allow roster invite tokens to create account

only if inviter is allowed to issue create account invites
always return create account uri with ";register" suffix

Author: sstrigler

src/mod_invites.erl

@@ -34,8 +34,8 @@
 
 -export([depends/2, mod_doc/0, mod_options/1, mod_opt_type/1, reload/3, start/2, stop/1]).
 -export([adhoc_commands/4, adhoc_items/4, c2s_unauthenticated_packet/2, cleanup_expired/0,
-         expire_tokens/2, gen_invite/1, gen_invite/2, get_invite/2, is_reserved/3,
-         is_token_valid/2, list_invites/1, remove_user/2, roster_add/2,
+         create_account_allowed/2, expire_tokens/2, gen_invite/1, gen_invite/2, get_invite/2,
+         is_reserved/3, is_token_valid/2, list_invites/1, remove_user/2, roster_add/2,
          s2s_receive_packet/1, send_presence/3, set_invitee/3, sm_receive_packet/1,
          stream_feature_register/2, token_uri/1, xdata_field/3]).
 
@@ -649,10 +649,12 @@ invite_token(Type, Host, Inviter, AccountName0) ->
                                     account_name = AccountName},
                       mod_invites_opt:token_expire_seconds(Host)).
 
-token_uri(#invite_token{type = account_only,
+token_uri(#invite_token{type = Type,
                         token = Token,
                         account_name = AccountName,
-                        inviter = {_User, Host}}) ->
+                        inviter = {_User, Host}})
+  when Type =:= account_only;
+       Type =:= account_subscription ->
     Invitee =
         case AccountName of
             <<>> ->
@@ -661,16 +663,20 @@ token_uri(#invite_token{type = account_only,
                 <<AccountName/binary, "@", Host/binary>>
         end,
     <<"xmpp:", Invitee/binary, "?register;preauth=", Token/binary>>;
-token_uri(#invite_token{type = account_subscription,
-                        token = Token,
-                        inviter = {User, Host}}) ->
-    Inviter = jid:to_string(jid:make(User, Host)),
-    <<"xmpp:", Inviter/binary, "?roster;preauth=", Token/binary, ";ibr=y">>;
 token_uri(#invite_token{type = roster_only,
                         token = Token,
                         inviter = {User, Host}}) ->
+    IBR = maybe_add_ibr_allowed(User, Host),
     Inviter = jid:to_string(jid:make(User, Host)),
-    <<"xmpp:", Inviter/binary, "?roster;preauth=", Token/binary>>.
+    <<"xmpp:", Inviter/binary, "?roster;preauth=", Token/binary, IBR/binary>>.
+
+maybe_add_ibr_allowed(User, Host) ->
+    case create_account_allowed(Host, jid:make(User, Host)) of
+        ok ->
+            <<";ibr=y">>;
+        {error, not_allowed} ->
+            <<>>
+    end.
 
 landing_page(Host, Invite) ->
     mod_invites_http:landing_page(Host, Invite).

src/mod_invites_http.erl

@@ -83,7 +83,7 @@ process([?STATIC | StaticFile], #request{host = Host} = Request) ->
     end;
 process([Token | _] = LocalPath, #request{host = Host, lang = Lang} = Request) ->
     ?DEBUG("Requested:~n~p", [Request]),
-    case mod_invites:is_token_valid(Host, Token) of
+    try mod_invites:is_token_valid(Host, Token) of
         true ->
             case mod_invites:get_invite(Host, Token) of
                 #invite_token{type = 'roster_only'} = Invite ->
@@ -93,6 +93,9 @@ process([Token | _] = LocalPath, #request{host = Host, lang = Lang} = Request) -
                 end;
         false ->
             ?NOT_FOUND(render(Host, Lang, <<"invite_invalid.html">>, ctx(Request)))
+    catch
+        _:not_found ->
+            ?NOT_FOUND
     end;
 process([], _Request) ->
     ?NOT_FOUND.

src/mod_invites_mnesia.erl

@@ -97,7 +97,7 @@ is_token_valid(Host, Token, Scope) ->
         [#invite_token{}] ->
             false;
         [] ->
-            false
+            throw(not_found)
     end.
 
 list_invites(Host) ->

src/mod_invites_register.erl

@@ -161,21 +161,33 @@ maybe_create_mutual_subscription(#invite_token{inviter = {User, Server}, invitee
 
 process_token(#{server := Host} = State, Token, #iq{lang = Lang} = IQ) ->
     ?DEBUG("checking token (~s): ~s", [Host, Token]),
-    case mod_invites:is_token_valid(Host, Token) of
+    try mod_invites:is_token_valid(Host, Token) of
         true ->
-            case mod_invites:get_invite(Host, Token) of
-                #invite_token{type = 'roster_only'} ->
-                    Text = ?T("The token provided is either invalid or expired."),
-                    {State, make_stripped_error(IQ, #preauth{}, xmpp:err_item_not_found(Text, Lang))};
-                Invite ->
+            Invite = #invite_token{inviter = {User, Host}} =
+                mod_invites:get_invite(Host, Token),
+            case create_account_allowed(User, Host) of
+                ok ->
                     NewState = State#{invite => Invite},
-                    {NewState, xmpp:make_iq_result(IQ)}
+                    {NewState, xmpp:make_iq_result(IQ)};
+                {error, not_allowed} ->
+                    {State, preauth_invalid(IQ, Lang)}
                 end;
         false ->
-            Text = ?T("The token provided is either invalid or expired."),
-            {State, make_stripped_error(IQ, #preauth{}, xmpp:err_item_not_found(Text, Lang))}
+            {State, preauth_invalid(IQ, Lang)}
+    catch
+        _:not_found ->
+            {State, preauth_invalid(IQ, Lang)}
     end.
 
+create_account_allowed(<<>>, _Host) ->
+    ok;
+create_account_allowed(User, Host) ->
+    mod_invites:create_account_allowed(Host, jid:make(User, Host)).
+
+preauth_invalid(IQ, Lang) ->
+    Text = ?T("The token provided is either invalid or expired."),
+    make_stripped_error(IQ, #preauth{}, xmpp:err_item_not_found(Text, Lang)).
+
 try_register(Token,
              User,
              Server,

src/mod_invites_sql.erl

@@ -143,7 +143,17 @@ is_token_valid(Host, Token, {User, Host}) ->
         ejabberd_sql:sql_query(Host,
                                ?SQL("SELECT @(token)s FROM invite_token WHERE %(Host)H AND token = %(Token)s AND "
                                     "invitee = '' AND expires > now() AND (%(User)s = '' OR username = %(User)s)")),
-    Rows /= [].
+    case Rows /= [] of
+        true ->
+            true;
+        false ->
+            case get_invite(Host, Token) of
+                {error, not_found} ->
+                    throw(not_found);
+                _ ->
+                    false
+            end
+    end.
 
 list_invites(Host) ->
     {selected, Rows} =

test/invites_tests.erl

@@ -189,19 +189,21 @@ adhoc_command_create_account(Config) ->
            re:run(xdata_field(<<"uri">>, ResultXDataFields2),
                   <<"xmpp:foobar@", Server/binary, "\\?register;preauth=(.+)">>)),
     ResultXDataFields3 = test_create_account(Config, <<>>, <<"1">>),
-    Inviter = ?config(user, Config),
-    ?match({match, [Inviter, _]},
+    ?match({match, _},
            re:run(xdata_field(<<"uri">>, ResultXDataFields3),
-                  <<"xmpp:(.+)", "@", Server/binary, "\\?roster;preauth=([a-zA-Z0-9]+);ibr=y">>,
+                  <<"xmpp:", Server/binary, "\\?register;preauth=([a-zA-Z0-9]+)">>,
                   [{capture, all_but_first, binary}])),
-    Token = token_from_uri(xdata_field(<<"uri">>, ResultXDataFields3, <<>>)),
+    Token3 = token_from_uri(xdata_field(<<"uri">>, ResultXDataFields3, <<>>)),
     #invite_token{account_name = <<>>, type = account_subscription} =
-        mod_invites:get_invite(Server, Token),
+        mod_invites:get_invite(Server, Token3),
     ResultXDataFields4 = test_create_account(Config, <<"foobar">>, <<"1">>),
-    ?match({match, [Inviter, _]},
+    ?match({match, _},
            re:run(xdata_field(<<"uri">>, ResultXDataFields4),
-                  <<"xmpp:(.+)", "@", Server/binary, "\\?roster;preauth=([a-zA-Z0-9]+);ibr=y">>,
+                  <<"xmpp:foobar@", Server/binary, "\\?register;preauth=([a-zA-Z0-9]+)">>,
                   [{capture, all_but_first, binary}])),
+    Token4 = token_from_uri(xdata_field(<<"uri">>, ResultXDataFields4, <<>>)),
+    #invite_token{account_name = <<"foobar">>, type = account_subscription} =
+        mod_invites:get_invite(Server, Token4),
     update_module_opts(Server, mod_invites, OldOpts),
     User = jid:nodeprep(?config(user, Config)),
     mod_invites:remove_user(User, Server),
@@ -217,7 +219,12 @@ token_valid(Config) ->
     #invite_token{token = AccountToken} =
         create_account_invite(Server, Inviter),
     ?match(true, mod_invites:is_token_valid(Server, AccountToken, Inviter)),
-    ?match(false, mod_invites:is_token_valid(Server, <<"madeUptoken">>)),
+    try mod_invites:is_token_valid(Server, <<"madeUptoken">>) of
+        break -> broken
+    catch
+        _:E ->
+            ?match(not_found, E)
+    end,
     ?match(false,
            mod_invites:is_token_valid(Server, AccountToken, {<<"someoneElse">>, Server})),
     mod_invites:expire_tokens(<<"foo">>, Server),
@@ -386,15 +393,19 @@ ibr_subscription(Config0) ->
     NewAccount = <<"new_friend">>,
     NewAccountJID = jid:make(NewAccount, Server),
     gen_mod:stop_module_keep_config(Server, mod_vcard_xupdate),
+    OldOpts = gen_mod:get_module_opts(Server, mod_invites),
+    NewOpts = gen_mod:set_opt(access_create_account, account_invite, OldOpts),
+    update_module_opts(Server, mod_invites, NewOpts),
+
     self_presence(Config0, available),
 
     #invite_token{token = Token} =
         mod_invites:create_account_invite(Server, {User, Server}, NewAccount, true),
 
     Config1 = set_opts([{user, NewAccount},
-                       {password, <<"mySecret">>},
-                       {resource, <<"invite_tests">>},
-                       {receiver, undefined}], Config0),
+                        {password, <<"mySecret">>},
+                        {resource, <<"invite_tests">>},
+                        {receiver, undefined}], Config0),
     Config = connect(Config1),
 
     ?match(#iq{type = result}, send_pars(Config, Token)),
@@ -429,6 +440,7 @@ ibr_subscription(Config0) ->
     mod_roster:del_roster(User, Server, jid:tolower(NewAccountJID)),
     mod_roster:del_roster(NewAccount, Server, jid:tolower(UserJID)),
 
+    update_module_opts(Server, mod_invites, OldOpts),
     disconnect(Config0),
     disconnect(Config).