mod_legacyauth: Hide stream feature when secure auth is enabled, and session isn't secure

author: Matthew Wild <mwild1@gmail.com> 2009-05-29 18:04:53 +0100
committer: Matthew Wild <mwild1@gmail.com> 2009-05-29 18:04:53 +0100
commit: fc68c36454b50b526b4877c2dd30d01ef8bc8526 (patch)
tree: fb381517bbdffa6bfe914e6109b4f8ef4122fed7 /plugins
parent: 3c73c21bfcf38d9eb9d30c2604f921b51c3ef3c6 (diff)
download: prosody-fc68c36454b50b526b4877c2dd30d01ef8bc8526.tar.gz
prosody-fc68c36454b50b526b4877c2dd30d01ef8bc8526.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua
index f1ffef34..8bff51fe 100644
--- a/plugins/mod_legacyauth.lua
+++ b/plugins/mod_legacyauth.lua
@@ -19,7 +19,12 @@ local usermanager = require "core.usermanager";
 
 module:add_feature("jabber:iq:auth");
 module:add_event_hook("stream-features", function (session, features)
-	if not session.username then features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up(); end
+	if secure_auth_only and not session.secure then
+		-- Sorry, not offering to insecure streams!
+		return;
+	elseif not session.username then
+		features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up();
+	end
 end);
 
 module:add_iq_handler("c2s_unauthed", "jabber:iq:auth",
author	Matthew Wild <mwild1@gmail.com>	2009-05-29 18:04:53 +0100
committer	Matthew Wild <mwild1@gmail.com>	2009-05-29 18:04:53 +0100
commit	fc68c36454b50b526b4877c2dd30d01ef8bc8526 (patch)
tree	fb381517bbdffa6bfe914e6109b4f8ef4122fed7 /plugins
parent	3c73c21bfcf38d9eb9d30c2604f921b51c3ef3c6 (diff)
download	prosody-fc68c36454b50b526b4877c2dd30d01ef8bc8526.tar.gz prosody-fc68c36454b50b526b4877c2dd30d01ef8bc8526.zip