yetangitu/ejabberd
1
0
Fork 0
mirror of https://github.com/processone/ejabberd synced 2025-10-03 17:59:31 +02:00
Code Issues Releases Wiki Activity

mod_auth_fast: Clear tokens on kick, change pass and unregister (#4397)(#4398)(#4399)

Browse source
This commit is contained in:
Badlop 2025-06-20 16:00:16 +02:00
parent a0c97b33e0
commit 6b47d3eb0d
4 changed files with 26 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/ejabberd_auth.erl
View file

@ -755,7 +755,7 @@ db_set_password(User, Server, PlainPassword, Passwords, Mod) ->
end end
end, end,
case Ret of case Ret of
{ok, _} -> ok; {ok, _} -> ejabberd_hooks:run(set_password, Server, [User, Server]);
{error, _} = Err -> Err {error, _} = Err -> Err
end. end.

4
src/ejabberd_sm.erl
View file

@ -481,8 +481,10 @@ c2s_handle_info(#{lang := Lang, bind2_session_id := {Tag, _}} = State,
{stop, ejabberd_c2s:send(State1, Err)}; {stop, ejabberd_c2s:send(State1, Err)};
c2s_handle_info(State, {replaced_with_bind_tag, _}) -> c2s_handle_info(State, {replaced_with_bind_tag, _}) ->
State; State;
c2s_handle_info(#{lang := Lang} = State, kick) -> c2s_handle_info(#{lang := Lang, jid := JID} = State, kick) ->
Err = xmpp:serr_policy_violation(?T("has been kicked"), Lang), Err = xmpp:serr_policy_violation(?T("has been kicked"), Lang),
ejabberd_hooks:run(sm_kick_user, JID#jid.lserver,
[JID#jid.luser, JID#jid.lserver]),
{stop, ejabberd_c2s:send(State, Err)}; {stop, ejabberd_c2s:send(State, Err)};
c2s_handle_info(#{lang := Lang} = State, {exit, Reason}) -> c2s_handle_info(#{lang := Lang} = State, {exit, Reason}) ->
Err = xmpp:serr_conflict(Reason, Lang), Err = xmpp:serr_conflict(Reason, Lang),

14
src/mod_auth_fast.erl
View file

@ -30,7 +30,7 @@
-export([mod_doc/0]). -export([mod_doc/0]).
%% Hooks %% Hooks
-export([c2s_inline_features/2, c2s_handle_sasl2_inline/1, -export([c2s_inline_features/2, c2s_handle_sasl2_inline/1,
get_tokens/3, get_mechanisms/1]). get_tokens/3, get_mechanisms/1, remove_user_tokens/2]).
-include_lib("xmpp/include/xmpp.hrl"). -include_lib("xmpp/include/xmpp.hrl").
-include_lib("xmpp/include/scram.hrl"). -include_lib("xmpp/include/scram.hrl").
@ -54,7 +54,10 @@ start(Host, Opts) ->
Mod = gen_mod:db_mod(Opts, ?MODULE), Mod = gen_mod:db_mod(Opts, ?MODULE),
Mod:init(Host, Opts), Mod:init(Host, Opts),
{ok, [{hook, c2s_inline_features, c2s_inline_features, 50}, {ok, [{hook, c2s_inline_features, c2s_inline_features, 50},
{hook, c2s_handle_sasl2_inline, c2s_handle_sasl2_inline, 10}]}. {hook, c2s_handle_sasl2_inline, c2s_handle_sasl2_inline, 10},
{hook, set_password, remove_user_tokens, 50},
{hook, sm_kick_user, remove_user_tokens, 50},
{hook, remove_user, remove_user_tokens, 50}]}.
-spec stop(binary()) -> ok. -spec stop(binary()) -> ok.
stop(_Host) -> stop(_Host) ->
@ -165,3 +168,10 @@ c2s_handle_sasl2_inline({#{server := Server, user := User, sasl2_ua_id := UA,
_ -> _ ->
Acc Acc
end. end.
-spec remove_user_tokens(binary(), binary()) -> ok.
remove_user_tokens(User, Server) ->
LUser = jid:nodeprep(User),
LServer = jid:nameprep(Server),
Mod = gen_mod:db_mod(LServer, ?MODULE),
Mod:del_tokens(LServer, LUser).

12
src/mod_auth_fast_mnesia.erl
View file

@ -28,12 +28,12 @@
%% API %% API
-export([init/2]). -export([init/2]).
-export([get_tokens/3, del_token/4, set_token/6, rotate_token/3]). -export([get_tokens/3, del_token/4, del_tokens/2, set_token/6, rotate_token/3]).
-include_lib("xmpp/include/xmpp.hrl"). -include_lib("xmpp/include/xmpp.hrl").
-include("logger.hrl"). -include("logger.hrl").
-record(mod_auth_fast, {key = {<<"">>, <<"">>, <<"">>} :: {binary(), binary(), binary()} | '$1', -record(mod_auth_fast, {key = {<<"">>, <<"">>, <<"">>} :: {binary(), binary(), binary() | '_'} | '$1',
token = <<>> :: binary() | '_', token = <<>> :: binary() | '_',
created_at = 0 :: non_neg_integer() | '_', created_at = 0 :: non_neg_integer() | '_',
expires_at = 0 :: non_neg_integer() | '_'}). expires_at = 0 :: non_neg_integer() | '_'}).
@ -94,6 +94,14 @@ del_token(LServer, LUser, UA, Type) ->
end, end,
transaction(F). transaction(F).
-spec del_tokens(binary(), binary()) -> ok | {error, atom()}.
del_tokens(LServer, LUser) ->
F = fun() ->
Elements = mnesia:match_object(#mod_auth_fast{key = {LServer, LUser, '_'}, _ = '_'}),
[mnesia:delete_object(E) || E <- Elements]
end,
transaction(F).
-spec set_token(binary(), binary(), binary(), current | next, binary(), non_neg_integer()) -> -spec set_token(binary(), binary(), binary(), current | next, binary(), non_neg_integer()) ->
ok | {error, atom()}. ok | {error, atom()}.
set_token(LServer, LUser, UA, Type, Token, Expires) -> set_token(LServer, LUser, UA, Type, Token, Expires) ->