diff options
author | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2017-05-11 14:37:21 +0300 |
---|---|---|
committer | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2017-05-11 14:37:21 +0300 |
commit | 633b68db1130c81551b063f3aa15d599b0d355e5 (patch) | |
tree | df2f0be4b75b001e8e47d1778e8e01637a9dfbcd /src/ejabberd_auth_anonymous.erl | |
parent | Use misc:atom_to_binary/1 instead of the deprecated jlib.erl (#1510) (diff) |
Use cache for authentication backends
The commit introduces the following API incompatibilities:
In ejabberd_auth.erl:
* dirty_get_registered_users/0 is renamed to get_users/0
* get_vh_registered_users/1 is renamed to get_users/1
* get_vh_registered_users/2 is renamed to get_users/2
* get_vh_registered_users_number/1 is renamed to count_users/1
* get_vh_registered_users_number/2 is renamed to count_users/2
In ejabberd_auth callbacks
* plain_password_required/0 is replaced by plain_password_required/1
where the argument is a virtual host
* store_type/0 is replaced by store_type/1 where the argument is
a virtual host
* set_password/3 is now an optional callback
* remove_user/3 callback is no longer needed
* remove_user/2 now should return `ok | {error, atom()}`
* is_user_exists/2 now must only be implemented for backends
with `external` store type
* check_password/6 is no longer needed
* check_password/4 now must only be implemented for backends
with `external` store type
* try_register/3 is now an optional callback and should return
`ok | {error, atom()}`
* dirty_get_registered_users/0 is no longer needed
* get_vh_registered_users/1 is no longer needed
* get_vh_registered_users/2 is renamed to get_users/2
* get_vh_registered_users_number/1 is no longer needed
* get_vh_registered_users_number/2 is renamed to count_users/2
* get_password_s/2 is no longer needed
* get_password/2 now must only be implemented for backends with
`plain` or `scram` store type
Additionally, the commit introduces two new callbacks:
* use_cache/1 where the argument is a virtual host
* cache_nodes/1 where the argument is a virtual host
New options are also introduced: `auth_use_cache`, `auth_cache_missed`,
`auth_cache_life_time` and `auth_cache_size`.
Diffstat (limited to 'src/ejabberd_auth_anonymous.erl')
-rw-r--r-- | src/ejabberd_auth_anonymous.erl | 86 |
1 files changed, 12 insertions, 74 deletions
diff --git a/src/ejabberd_auth_anonymous.erl b/src/ejabberd_auth_anonymous.erl index 5bb2daed7..b3ae1f6dd 100644 --- a/src/ejabberd_auth_anonymous.erl +++ b/src/ejabberd_auth_anonymous.erl @@ -40,15 +40,9 @@ unregister_connection/3 ]). --export([login/2, set_password/3, check_password/4, - check_password/6, try_register/3, - dirty_get_registered_users/0, get_vh_registered_users/1, - get_vh_registered_users/2, - get_vh_registered_users_number/1, - get_vh_registered_users_number/2, get_password_s/2, - get_password/2, get_password/3, is_user_exists/2, - remove_user/2, remove_user/3, store_type/0, - plain_password_required/0, opt_type/1]). +-export([login/2, check_password/4, is_user_exists/2, + get_users/2, count_users/2, store_type/1, + plain_password_required/1, opt_type/1]). -include("ejabberd.hrl"). -include("logger.hrl"). @@ -139,15 +133,7 @@ unregister_connection(_SID, %% --------------------------------- %% Specific anonymous auth functions %% --------------------------------- - -%% When anonymous login is enabled, check the password for permenant users -%% before allowing access -check_password(User, AuthzId, Server, Password) -> - check_password(User, AuthzId, Server, Password, undefined, - undefined). - -check_password(User, _AuthzId, Server, _Password, _Digest, - _DigestGen) -> +check_password(User, _AuthzId, Server, _Password) -> case ejabberd_auth:is_user_exists_in_other_modules(?MODULE, User, Server) @@ -173,68 +159,20 @@ login(User, Server) -> end end. -%% When anonymous login is enabled, check that the user is permanent before -%% changing its password -set_password(User, Server, _Password) -> - case anonymous_user_exist(User, Server) of - true -> ok; - false -> {error, not_allowed} - end. - -%% When anonymous login is enabled, check if permanent users are allowed on -%% the server: -try_register(_User, _Server, _Password) -> - {error, not_allowed}. - -dirty_get_registered_users() -> []. - -get_vh_registered_users(Server) -> - [{U, S} - || {U, S, _R} - <- ejabberd_sm:get_vh_session_list(Server)]. - -get_vh_registered_users(Server, _) -> - get_vh_registered_users(Server). - -get_vh_registered_users_number(Server) -> - length(get_vh_registered_users(Server)). +get_users(Server, _) -> + [{U, S} || {U, S, _R} <- ejabberd_sm:get_vh_session_list(Server)]. -get_vh_registered_users_number(Server, _) -> - get_vh_registered_users_number(Server). - -%% Return password of permanent user or false for anonymous users -get_password(User, Server) -> - get_password(User, Server, <<"">>). - -get_password(User, Server, DefaultValue) -> - case anonymous_user_exist(User, Server) or - login(User, Server) - of - %% We return the default value if the user is anonymous - true -> DefaultValue; - %% We return the permanent user password otherwise - false -> false - end. - -get_password_s(User, Server) -> - case get_password(User, Server) of - false -> - <<"">>; - Password -> - Password - end. +count_users(Server, Opts) -> + length(get_users(Server, Opts)). is_user_exists(User, Server) -> anonymous_user_exist(User, Server). -remove_user(_User, _Server) -> {error, not_allowed}. - -remove_user(_User, _Server, _Password) -> not_allowed. - -plain_password_required() -> false. +plain_password_required(_) -> + false. -store_type() -> - plain. +store_type(_) -> + external. -spec opt_type(allow_multiple_connection) -> fun((boolean()) -> boolean()); (anonymous_protocol) -> fun((sasl_anon | login_anon | both) -> |