1 |
|
-module(mod_auth_token). |
2 |
|
|
3 |
|
-behaviour(gen_mod). |
4 |
|
-behaviour(mongoose_module_metrics). |
5 |
|
|
6 |
|
-include("mongoose.hrl"). |
7 |
|
-include("ejabberd_commands.hrl"). |
8 |
|
-include("jlib.hrl"). |
9 |
|
-include("mod_auth_token.hrl"). |
10 |
|
-include("mongoose_config_spec.hrl"). |
11 |
|
|
12 |
|
%% gen_mod callbacks |
13 |
|
-export([start/2]). |
14 |
|
-export([stop/1]). |
15 |
|
-export([supported_features/0]). |
16 |
|
-export([config_spec/0]). |
17 |
|
|
18 |
|
%% Hook handlers |
19 |
|
-export([clean_tokens/3, |
20 |
|
disco_local_features/1]). |
21 |
|
|
22 |
|
%% gen_iq_handler handlers |
23 |
|
-export([process_iq/5]). |
24 |
|
|
25 |
|
%% Public API |
26 |
|
-export([authenticate/2, |
27 |
|
revoke/2, |
28 |
|
token/3]). |
29 |
|
|
30 |
|
%% Token serialization |
31 |
|
-export([deserialize/1, |
32 |
|
serialize/1]). |
33 |
|
|
34 |
|
%% Command-line interface |
35 |
|
-export([revoke_token_command/1]). |
36 |
|
|
37 |
|
%% Test only! |
38 |
|
-export([datetime_to_seconds/1, |
39 |
|
seconds_to_datetime/1]). |
40 |
|
-export([expiry_datetime/3, |
41 |
|
get_key_for_host_type/2, |
42 |
|
token_with_mac/2]). |
43 |
|
|
44 |
|
-export([config_metrics/1]). |
45 |
|
|
46 |
|
-export_type([period/0, |
47 |
|
sequence_no/0, |
48 |
|
token/0, |
49 |
|
token_type/0]). |
50 |
|
|
51 |
|
-ignore_xref([ |
52 |
|
behaviour_info/1, clean_tokens/3, datetime_to_seconds/1, deserialize/1, |
53 |
|
disco_local_features/1, expiry_datetime/3, get_key_for_host_type/2, process_iq/5, |
54 |
|
revoke/2, revoke_token_command/1, seconds_to_datetime/1, serialize/1, token/3, |
55 |
|
token_with_mac/2 |
56 |
|
]). |
57 |
|
|
58 |
|
-type error() :: error | {error, any()}. |
59 |
|
-type period() :: #{value := non_neg_integer(), |
60 |
|
unit := days | hours | minutes | seconds}. |
61 |
|
-type sequence_no() :: integer(). |
62 |
|
-type serialized() :: binary(). |
63 |
|
-type token() :: #token{}. |
64 |
|
-type token_type() :: access | refresh | provision. |
65 |
|
-type validation_result() :: {ok, module(), jid:user()} |
66 |
|
| {ok, module(), jid:user(), binary()} |
67 |
|
| error(). |
68 |
|
|
69 |
|
-define(A2B(A), atom_to_binary(A, utf8)). |
70 |
|
|
71 |
|
-define(I2B(I), integer_to_binary(I)). |
72 |
|
-define(B2I(B), binary_to_integer(B)). |
73 |
|
|
74 |
|
%% |
75 |
|
%% gen_mod callbacks |
76 |
|
%% |
77 |
|
|
78 |
|
-spec start(mongooseim:host_type(), gen_mod:module_opts()) -> ok. |
79 |
|
start(HostType, #{iqdisc := IQDisc} = Opts) -> |
80 |
:-( |
mod_auth_token_backend:start(HostType, Opts), |
81 |
:-( |
ejabberd_hooks:add(hooks(HostType)), |
82 |
:-( |
gen_iq_handler:add_iq_handler_for_domain( |
83 |
|
HostType, ?NS_ESL_TOKEN_AUTH, ejabberd_sm, |
84 |
|
fun ?MODULE:process_iq/5, #{}, IQDisc), |
85 |
:-( |
ejabberd_commands:register_commands(commands()), |
86 |
:-( |
ok. |
87 |
|
|
88 |
|
-spec stop(mongooseim:host_type()) -> ok. |
89 |
|
stop(HostType) -> |
90 |
:-( |
gen_iq_handler:remove_iq_handler_for_domain(HostType, ?NS_ESL_TOKEN_AUTH, ejabberd_sm), |
91 |
:-( |
ejabberd_hooks:delete(hooks(HostType)), |
92 |
:-( |
ok. |
93 |
|
|
94 |
|
hooks(HostType) -> |
95 |
:-( |
[{remove_user, HostType, ?MODULE, clean_tokens, 50}, |
96 |
|
{disco_local_features, HostType, ?MODULE, disco_local_features, 90}]. |
97 |
|
|
98 |
|
-spec supported_features() -> [atom()]. |
99 |
|
supported_features() -> |
100 |
:-( |
[dynamic_domains]. |
101 |
|
|
102 |
|
-spec config_spec() -> mongoose_config_spec:config_section(). |
103 |
|
config_spec() -> |
104 |
166 |
#section{ |
105 |
|
items = #{<<"backend">> => #option{type = atom, |
106 |
|
validate = {module, mod_auth_token}}, |
107 |
|
<<"validity_period">> => validity_periods_spec(), |
108 |
|
<<"iqdisc">> => mongoose_config_spec:iqdisc()}, |
109 |
|
defaults = #{<<"backend">> => rdbms, |
110 |
|
<<"iqdisc">> => no_queue}, |
111 |
|
format_items = map |
112 |
|
}. |
113 |
|
|
114 |
|
validity_periods_spec() -> |
115 |
166 |
#section{ |
116 |
|
items = #{<<"access">> => validity_period_spec(), |
117 |
|
<<"refresh">> => validity_period_spec()}, |
118 |
|
defaults = #{<<"access">> => #{value => 1, unit => hours}, |
119 |
|
<<"refresh">> => #{value => 25, unit => days}}, |
120 |
|
format_items = map, |
121 |
|
include = always |
122 |
|
}. |
123 |
|
|
124 |
|
validity_period_spec() -> |
125 |
332 |
#section{ |
126 |
|
items = #{<<"value">> => #option{type = integer, |
127 |
|
validate = non_negative}, |
128 |
|
<<"unit">> => #option{type = atom, |
129 |
|
validate = {enum, [days, hours, minutes, seconds]}} |
130 |
|
}, |
131 |
|
required = all, |
132 |
|
format_items = map |
133 |
|
}. |
134 |
|
|
135 |
|
-spec commands() -> [ejabberd_commands:cmd()]. |
136 |
|
commands() -> |
137 |
:-( |
[#ejabberd_commands{ name = revoke_token, tags = [tokens], |
138 |
|
desc = "Revoke REFRESH token", |
139 |
|
module = ?MODULE, function = revoke_token_command, |
140 |
|
args = [{owner, binary}], result = {res, restuple} }]. |
141 |
|
|
142 |
|
%% |
143 |
|
%% Other stuff |
144 |
|
%% |
145 |
|
|
146 |
|
-spec serialize(token()) -> serialized(). |
147 |
:-( |
serialize(#token{mac_signature = undefined} = T) -> error(incomplete_token, [T]); |
148 |
:-( |
serialize(#token{token_body = undefined} = T) -> error(incomplete_token, [T]); |
149 |
|
serialize(#token{token_body = Body, mac_signature = MAC}) -> |
150 |
:-( |
<<Body/bytes, (field_separator()), (base16:encode(MAC))/bytes>>. |
151 |
|
|
152 |
|
%% #token{} contains fields which are: |
153 |
|
%% - primary - these have to be supplied on token creation, |
154 |
|
%% - dependent - these are computed based on the primary fields. |
155 |
|
%% `token_with_mac/2` computes dependent fields and stores them in the record |
156 |
|
%% based on a record with just the primary fields. |
157 |
|
-spec token_with_mac(mongooseim:host_type(), token()) -> token(). |
158 |
|
token_with_mac(HostType, #token{mac_signature = undefined, token_body = undefined} = T) -> |
159 |
:-( |
Body = join_fields(T), |
160 |
:-( |
MAC = keyed_hash(Body, hmac_opts(HostType, T#token.type)), |
161 |
:-( |
T#token{token_body = Body, mac_signature = MAC}. |
162 |
|
|
163 |
|
-spec hmac_opts(mongooseim:host_type(), token_type()) -> [{any(), any()}]. |
164 |
|
hmac_opts(HostType, TokenType) -> |
165 |
:-( |
lists:keystore(key, 1, hmac_opts(), |
166 |
|
{key, get_key_for_host_type(HostType, TokenType)}). |
167 |
|
|
168 |
:-( |
field_separator() -> 0. |
169 |
|
|
170 |
|
join_fields(T) -> |
171 |
:-( |
Sep = field_separator(), |
172 |
:-( |
#token{type = Type, expiry_datetime = Expiry, user_jid = JID, |
173 |
|
sequence_no = SeqNo, vcard = VCard} = T, |
174 |
:-( |
case {Type, SeqNo} of |
175 |
|
{access, undefined} -> |
176 |
:-( |
<<(?A2B(Type))/bytes, Sep, |
177 |
|
(jid:to_binary(JID))/bytes, Sep, |
178 |
|
(?I2B(datetime_to_seconds(Expiry)))/bytes>>; |
179 |
|
{refresh, _} -> |
180 |
:-( |
<<(?A2B(Type))/bytes, Sep, |
181 |
|
(jid:to_binary(JID))/bytes, Sep, |
182 |
|
(?I2B(datetime_to_seconds(Expiry)))/bytes, Sep, |
183 |
|
(?I2B(SeqNo))/bytes>>; |
184 |
|
{provision, undefined} -> |
185 |
:-( |
<<(?A2B(Type))/bytes, Sep, |
186 |
|
(jid:to_binary(JID))/bytes, Sep, |
187 |
|
(?I2B(datetime_to_seconds(Expiry)))/bytes, Sep, |
188 |
|
(exml:to_binary(VCard))/bytes>> |
189 |
|
end. |
190 |
|
|
191 |
|
keyed_hash(Data, Opts) -> |
192 |
:-( |
Type = proplists:get_value(hmac_type, Opts, sha384), |
193 |
:-( |
{key, Key} = lists:keyfind(key, 1, Opts), |
194 |
:-( |
crypto:mac(hmac, Type, Key, Data). |
195 |
|
|
196 |
|
hmac_opts() -> |
197 |
:-( |
[]. |
198 |
|
|
199 |
|
-spec deserialize(serialized()) -> token(). |
200 |
|
deserialize(Serialized) when is_binary(Serialized) -> |
201 |
:-( |
get_token_as_record(Serialized). |
202 |
|
|
203 |
|
-spec revoke(mongooseim:host_type(), jid:jid()) -> ok | not_found | error. |
204 |
|
revoke(HostType, Owner) -> |
205 |
:-( |
try |
206 |
:-( |
mod_auth_token_backend:revoke(HostType, Owner) |
207 |
|
catch |
208 |
|
Class:Reason:Stacktrace -> |
209 |
:-( |
?LOG_ERROR(#{what => auth_token_revoke_failed, |
210 |
|
user => Owner#jid.luser, server => Owner#jid.lserver, |
211 |
:-( |
class => Class, reason => Reason, stacktrace => Stacktrace}), |
212 |
:-( |
error |
213 |
|
end. |
214 |
|
|
215 |
|
-spec authenticate(mongooseim:host_type(), serialized()) -> validation_result(). |
216 |
|
authenticate(HostType, SerializedToken) -> |
217 |
:-( |
try |
218 |
:-( |
do_authenticate(HostType, SerializedToken) |
219 |
|
catch |
220 |
:-( |
_:_ -> {error, internal_server_error} |
221 |
|
end. |
222 |
|
|
223 |
|
do_authenticate(HostType, SerializedToken) -> |
224 |
:-( |
#token{user_jid = Owner} = Token = deserialize(SerializedToken), |
225 |
:-( |
{Criteria, Result} = validate_token(HostType, Token), |
226 |
:-( |
?LOG_INFO(#{what => auth_token_validate, |
227 |
|
user => Owner#jid.luser, server => Owner#jid.lserver, |
228 |
:-( |
criteria => Criteria, result => Result}), |
229 |
:-( |
case {Result, Token#token.type} of |
230 |
|
{ok, access} -> |
231 |
:-( |
{ok, mod_auth_token, Owner#jid.luser}; |
232 |
|
{ok, refresh} -> |
233 |
:-( |
case token(HostType, Owner, access) of |
234 |
|
#token{} = T -> |
235 |
:-( |
{ok, mod_auth_token, Owner#jid.luser, serialize(T)}; |
236 |
|
{error, R} -> |
237 |
:-( |
{error, R} |
238 |
|
end; |
239 |
|
{ok, provision} -> |
240 |
:-( |
case set_vcard(HostType, Owner, Token#token.vcard) of |
241 |
|
{error, Reason} -> |
242 |
:-( |
?LOG_WARNING(#{what => auth_token_set_vcard_failed, |
243 |
|
reason => Reason, token_vcard => Token#token.vcard, |
244 |
|
user => Owner#jid.luser, server => Owner#jid.lserver, |
245 |
:-( |
criteria => Criteria, result => Result}), |
246 |
:-( |
{ok, mod_auth_token, Owner#jid.luser}; |
247 |
|
ok -> |
248 |
:-( |
{ok, mod_auth_token, Owner#jid.luser} |
249 |
|
end; |
250 |
|
{error, _} -> |
251 |
:-( |
{error, {Owner#jid.luser, [ Criterion |
252 |
:-( |
|| {_, false} = Criterion <- Criteria ]}} |
253 |
|
end. |
254 |
|
|
255 |
|
set_vcard(HostType, #jid{} = User, #xmlel{} = VCard) -> |
256 |
:-( |
mongoose_hooks:set_vcard(HostType, User, VCard). |
257 |
|
|
258 |
|
validate_token(HostType, Token) -> |
259 |
:-( |
Criteria = [{mac_valid, is_mac_valid(HostType, Token)}, |
260 |
|
{not_expired, is_not_expired(Token)}, |
261 |
|
{not_revoked, not is_revoked(Token, HostType)}], |
262 |
:-( |
Result = case Criteria of |
263 |
:-( |
[{_, true}, {_, true}, {_, true}] -> ok; |
264 |
:-( |
_ -> error |
265 |
|
end, |
266 |
:-( |
{Criteria, Result}. |
267 |
|
|
268 |
|
is_mac_valid(HostType, #token{type = Type, token_body = Body, mac_signature = ReceivedMAC}) -> |
269 |
:-( |
ComputedMAC = keyed_hash(Body, hmac_opts(HostType, Type)), |
270 |
:-( |
ReceivedMAC =:= ComputedMAC. |
271 |
|
|
272 |
|
is_not_expired(#token{expiry_datetime = Expiry}) -> |
273 |
:-( |
utc_now_as_seconds() < datetime_to_seconds(Expiry). |
274 |
|
|
275 |
|
is_revoked(#token{type = T}, _) when T =:= access; |
276 |
|
T =:= provision -> |
277 |
:-( |
false; |
278 |
|
is_revoked(#token{type = refresh, sequence_no = TokenSeqNo} = T, HostType) -> |
279 |
:-( |
try |
280 |
:-( |
ValidSeqNo = mod_auth_token_backend:get_valid_sequence_number(HostType, T#token.user_jid), |
281 |
:-( |
TokenSeqNo < ValidSeqNo |
282 |
|
catch |
283 |
|
Class:Reason:Stacktrace -> |
284 |
:-( |
?LOG_ERROR(#{what => auth_token_revocation_check_failed, |
285 |
|
text => <<"Error checking revocation status">>, |
286 |
|
token_seq_no => TokenSeqNo, |
287 |
:-( |
class => Class, reason => Reason, stacktrace => Stacktrace}), |
288 |
:-( |
true |
289 |
|
end. |
290 |
|
|
291 |
|
-spec process_iq(mongoose_acc:t(), jid:jid(), jid:jid(), jlib:iq(), any()) -> |
292 |
|
{mongoose_acc:t(), jlib:iq()} | error(). |
293 |
|
process_iq(Acc, From, To, #iq{xmlns = ?NS_ESL_TOKEN_AUTH} = IQ, _Extra) -> |
294 |
:-( |
IQResp = process_local_iq(Acc, From, To, IQ), |
295 |
:-( |
{Acc, IQResp}; |
296 |
|
process_iq(Acc, _From, _To, #iq{} = IQ, _Extra) -> |
297 |
:-( |
{Acc, iq_error(IQ, [mongoose_xmpp_errors:bad_request()])}. |
298 |
|
|
299 |
|
process_local_iq(Acc, From, _To, IQ) -> |
300 |
:-( |
try create_token_response(Acc, From, IQ) of |
301 |
:-( |
#iq{} = Response -> Response; |
302 |
:-( |
{error, Reason} -> iq_error(IQ, [Reason]) |
303 |
|
catch |
304 |
:-( |
_:_ -> iq_error(IQ, [mongoose_xmpp_errors:internal_server_error()]) |
305 |
|
end. |
306 |
|
|
307 |
|
iq_error(IQ, SubElements) when is_list(SubElements) -> |
308 |
:-( |
IQ#iq{type = error, sub_el = SubElements}. |
309 |
|
|
310 |
|
create_token_response(Acc, From, IQ) -> |
311 |
:-( |
HostType = mongoose_acc:host_type(Acc), |
312 |
:-( |
case {token(HostType, From, access), token(HostType, From, refresh)} of |
313 |
|
{#token{} = AccessToken, #token{} = RefreshToken} -> |
314 |
:-( |
IQ#iq{type = result, |
315 |
|
sub_el = [#xmlel{name = <<"items">>, |
316 |
|
attrs = [{<<"xmlns">>, ?NS_ESL_TOKEN_AUTH}], |
317 |
|
children = [token_to_xmlel(AccessToken), |
318 |
|
token_to_xmlel(RefreshToken)]}]}; |
319 |
:-( |
{_, _} -> {error, mongoose_xmpp_errors:internal_server_error()} |
320 |
|
end. |
321 |
|
|
322 |
|
-spec datetime_to_seconds(calendar:datetime()) -> non_neg_integer(). |
323 |
|
datetime_to_seconds(DateTime) -> |
324 |
:-( |
calendar:datetime_to_gregorian_seconds(DateTime). |
325 |
|
|
326 |
|
-spec seconds_to_datetime(non_neg_integer()) -> calendar:datetime(). |
327 |
|
seconds_to_datetime(Seconds) -> |
328 |
:-( |
calendar:gregorian_seconds_to_datetime(Seconds). |
329 |
|
|
330 |
|
utc_now_as_seconds() -> |
331 |
:-( |
datetime_to_seconds(calendar:universal_time()). |
332 |
|
|
333 |
|
-spec token(mongooseim:host_type(), jid:jid(), token_type()) -> token() | error(). |
334 |
|
token(HostType, User, Type) -> |
335 |
:-( |
ExpiryTime = expiry_datetime(HostType, Type, utc_now_as_seconds()), |
336 |
:-( |
T = #token{type = Type, expiry_datetime = ExpiryTime, user_jid = User}, |
337 |
:-( |
try |
338 |
:-( |
T2 = case Type of |
339 |
:-( |
access -> T; |
340 |
|
refresh -> |
341 |
:-( |
ValidSeqNo = mod_auth_token_backend:get_valid_sequence_number(HostType, User), |
342 |
:-( |
T#token{sequence_no = ValidSeqNo} |
343 |
|
end, |
344 |
:-( |
token_with_mac(HostType, T2) |
345 |
|
catch |
346 |
|
Class:Reason:Stacktrace -> |
347 |
:-( |
?LOG_ERROR(#{what => auth_token_revocation_check_failed, |
348 |
|
text => <<"Error creating token sequence number">>, |
349 |
|
token_type => Type, expiry_datetime => ExpiryTime, |
350 |
|
user => User#jid.luser, server => User#jid.lserver, |
351 |
:-( |
class => Class, reason => Reason, stacktrace => Stacktrace}), |
352 |
:-( |
{error, {Class, Reason}} |
353 |
|
end. |
354 |
|
|
355 |
|
-spec expiry_datetime(mongooseim:host_type(), token_type(), non_neg_integer()) -> |
356 |
|
calendar:datetime(). |
357 |
|
expiry_datetime(HostType, Type, UTCSeconds) -> |
358 |
:-( |
#{value := Value, unit := Unit} = get_validity_period(HostType, Type), |
359 |
:-( |
seconds_to_datetime(UTCSeconds + period_to_seconds(Value, Unit)). |
360 |
|
|
361 |
|
-spec get_validity_period(mongooseim:host_type(), token_type()) -> period(). |
362 |
|
get_validity_period(HostType, Type) -> |
363 |
:-( |
gen_mod:get_module_opt(HostType, ?MODULE, [validity_period, Type]). |
364 |
|
|
365 |
:-( |
period_to_seconds(Days, days) -> 24 * 3600 * Days; |
366 |
:-( |
period_to_seconds(Hours, hours) -> 3600 * Hours; |
367 |
:-( |
period_to_seconds(Minutes, minutes) -> 60 * Minutes; |
368 |
:-( |
period_to_seconds(Seconds, seconds) -> Seconds. |
369 |
|
|
370 |
|
token_to_xmlel(#token{type = Type} = T) -> |
371 |
:-( |
#xmlel{name = case Type of |
372 |
:-( |
access -> <<"access_token">>; |
373 |
:-( |
refresh -> <<"refresh_token">> |
374 |
|
end, |
375 |
|
attrs = [{<<"xmlns">>, ?NS_ESL_TOKEN_AUTH}], |
376 |
|
children = [#xmlcdata{content = jlib:encode_base64(serialize(T))}]}. |
377 |
|
|
378 |
|
%% args: Token with Mac decoded from transport, #token |
379 |
|
%% is shared between tokens. Introduce other container types if |
380 |
|
%% they start to differ more than a few fields. |
381 |
|
-spec get_token_as_record(BToken) -> Token when |
382 |
|
BToken :: serialized(), |
383 |
|
Token :: token(). |
384 |
|
get_token_as_record(BToken) -> |
385 |
:-( |
[BType, User, Expiry | Rest] = binary:split(BToken, <<(field_separator())>>, [global]), |
386 |
:-( |
T = #token{type = decode_token_type(BType), |
387 |
|
expiry_datetime = seconds_to_datetime(binary_to_integer(Expiry)), |
388 |
|
user_jid = jid:from_binary(User)}, |
389 |
:-( |
T1 = case {BType, Rest} of |
390 |
|
{<<"access">>, [BMAC]} -> |
391 |
:-( |
T#token{mac_signature = base16:decode(BMAC)}; |
392 |
|
{<<"refresh">>, [BSeqNo, BMAC]} -> |
393 |
:-( |
T#token{sequence_no = ?B2I(BSeqNo), |
394 |
|
mac_signature = base16:decode(BMAC)}; |
395 |
|
{<<"provision">>, [BVCard, BMAC]} -> |
396 |
:-( |
{ok, VCard} = exml:parse(BVCard), |
397 |
:-( |
T#token{vcard = VCard, |
398 |
|
mac_signature = base16:decode(BMAC)} |
399 |
|
end, |
400 |
:-( |
T1#token{token_body = join_fields(T1)}. |
401 |
|
|
402 |
|
-spec decode_token_type(binary()) -> token_type(). |
403 |
|
decode_token_type(<<"access">>) -> |
404 |
:-( |
access; |
405 |
|
decode_token_type(<<"refresh">>) -> |
406 |
:-( |
refresh; |
407 |
|
decode_token_type(<<"provision">>) -> |
408 |
:-( |
provision. |
409 |
|
|
410 |
|
-spec get_key_for_host_type(mongooseim:host_type(), token_type()) -> binary(). |
411 |
|
get_key_for_host_type(HostType, TokenType) -> |
412 |
:-( |
KeyName = key_name(TokenType), |
413 |
:-( |
[{{KeyName, _UsersHost}, RawKey}] = mongoose_hooks:get_key(HostType, KeyName), |
414 |
:-( |
RawKey. |
415 |
|
|
416 |
|
-spec key_name(token_type()) -> token_secret | provision_pre_shared. |
417 |
:-( |
key_name(access) -> token_secret; |
418 |
:-( |
key_name(refresh) -> token_secret; |
419 |
:-( |
key_name(provision) -> provision_pre_shared. |
420 |
|
|
421 |
|
-spec revoke_token_command(Owner) -> ResTuple when |
422 |
|
Owner :: binary(), |
423 |
|
ResCode :: ok | not_found | error, |
424 |
|
ResTuple :: {ResCode, string()}. |
425 |
|
revoke_token_command(Owner) -> |
426 |
:-( |
#jid{lserver = LServer} = Jid = jid:from_binary(Owner), |
427 |
:-( |
{ok, HostType} = mongoose_domain_api:get_domain_host_type(LServer), |
428 |
:-( |
try revoke(HostType, Jid) of |
429 |
|
not_found -> |
430 |
:-( |
{not_found, "User or token not found."}; |
431 |
|
ok -> |
432 |
:-( |
{ok, "Revoked."}; |
433 |
|
error -> |
434 |
:-( |
{error, "Internal server error"} |
435 |
|
catch _:_ -> |
436 |
:-( |
{error, "Internal server error"} |
437 |
|
end. |
438 |
|
|
439 |
|
-spec clean_tokens(mongoose_acc:t(), User :: jid:user(), Server :: jid:server()) -> |
440 |
|
mongoose_acc:t(). |
441 |
|
clean_tokens(Acc, User, Server) -> |
442 |
:-( |
HostType = mongoose_acc:host_type(Acc), |
443 |
:-( |
Owner = jid:make(User, Server, <<>>), |
444 |
:-( |
try |
445 |
:-( |
mod_auth_token_backend:clean_tokens(HostType, Owner) |
446 |
|
catch |
447 |
|
Class:Reason:Stacktrace -> |
448 |
:-( |
?LOG_ERROR(#{what => auth_token_clean_tokens_failed, |
449 |
|
text => <<"Error in clean_tokens backend">>, |
450 |
|
user => User, server => Server, acc => Acc, |
451 |
:-( |
class => Class, reason => Reason, stacktrace => Stacktrace}), |
452 |
:-( |
{error, {Class, Reason}} |
453 |
|
end, |
454 |
:-( |
Acc. |
455 |
|
|
456 |
|
-spec config_metrics(mongooseim:host_type()) -> [{gen_mod:opt_key(), gen_mod:opt_value()}]. |
457 |
|
config_metrics(HostType) -> |
458 |
:-( |
mongoose_module_metrics:opts_for_module(HostType, ?MODULE, [backend]). |
459 |
|
|
460 |
|
-spec disco_local_features(mongoose_disco:feature_acc()) -> mongoose_disco:feature_acc(). |
461 |
|
disco_local_features(Acc = #{node := <<>>}) -> |
462 |
:-( |
mongoose_disco:add_features([?NS_ESL_TOKEN_AUTH], Acc); |
463 |
|
disco_local_features(Acc) -> |
464 |
:-( |
Acc. |