
The header consisted of too many unrelated stuff and macros misuse.
Some stuff is moved into scram.hrl and type_compat.hrl.
All macros have been replaced with the corresponding function calls.

TODO: probably type_compat.hrl is not even needed anymore since
we support only Erlang >= OTP 17.5
2018-06-14 14:00:47 +03:00
Evgeniy Khramtsov
1261502f6a Improve indentation 2018-05-30 22:53:34 +03:00
Stu Tomlinson
4f8af723c6 Fix authentication for usernames containing uppercase characters
Applies to authentication methods that compare User (normalized)
and AuthzId (was not being normalized). These are external, ldap & pam.

Fixes #2280
2018-05-30 18:43:26 +01:00
Evgeniy Khramtsov
b23d5754e8 Improve robustness of external authentication backends
Now all external ports are attached to supervising processes
and requests are balanced in round-robin manner until the pool
is exhausted.

The commit also deprecates `extauth_instances` option and introduces
`extauth_pool_size` option instead, with the default value of a number
of logical processors (i.e. CPU cores).

Fixes #2403
2018-05-07 19:27:18 +03:00
Holger Weiss
410db89167 ejabberd_auth: Don't use cache if it's disabled
Don't let the check whether a user exists use the cache if caching was
disabled in the configuration.
2018-05-03 00:31:33 +02:00
Evgeniy Khramtsov
ff06bdf144 Don't ask other nodes to invalidate cache when the key is not updated 2018-02-18 09:02:23 +03:00
Evgeniy Khramtsov
cffdb06b66 Cache 'isuser' queries to external auth program 2018-02-16 20:50:22 +03:00
Evgeniy Khramtsov
cdc7c1d1ed Update copyright dates 2018-01-05 23:18:58 +03:00
Christophe Romain
675cc3e0ea Allow auth and pubsub plugin to use Elixir module 2017-10-31 11:04:32 +01:00
Evgeniy Khramtsov
29462f0053 Make it possible to convert to SQL for any current db_type
It is now possible to run `export` command even when the current `db_type` is not `sql`
2017-10-25 21:21:52 +03:00
Christophe Romain
3d185c0fb8 Fix missing validation from 633b68db1 (#1900) 2017-08-04 11:53:32 +02:00
Evgeniy Khramtsov
e93762a720 Deprecate misc:encode_base64/1 and misc:decode_base64/1 2017-05-23 10:43:26 +03:00
Evgeniy Khramtsov
cdb191bb48 Rename is_user_exists -> user_exists 2017-05-11 15:49:06 +03:00
Evgeniy Khramtsov
633b68db11 Use cache for authentication backends
The commit introduces the following API incompatibilities:

In ejabberd_auth.erl:
* dirty_get_registered_users/0 is renamed to get_users/0
* get_vh_registered_users/1 is renamed to get_users/1
* get_vh_registered_users/2 is renamed to get_users/2
* get_vh_registered_users_number/1 is renamed to count_users/1
* get_vh_registered_users_number/2 is renamed to count_users/2

In ejabberd_auth callbacks
* plain_password_required/0 is replaced by plain_password_required/1
  where the argument is a virtual host
* store_type/0 is replaced by store_type/1 where the argument is
  a virtual host
* set_password/3 is now an optional callback
* remove_user/3 callback is no longer needed
* remove_user/2 now should return `ok | {error, atom()}`
* is_user_exists/2 now must only be implemented for backends
  with `external` store type
* check_password/6 is no longer needed
* check_password/4 now must only be implemented for backends
  with `external` store type
* try_register/3 is now an optional callback and should return
  `ok | {error, atom()}`
* dirty_get_registered_users/0 is no longer needed
* get_vh_registered_users/1 is no longer needed
* get_vh_registered_users/2 is renamed to get_users/2
* get_vh_registered_users_number/1 is no longer needed
* get_vh_registered_users_number/2 is renamed to count_users/2
* get_password_s/2 is no longer needed
* get_password/2 now must only be implemented for backends with
  `plain` or `scram` store type

Additionally, the commit introduces two new callbacks:
* use_cache/1 where the argument is a virtual host
* cache_nodes/1 where the argument is a virtual host

New options are also introduced: `auth_use_cache`, `auth_cache_missed`,
`auth_cache_life_time` and `auth_cache_size`.
2017-05-11 14:37:21 +03:00
Evgeniy Khramtsov
01a2c9fe12 Add type specs for Module:opt_type/1 2017-05-08 12:59:28 +03:00
Evgeniy Khramtsov
b82b93f8f0 Don't validate an option in ejabberd_config:get_option() functions
The commit introduces the following changes:
* Now there is no need to pass validating function in
  ejabberd_config:get_option() functions, because the configuration
  keeps already validated values.
* New function ejabberd_config:get_option/1 is introduced
* Function ejabberd_config:get_option/3 is deprecated. If the function
  is still called, the second argument (validating function) is simply
  ignored.
* The second argument for ejabberd_config:get_option/2 is now
  a default value, not a validating function.
2017-04-29 11:39:40 +03:00
Evgeniy Khramtsov
7129aebe76 Don't re-define validation functions in multiple places 2017-04-28 13:23:32 +03:00