register users using adhoc commands

[imaginator]

• Inband registration is often not enabled on sites.
• Inband registration is often misconfigured and results in spammers registering.
• We require Adhoc commands for password resetting.
• Better to always have fewer install requirements

This enhancement is to swich the current registration from inband to use http://xmpp.org/extensions/xep-0133.html#add-user

[denisw]

How should this work? The XEP-0133 commands can only be sent by administrator accounts. The only possibility would be to require an admin account to be created for the HTTP API, but this would add yet another step to the already quite tedious buddycloud setup process.

[imaginator]

To do any of the password change stuff we already require this.

https://github.com/buddycloud/buddycloud-http-api/blob/master/src/password.js#L79

I know there are a lot of steps, but there isn't a better way of deleting accounts or doing password reset.

[lloydwatkin]

Why wouldn't we improve in band registration rather than use something else? http://xmpp.org/extensions/xep-0077.html

[imaginator]

Here's how I see it.

Right now we need two modules:

• inband registration (and properly restricting to only be reachable on localhost (spammer protection etc))
• ad hoc module +admin user (for resetting passwords and deleting users.)

my proposal is to simplify the install so that we have:

• ad hoc for creating users, resetting passwords and deleting users.

At the end of the day it's not a big issue: just reduces the number of moving parts