aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_register.lua
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2017-02-21 18:54:44 +0100
committerKim Alvefur <zash@zash.se>2017-02-21 18:54:44 +0100
commit8f0ce7d3aed6814c8bb279bf9e7964f51769fc11 (patch)
tree506db3019f9c07b33499ccf6584f3cafdfe0d8b0 /plugins/mod_register.lua
parent6c35b4e278dc0b0c306c1714fc1490618b183f78 (diff)
downloadprosody-8f0ce7d3aed6814c8bb279bf9e7964f51769fc11.tar.gz
prosody-8f0ce7d3aed6814c8bb279bf9e7964f51769fc11.zip
mod_register: Require encryption before registration if c2s_require_encryption is set (fixes #595)
Diffstat (limited to 'plugins/mod_register.lua')
-rw-r--r--plugins/mod_register.lua5
1 files changed, 4 insertions, 1 deletions
diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua
index 3d7a068c..63d0b077 100644
--- a/plugins/mod_register.lua
+++ b/plugins/mod_register.lua
@@ -20,6 +20,7 @@ local jid_bare = require "util.jid".bare;
local compat = module:get_option_boolean("registration_compat", true);
local allow_registration = module:get_option_boolean("allow_registration", false);
local additional_fields = module:get_option("additional_registration_fields", {});
+local require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
local account_details = module:open_store("account_details");
@@ -75,7 +76,7 @@ module:hook("stream-features", function(event)
local session, features = event.origin, event.features;
-- Advertise registration to unauthorized clients only.
- if not(allow_registration) or session.type ~= "c2s_unauthed" then
+ if not(allow_registration) or session.type ~= "c2s_unauthed" or (require_encryption and not session.secure) then
return
end
@@ -183,6 +184,8 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event)
if not(allow_registration) or session.type ~= "c2s_unauthed" then
session.send(st.error_reply(stanza, "cancel", "service-unavailable"));
+ elseif require_encryption and not session.secure then
+ session.send(st.error_reply(stanza, "modify", "policy-violation", "Encryption is required"));
else
local query = stanza.tags[1];
if stanza.attr.type == "get" then