#633 mod_auth_sql: password change support

Reporter Genilto Dallo
Owner Zash
Stars ★ (1)
  • Status-New
  • Component-Community
  • Priority-Medium
  • Patch
  • Type-Enhancement
  1. Genilto Dallo on

    What steps will reproduce the problem? 1. Change password from client 2. 3. What is the expected output? What do you see instead? Error when change password from clients. What version of the product are you using? On what operating system? Tested on prosody 0.9.8 and 0.9.10 Debian 8.2 Lua 5.1 Module "register" enabled Please provide any additional information below. XML Log: Sent:<iq id="agsXMPP_21" type="set" to="letsgrow.com.br"><query xmlns="jabber:iq:register"><username>geniltodallo</username><password>1234</password></query></iq> Received:<iq xmlns="jabber:client" from="letsgrow.com.br" to="geniltodallo@letsgrow.com.br/chatseguro5384" type="error" id="agsXMPP_21"><error type="wait"><internal-server-error xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" /></error></iq>

  2. Zash on

    Hi, thanks for the report. Some more info is needed: What authentication and storage modules do you use? What is logged during the password change attempt? If nothing, make sure debug logging is enabled.

    • owner Zash
  3. Genilto Dallo on

    Hi Zash, Authentication Mysql "sql" module Storage "sql" mam_sql for message archiving No error in logs: Debug logging: Mar 05 16:43:41 c2s18bdcce0 debug Received[c2s]: <iq id='purple4fadf095' type='set' to='letsgrow.com.br'>

  4. Genilto Dallo on

    Looking at the code of mod_auth_sql, the change password was not finished. Then I finish the update password function of the mod_auth_sql module. I'm looking how to commit the changes. Thanks!

  5. Genilto Dallo on

    # HG changeset patch # User Genilto Dallo <gd@chatseguro.net> # Date 1457227033 10800 # Sat Mar 05 22:17:13 2016 -0300 # Node ID bfe60fe03a04ddf9686b7129a6dcf4d24edb4f43 # Parent bd0c5d546bf8eef4e019a8600320e133852ef682 Finish set_password function diff -r bd0c5d546bf8 -r bfe60fe03a04 mod_auth_sql/mod_auth_sql.lua --- a/mod_auth_sql/mod_auth_sql.lua Fri Mar 04 17:16:13 2016 +0000 +++ b/mod_auth_sql/mod_auth_sql.lua Sat Mar 05 22:17:13 2016 -0300 @@ -70,6 +70,12 @@ return stmt; end +local function setsql(sql, ...) + local stmt, err = getsql(sql, ...); + if not stmt then return stmt, err; end + return stmt:affected(); +end + local function get_password(username) local stmt, err = getsql("SELECT `password` FROM `authreg` WHERE `username`=? AND `realm`=?", username, module.host); if stmt then @@ -89,7 +95,8 @@ return get_password(username); end function provider.set_password(username, password) - return nil, "Setting password is not supported."; + local stmt, err = setsql("UPDATE `authreg` SET `password`=? WHERE `username`=? AND `realm`=?", password, username, module.host); + return stmt and true, err; end function provider.user_exists(username) return get_password(username) and true;

  6. Renaud D on

    Hello I Have an issue with "internal" authentication while using Pidgin client : When a user wants to reset his password he gets the message : "Service Unavailable" Info : Lua 5.1.5 Prosody 0.9.10 Module "register" disabled Maybe it is the same source, did this change has been committed ?

  7. Genilto Dallo on

    Hi Renaud, no, I don't commit

  8. Zash on

    mod_auth_sql does indeed lack code for changing password. It's usually meant as a template for integrating with an existing SQL based system and in such cases it's often undesirable to support password change. Easily added, as your patch shows. Renauds issue is unrelated.

  9. johnnnny‎ on

    Renaul D: for password change, you have to allow module "register" and then use allow_registration = false; to disallow registrations :)

  10. Zash on

    • title Error on change password from client mod_auth_sql does not support password change
  11. Zash on

    • title mod_auth_sql does not support password change mod_auth_sql: password change support
    • tags Type-Defect Type-Enhancement
  12. Zash on

    • tags Component-Community
  13. Zash on

    • tags Patch

New comment

Not published. Used for spam prevention and optional update notifications.