Changeset - aee29f90b606
Parent rev.
Child rev.
[Not reviewed]
Merge
0 3 0
Jan Kaluza - 14 years ago 2012-02-03 16:11:39
hanzz.k@gmail.com
Merge pull request #2 from meyerd/master

Local User Authentication upon Transport Registration
3 files changed with 93 insertions and 0 deletions:
spectrum/src/sample2.cfg
17
src/config.cpp
4
src/userregistration.cpp
72
0 comments (0 inline, 0 general)
spectrum/src/sample2.cfg
Show inline comments
 
@@ -86,12 +86,29 @@ type = none
 

			




	
	
	
		
 
# Port.

			




	
	
	
		
 
#port = 0

			




	
	
	
		
 

			




	
	
	
		
 
# User.

			




	
	
	
		
 
#user = spectrum

			




	
	
	
		
 

			




	
	
	
		
 
# Paasword.

			




	
	
	
		
 
#password = secret

			




	
	
	
		
 

			




	
	
	
		
 
# Prefix used for tables

			




	
	
	
		
 
#prefix = jabber_

			




	
	
	
		
 

			




	
	
	
		
 
[registration]

			




	
	
	
		
 
# Enable public registrations

			




	
	
	
		
 
enable_public_registration=1

			




	
	
	
		
 

			




	
	
	
		
 
# Text to display upon user registration form

			




	
	
	
		
 
username_label=Jabber JID (e.g. user@server.tld):

			




	
	
	
		
 
instructions=Enter your remote jabber JID and password as well as your local username and password

			




	
	
	
		
 

			




	
	
	
		
 
# If True a local jabber account on <local_account_server> is needed 

			




	
	
	
		
 
# for transport registration, the idea is to enable public registration

			




	
	
	
		
 
# from other servers, but only for users, who have already local accounts

			




	
	
	
		
 
require_local_account=1

			




	
	
	
		
 
local_username_label=Local username (without @server.tld):

			




	
	
	
		
 
local_account_server=localhost

			




	
	
	
		
 
local_account_server_timeout=10000

			




	
	
	
		
 

			




        

    


    
    

    

        

                

                    src/config.cpp
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -78,24 +78,28 @@ bool Config::load(std::istream &ifs, boost::program_options::options_description

			




	
	
	
		
 
		("service.more_resources", value<bool>()->default_value(false), "Allow more resources to be connected in server mode at the same time.")

			




	
	
	
		
 
		("service.enable_privacy_lists", value<bool>()->default_value(true), "")

			




	
	
	
		
 
		("vhosts.vhost", value<std::vector<std::string> >()->multitoken(), "")

			




	
	
	
		
 
		("identity.name", value<std::string>()->default_value("Spectrum 2 Transport"), "Name showed in service discovery.")

			




	
	
	
		
 
		("identity.category", value<std::string>()->default_value("gateway"), "Disco#info identity category. 'gateway' by default.")

			




	
	
	
		
 
		("identity.type", value<std::string>()->default_value(""), "Type of transport ('icq','msn','gg','irc', ...)")

			




	
	
	
		
 
		("registration.enable_public_registration", value<bool>()->default_value(true), "True if users should be able to register.")

			




	
	
	
		
 
		("registration.language", value<std::string>()->default_value("en"), "Default language for registration form")

			




	
	
	
		
 
		("registration.instructions", value<std::string>()->default_value("Enter your legacy network username and password."), "Instructions showed to user in registration form")

			




	
	
	
		
 
		("registration.username_label", value<std::string>()->default_value("Legacy network username:"), "Label for username field")

			




	
	
	
		
 
		("registration.username_mask", value<std::string>()->default_value(""), "Username mask")

			




	
	
	
		
 
		("registration.encoding", value<std::string>()->default_value("utf8"), "Default encoding in registration form")

			




	
	
	
		
 
		("registration.require_local_account", value<bool>()->default_value(false), "True if users have to have a local account to register to this transport from remote servers.")

			




	
	
	
		
 
		("registration.local_username_label", value<std::string>()->default_value("Local username:"), "Label for local usernme field")

			




	
	
	
		
 
		("registration.local_account_server", value<std::string>()->default_value("localhost"), "The server on which the local accounts will be checked for validity")

			




	
	
	
		
 
		("registration.local_account_server_timeout", value<int>()->default_value(10000), "Timeout when checking local user on local_account_server (msecs)")

			




	
	
	
		
 
		("database.type", value<std::string>()->default_value("none"), "Database type.")

			




	
	
	
		
 
		("database.database", value<std::string>()->default_value(""), "Database used to store data")

			




	
	
	
		
 
		("database.server", value<std::string>()->default_value("localhost"), "Database server.")

			




	
	
	
		
 
		("database.user", value<std::string>()->default_value(""), "Database user.")

			




	
	
	
		
 
		("database.password", value<std::string>()->default_value(""), "Database Password.")

			




	
	
	
		
 
		("database.port", value<int>()->default_value(0), "Database port.")

			




	
	
	
		
 
		("database.prefix", value<std::string>()->default_value(""), "Prefix of tables in database")

			




	
	
	
		
 
		("database.encryption_key", value<std::string>()->default_value(""), "Encryption key.")

			




	
	
	
		
 
		("logging.config", value<std::string>()->default_value(""), "Path to log4cxx config file which is used for Spectrum 2 instance")

			




	
	
	
		
 
		("logging.backend_config", value<std::string>()->default_value(""), "Path to log4cxx config file which is used for backends")

			




	
	
	
		
 
		("backend.default_avatar", value<std::string>()->default_value(""), "Full path to default avatar")

			




	
	
	
		
 
		("backend.avatars_directory", value<std::string>()->default_value(""), "Path to directory with avatars")

			




        

    


    
    

    

        

                

                    src/userregistration.cpp
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -17,24 +17,26 @@

			




	
	
	
		
 
 * along with this program; if not, write to the Free Software

			




	
	
	
		
 
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02111-1301  USA

			




	
	
	
		
 
 */

			




	
	
	
		
 

			




	
	
	
		
 
#include "transport/userregistration.h"

			




	
	
	
		
 
#include "transport/usermanager.h"

			




	
	
	
		
 
#include "transport/storagebackend.h"

			




	
	
	
		
 
#include "transport/transport.h"

			




	
	
	
		
 
#include "transport/rostermanager.h"

			




	
	
	
		
 
#include "transport/user.h"

			




	
	
	
		
 
#include "Swiften/Elements/ErrorPayload.h"

			




	
	
	
		
 
#include <boost/shared_ptr.hpp>

			




	
	
	
		
 
#include <boost/thread.hpp>

			




	
	
	
		
 
#include <boost/date_time/posix_time/posix_time.hpp>

			




	
	
	
		
 
#include "log4cxx/logger.h"

			




	
	
	
		
 

			




	
	
	
		
 
using namespace Swift;

			




	
	
	
		
 
using namespace log4cxx;

			




	
	
	
		
 

			




	
	
	
		
 
namespace Transport {

			




	
	
	
		
 

			




	
	
	
		
 
static LoggerPtr logger = Logger::getLogger("UserRegistration");

			




	
	
	
		
 

			




	
	
	
		
 
UserRegistration::UserRegistration(Component *component, UserManager *userManager, StorageBackend *storageBackend) : Swift::Responder<Swift::InBandRegistrationPayload>(component->m_iqRouter) {

			




	
	
	
		
 
	m_component = component;

			




	
	
	
		
 
	m_config = m_component->m_config;

			




	
	
		
 
@@ -232,24 +234,38 @@ bool UserRegistration::handleGetRequest(const Swift::JID& from, const Swift::JID

			




	
	
	
		
 
//	if (registered)

			




	
	
	
		
 
//		encoding->setValue(res.encoding);

			




	
	
	
		
 
//	else

			




	
	
	
		
 
//		encoding->setValue(CONFIG_STRING(m_config, "registration.encoding"));

			




	
	
	
		
 
//	form->addField(encoding);

			




	
	
	
		
 

			




	
	
	
		
 
	if (registered) {

			




	
	
	
		
 
		BooleanFormField::ref boolean = BooleanFormField::create();

			




	
	
	
		
 
		boolean->setName("unregister");

			




	
	
	
		
 
		boolean->setLabel((("Remove your registration")));

			




	
	
	
		
 
		boolean->setValue(0);

			




	
	
	
		
 
		form->addField(boolean);

			




	
	
	
		
 
	} else {

			




	
	
	
		
 
		if (CONFIG_BOOL(m_config,"registration.require_local_account")) {

			




	
	
	
		
 
			std::string localUsernameField = CONFIG_STRING(m_config, "registration.local_username_label");

			




	
	
	
		
 
			TextSingleFormField::ref local_username = TextSingleFormField::create();

			




	
	
	
		
 
			local_username->setName("local_username");

			




	
	
	
		
 
			local_username->setLabel((localUsernameField));

			




	
	
	
		
 
			local_username->setRequired(true);

			




	
	
	
		
 
			form->addField(local_username);

			




	
	
	
		
 
			TextPrivateFormField::ref local_password = TextPrivateFormField::create();

			




	
	
	
		
 
			local_password->setName("local_password");

			




	
	
	
		
 
			local_password->setLabel((("Local Password")));

			




	
	
	
		
 
			local_password->setRequired(true);

			




	
	
	
		
 
			form->addField(local_password);

			




	
	
	
		
 
		}

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	reg->setForm(form);

			




	
	
	
		
 

			




	
	
	
		
 
	sendResponse(from, id, reg);

			




	
	
	
		
 

			




	
	
	
		
 
	return true;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
bool UserRegistration::handleSetRequest(const Swift::JID& from, const Swift::JID& to, const std::string& id, boost::shared_ptr<Swift::InBandRegistrationPayload> payload) {

			




	
	
	
		
 
	// TODO: backend should say itself if registration is needed or not...

			




	
	
	
		
 
	if (CONFIG_STRING(m_config, "service.protocol") == "irc") {

			




	
	
		
 
@@ -264,49 +280,61 @@ bool UserRegistration::handleSetRequest(const Swift::JID& from, const Swift::JID

			




	
	
	
		
 
		if (std::find(x.begin(), x.end(), from.getDomain()) == x.end()) {

			




	
	
	
		
 
			LOG4CXX_INFO(logger, barejid << ": This user has no permissions to register an account")

			




	
	
	
		
 
			sendError(from, id, ErrorPayload::BadRequest, ErrorPayload::Modify);

			




	
	
	
		
 
			return true;

			




	
	
	
		
 
		}

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	UserInfo res;

			




	
	
	
		
 
	bool registered = m_storageBackend->getUser(barejid, res);

			




	
	
	
		
 

			




	
	
	
		
 
	std::string encoding;

			




	
	
	
		
 
	std::string language;

			




	
	
	
		
 
	std::string local_username("");

			




	
	
	
		
 
	std::string local_password("");

			




	
	
	
		
 

			




	
	
	
		
 
	Form::ref form = payload->getForm();

			




	
	
	
		
 
	if (form) {

			




	
	
	
		
 
		const std::vector<FormField::ref> fields = form->getFields();

			




	
	
	
		
 
		for (std::vector<FormField::ref>::const_iterator it = fields.begin(); it != fields.end(); it++) {

			




	
	
	
		
 
			TextSingleFormField::ref textSingle = boost::dynamic_pointer_cast<TextSingleFormField>(*it);

			




	
	
	
		
 
			if (textSingle) {

			




	
	
	
		
 
				if (textSingle->getName() == "username") {

			




	
	
	
		
 
					payload->setUsername(textSingle->getValue());

			




	
	
	
		
 
				}

			




	
	
	
		
 
				else if (textSingle->getName() == "encoding") {

			




	
	
	
		
 
					encoding = textSingle->getValue();

			




	
	
	
		
 
				}

			




	
	
	
		
 
				// Pidgin sends it as textSingle, not sure why...

			




	
	
	
		
 
				else if (textSingle->getName() == "password") {

			




	
	
	
		
 
					payload->setPassword(textSingle->getValue());

			




	
	
	
		
 
				}

			




	
	
	
		
 
				else if (textSingle->getName() == "local_username") {

			




	
	
	
		
 
					local_username = textSingle->getValue();

			




	
	
	
		
 
				}

			




	
	
	
		
 
				// Pidgin sends it as textSingle, not sure why...

			




	
	
	
		
 
				else if (textSingle->getName() == "local_password") {

			




	
	
	
		
 
					local_password = textSingle->getValue();

			




	
	
	
		
 
				}

			




	
	
	
		
 
				continue;

			




	
	
	
		
 
			}

			




	
	
	
		
 

			




	
	
	
		
 
			TextPrivateFormField::ref textPrivate = boost::dynamic_pointer_cast<TextPrivateFormField>(*it);

			




	
	
	
		
 
			if (textPrivate) {

			




	
	
	
		
 
				if (textPrivate->getName() == "password") {

			




	
	
	
		
 
					payload->setPassword(textPrivate->getValue());

			




	
	
	
		
 
				}

			




	
	
	
		
 
				else if (textPrivate->getName() == "local_password") {

			




	
	
	
		
 
					local_password = textPrivate->getValue();

			




	
	
	
		
 
				}

			




	
	
	
		
 
				continue;

			




	
	
	
		
 
			}

			




	
	
	
		
 

			




	
	
	
		
 
			ListSingleFormField::ref listSingle = boost::dynamic_pointer_cast<ListSingleFormField>(*it);

			




	
	
	
		
 
			if (listSingle) {

			




	
	
	
		
 
				if (listSingle->getName() == "language") {

			




	
	
	
		
 
					language = listSingle->getValue();

			




	
	
	
		
 
				}

			




	
	
	
		
 
				continue;

			




	
	
	
		
 
			}

			




	
	
	
		
 

			




	
	
	
		
 
			BooleanFormField::ref boolean = boost::dynamic_pointer_cast<BooleanFormField>(*it);

			




	
	
		
 
@@ -318,24 +346,68 @@ bool UserRegistration::handleSetRequest(const Swift::JID& from, const Swift::JID

			




	
	
	
		
 
				}

			




	
	
	
		
 
				continue;

			




	
	
	
		
 
			}

			




	
	
	
		
 
		}

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	if (payload->isRemove()) {

			




	
	
	
		
 
		unregisterUser(barejid);

			




	
	
	
		
 
		sendResponse(from, id, InBandRegistrationPayload::ref());

			




	
	
	
		
 
		return true;

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	if (CONFIG_BOOL(m_config,"registration.require_local_account")) {

			




	
	
	
		
 
	/*	if (!local_username || !local_password) {

			




	
	
	
		
 
			sendResponse(from, id, InBandRegistrationPayload::ref());

			




	
	
	
		
 
			return true

			




	
	
	
		
 
		} else */ if (local_username == "" || local_password == "") {

			




	
	
	
		
 
			sendResponse(from, id, InBandRegistrationPayload::ref());

			




	
	
	
		
 
			return true;

			




	
	
	
		
 
		} 

			




	
	
	
		
 
//		Swift::logging = true;

			




	
	
	
		
 
		bool validLocal = false;

			




	
	
	
		
 
		std::string localLookupServer = CONFIG_STRING(m_config, "registration.local_account_server");

			




	
	
	
		
 
		std::string localLookupJID = local_username + std::string("@") + localLookupServer;

			




	
	
	
		
 
		SimpleEventLoop localLookupEventLoop;

			




	
	
	
		
 
		BoostNetworkFactories localLookupNetworkFactories(&localLookupEventLoop);

			




	
	
	
		
 
		Client localLookupClient(localLookupJID, local_password, &localLookupNetworkFactories);

			




	
	
	
		
 
		

			




	
	
	
		
 
		// TODO: this is neccessary on my server ... but should maybe omitted

			




	
	
	
		
 
		localLookupClient.setAlwaysTrustCertificates();

			




	
	
	
		
 
		localLookupClient.connect();

			




	
	
	
		
 

			




	
	
	
		
 
		class SimpleLoopRunner {

			




	
	
	
		
 
			public:

			




	
	
	
		
 
				SimpleLoopRunner() {};

			




	
	
	
		
 

			




	
	
	
		
 
				static void run(SimpleEventLoop * loop) {

			




	
	
	
		
 
					loop->run();

			




	
	
	
		
 
				};

			




	
	
	
		
 
		};

			




	
	
	
		
 

			




	
	
	
		
 
		// TODO: Really ugly and hacky solution, any other ideas more than welcome!

			




	
	
	
		
 
		boost::thread thread(boost::bind(&(SimpleLoopRunner::run), &localLookupEventLoop));

			




	
	
	
		
 
		thread.timed_join(boost::posix_time::millisec(CONFIG_INT(m_config, "registration.local_account_server_timeout")));

			




	
	
	
		
 
		localLookupEventLoop.stop();

			




	
	
	
		
 
		thread.join();

			




	
	
	
		
 
		validLocal = localLookupClient.isAvailable();

			




	
	
	
		
 
		localLookupClient.disconnect();

			




	
	
	
		
 
		if (!validLocal) {

			




	
	
	
		
 
			sendError(from, id, ErrorPayload::NotAuthorized, ErrorPayload::Modify);

			




	
	
	
		
 
			return true;

			




	
	
	
		
 
		}

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	printf("here\n");

			




	
	
	
		
 

			




	
	
	
		
 
	if (!payload->getUsername() || !payload->getPassword()) {

			




	
	
	
		
 
		sendError(from, id, ErrorPayload::NotAcceptable, ErrorPayload::Modify);

			




	
	
	
		
 
		return true;

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	// Register or change password

			




	
	
	
		
 
	if (payload->getUsername()->empty()) {

			




	
	
	
		
 
		sendError(from, id, ErrorPayload::NotAcceptable, ErrorPayload::Modify);

			




	
	
	
		
 
		return true;

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	// TODO: Move this check to backend somehow

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: srv01-18765
    
    
        This site is powered by
            Kallithea,
        which is
        © 2010–2021 by various authors & licensed under GPLv3.
            – Support