prosodyctl register overwrite passwords of registered accounts.

lui...@gmail.com

unread,

Nov 3, 2014, 6:25:37 AM11/3/14

to proso...@googlegroups.com

Hello prosodiers:

Today i found a problem with prosodyctl and the register function. I have a jabber server running prosody 0.9.6 with a web interface that use prosodyctl in order to register accounts with a browser. The problem is that prosodyctl register doesn't take care of already registered accounts and if you try to use it with registered accounts the behaviour is to overwrite the password with the new one rather than throw an error.

I’m wrote a small patch to util.prosodyctl.lua in order to warn about the registered accounts, I think that patch here is the correct place, util.prosodyctl.adduser should take care of that.

*** prosodyctl.lua      2014-11-03 12:18:29.454778944 +0100
--- /datos/prosody/lib/util/prosodyctl.lua      2014-11-03 12:02:37.008468870 +0100
***************
*** 147,156 ****
                usermanager.initialize_host(host);
        end

!       local ok, errmsg = usermanager.create_user(user, password, host);
!       if not ok then
!               return false, errmsg;
!       end
        return true;
end

--- 147,163 ----
                usermanager.initialize_host(host);
        end

!       local exists, usererrmsg = _M.user_exists(params);
!
!       if not exists then
!       local ok, errmsg = usermanager.create_user(user, password, host);
!       if not ok then
!               return false, errmsg;
!       end
!     else
!         return false, "user-already-exists";
!     end
!
        return true;
end

Vadim A. Misbakh-Soloviov

unread,

Nov 7, 2014, 3:00:49 PM11/7/14

to proso...@googlegroups.com

> I’m wrote a small patch to util.prosodyctl.lua in order to warn about the
> registered accounts, I think that patch here is the correct place,
> util.prosodyctl.adduser should take care of that.

> ! local exists, usererrmsg = _M.user_exists(params);

Some auth backends can't tell you if user exist or not (so, they return "no"
anyways).

--
Best regards,
mva

signature.asc

Luis González Fernández

unread,

Nov 7, 2014, 3:28:01 PM11/7/14

to proso...@googlegroups.com

Hi mva:

"no" would be a good return, but overwrite the password with a new one i
think that no.

El 07/11/14 a las 21:00, Vadim A. Misbakh-Soloviov escribió:

Jesus Cea

unread,

Nov 25, 2014, 6:53:31 PM11/25/14

to proso...@googlegroups.com

Hi there. Any progress on this????. Looks like quite serious.

> --
> You received this message because you are subscribed to the Google
> Groups "prosody-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to prosody-dev...@googlegroups.com
> <mailto:prosody-dev...@googlegroups.com>.
> To post to this group, send email to proso...@googlegroups.com
> <mailto:proso...@googlegroups.com>.
> Visit this group at http://groups.google.com/group/prosody-dev.
> For more options, visit https://groups.google.com/d/optout.

--
Jesús Cea Avión _/_/ _/_/_/ _/_/_/
jc...@jcea.es - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
Twitter: @jcea _/_/ _/_/ _/_/_/_/_/
jabber / xmpp:jc...@jabber.org _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz

signature.asc

Reply all

Reply to author

Forward