/
register.go
226 lines (208 loc) · 6.41 KB
/
register.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
package xep0077
import (
"context"
"github.com/dantin/cubit/log"
"github.com/dantin/cubit/model"
"github.com/dantin/cubit/module/xep0030"
"github.com/dantin/cubit/router"
"github.com/dantin/cubit/storage/repository"
"github.com/dantin/cubit/stream"
"github.com/dantin/cubit/util/runqueue"
"github.com/dantin/cubit/xmpp"
"github.com/dantin/cubit/xmpp/jid"
)
const registerNamespace = "jabber:iq:register"
const xep077RegisteredCtxKey = "xep0077:registered"
// Config represents XMPP In-Band Registration module (XEP-0077) configuration.
type Config struct {
AllowRegistration bool `yaml:"allow_registration"`
AllowChange bool `yaml:"allow_change"`
AllowCancel bool `yaml:"allow_cancel"`
}
// Register represents an in-band server stream module.
type Register struct {
cfg *Config
router router.Router
runQueue *runqueue.RunQueue
rep repository.User
}
// New returns an in-band registration IQ handler.
func New(config *Config, disco *xep0030.DiscoInfo, router router.Router, userRep repository.User) *Register {
r := &Register{
cfg: config,
router: router,
runQueue: runqueue.New("xep0077"),
rep: userRep,
}
if disco != nil {
disco.RegisterServerFeature(registerNamespace)
}
return r
}
// MatchesIQ returns whether or not an IQ should be processed by the in-band registration module.
func (x *Register) MatchesIQ(iq *xmpp.IQ) bool {
return iq.Elements().ChildNamespace("query", registerNamespace) != nil
}
// ProcessIQ processes an in-band registration IQ taking according actions over the associated stream.
func (x *Register) ProcessIQ(ctx context.Context, iq *xmpp.IQ) {
x.runQueue.Run(func() {
if stm := x.router.LocalStream(iq.FromJID().Node(), iq.FromJID().Resource()); stm != nil {
x.processIQ(ctx, iq, stm)
}
})
}
// ProcessIQWithStream processes an in-band registration IQ taking according actions over a referenced stream.
func (x *Register) ProcessIQWithStream(ctx context.Context, iq *xmpp.IQ, stm stream.C2S) {
x.runQueue.Run(func() {
x.processIQ(ctx, iq, stm)
})
}
// Shutdown shuts down in-band registration module.
func (x *Register) Shutdown() error {
c := make(chan struct{})
x.runQueue.Stop(func() { close(c) })
<-c
return nil
}
func (x *Register) processIQ(ctx context.Context, iq *xmpp.IQ, stm stream.C2S) {
if !x.isValidToJid(iq.ToJID(), stm) {
stm.SendElement(ctx, iq.ForbiddenError())
return
}
q := iq.Elements().ChildNamespace("query", registerNamespace)
if !stm.IsAuthenticated() {
if iq.IsGet() {
if !x.cfg.AllowRegistration {
stm.SendElement(ctx, iq.NotAllowedError())
return
}
// ...send registration fields to requester entity...
x.sendRegistrationFields(ctx, iq, q, stm)
} else if iq.IsSet() {
registered, _ := stm.Value(xep077RegisteredCtxKey).(bool)
if !registered {
// ...register a new user...
x.registerNewUser(ctx, iq, q, stm)
} else {
// return a <not-acceptable/> stanza error if an entity attempts to register a second identity
stm.SendElement(ctx, iq.NotAcceptableError())
}
} else {
stm.SendElement(ctx, iq.BadRequestError())
}
} else if iq.IsSet() {
if q.Elements().Child("remove") != nil {
// remove user
x.cancelRegistration(ctx, iq, q, stm)
} else {
user := q.Elements().Child("username")
password := q.Elements().Child("password")
if user != nil && password != nil {
// change password
x.changePassword(ctx, password.Text(), user.Text(), iq, stm)
} else {
stm.SendElement(ctx, iq.BadRequestError())
}
}
} else {
stm.SendElement(ctx, iq.BadRequestError())
}
}
func (x *Register) sendRegistrationFields(ctx context.Context, iq *xmpp.IQ, query xmpp.XElement, stm stream.C2S) {
if query.Elements().Count() > 0 {
stm.SendElement(ctx, iq.BadRequestError())
return
}
result := iq.ResultIQ()
q := xmpp.NewElementNamespace("query", registerNamespace)
q.AppendElement(xmpp.NewElementName("username"))
q.AppendElement(xmpp.NewElementName("password"))
result.AppendElement(q)
stm.SendElement(ctx, result)
}
func (x *Register) registerNewUser(ctx context.Context, iq *xmpp.IQ, query xmpp.XElement, stm stream.C2S) {
userEl := query.Elements().Child("username")
passwordEl := query.Elements().Child("password")
if userEl == nil || passwordEl == nil || len(userEl.Text()) == 0 || len(passwordEl.Text()) == 0 {
stm.SendElement(ctx, iq.BadRequestError())
return
}
exists, err := x.rep.UserExists(ctx, userEl.Text())
if err != nil {
log.Error(err)
stm.SendElement(ctx, iq.InternalServerError())
return
}
if exists {
stm.SendElement(ctx, iq.ConflictError())
return
}
user := model.User{
Username: userEl.Text(),
Password: passwordEl.Text(),
LastPresence: xmpp.NewPresence(stm.JID(), stm.JID(), xmpp.UnavailableType),
}
if err := x.rep.UpsertUser(ctx, &user); err != nil {
log.Error(err)
stm.SendElement(ctx, iq.InternalServerError())
return
}
stm.SendElement(ctx, iq.ResultIQ())
stm.SetValue(xep077RegisteredCtxKey, true) // mark as registered
}
func (x *Register) cancelRegistration(ctx context.Context, iq *xmpp.IQ, query xmpp.XElement, stm stream.C2S) {
if !x.cfg.AllowCancel {
stm.SendElement(ctx, iq.NotAllowedError())
return
}
if query.Elements().Count() > 1 {
stm.SendElement(ctx, iq.BadRequestError())
return
}
if err := x.rep.DeleteUser(ctx, stm.Username()); err != nil {
log.Error(err)
stm.SendElement(ctx, iq.InternalServerError())
return
}
stm.SendElement(ctx, iq.ResultIQ())
}
func (x *Register) changePassword(ctx context.Context, password string, username string, iq *xmpp.IQ, stm stream.C2S) {
if !x.cfg.AllowChange {
stm.SendElement(ctx, iq.NotAllowedError())
return
}
if username != stm.Username() {
stm.SendElement(ctx, iq.NotAllowedError())
return
}
if !stm.IsSecured() {
// channel isn't safe enough to enable a password change
stm.SendElement(ctx, iq.NotAuthorizedError())
return
}
user, err := x.rep.FetchUser(ctx, username)
if err != nil {
log.Error(err)
stm.SendElement(ctx, iq.InternalServerError())
return
}
if user == nil {
stm.SendElement(ctx, iq.ResultIQ())
return
}
if user.Password != password {
user.Password = password
if err := x.rep.UpsertUser(ctx, user); err != nil {
log.Error(err)
stm.SendElement(ctx, iq.InternalServerError())
return
}
}
stm.SendElement(ctx, iq.ResultIQ())
}
func (x *Register) isValidToJid(j *jid.JID, stm stream.C2S) bool {
if stm.IsAuthenticated() && (j.IsBare() && j.Node() != stm.Username()) {
return false
}
return true
}