6 files changed, 101 insertions, 14 deletions

diff --git a/core/certmanager.lua b/core/certmanager.lua
index 9e0ace6a..1c9cefed 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -189,10 +189,6 @@ local core_defaults = {
 		single_ecdh_use = tls.features.options.single_ecdh_use;
 		no_renegotiation = tls.features.options.no_renegotiation;
 	};
-	verifyext = {
-		"lsec_continue", -- Continue past certificate verification errors
-		"lsec_ignore_purpose", -- Validate client certificates as if they were server certificates
-	};
 	curve = tls.features.algorithms.ec and not tls.features.capabilities.curves_list and "secp384r1";
 	curveslist = {
 		"X25519",
diff --git a/core/configmanager.lua b/core/configmanager.lua
index bd12e169..023545d7 100644
--- a/core/configmanager.lua
+++ b/core/configmanager.lua
@@ -18,6 +18,8 @@ local resolve_relative_path = require"prosody.util.paths".resolve_relative_path;
 local glob_to_pattern = require"prosody.util.paths".glob_to_pattern;
 local path_sep = package.config:sub(1,1);
 local get_traceback_table = require "prosody.util.debug".get_traceback_table;
+local errors = require "prosody.util.error";
+local log = require "prosody.util.logger".init("config");
 
 local encodings = deps.softreq"prosody.util.encodings";
 local nameprep = encodings and encodings.stringprep.nameprep or function (host) return host:lower(); end
@@ -32,6 +34,7 @@ local parser = nil;
 
 local config_mt = { __index = function (t, _) return rawget(t, "*"); end};
 local config = setmetatable({ ["*"] = { } }, config_mt);
+local delayed_warnings = {};
 local files = {};
 
 -- When host not found, use global
@@ -42,6 +45,10 @@ function _M.getconfig()
 end
 
 function _M.get(host, key)
+	if host and key and delayed_warnings[host.."/"..key] then
+		local warning = delayed_warnings[host.."/"..key];
+		log("warn", "%s", warning.text);
+	end
 	return config[host][key];
 end
 function _M.rawget(host, key)
@@ -161,15 +168,44 @@ do
 		end;
 	};
 
+	-- For reading config values out of files.
+	local function filereader(basepath, defaultmode)
+		return function(filename, mode)
+			local f, err = io.open(resolve_relative_path(basepath, filename));
+			if not f then error(err, 2); end
+			local content, err = f:read(mode or defaultmode);
+			f:close();
+			if not content then error(err, 2); end
+			return content;
+		end
+	end
+
+	-- Collect lines into an array
+	local function linereader(basepath)
+		return function(filename)
+			local ret = {};
+			for line in io.lines(resolve_relative_path(basepath, filename)) do
+				t_insert(ret, line);
+			end
+			return ret;
+		end
+	end
+
 	parser = {};
 	function parser.load(data, config_file, config_table)
 		local set_options = {}; -- set_options[host.."/"..option_name] = true (when the option has been set already in this file)
 		local warnings = {};
 		local env;
+		local config_path = config_file:gsub("[^"..path_sep.."]+$", "");
+
 		-- The ' = true' are needed so as not to set off __newindex when we assign the functions below
 		env = setmetatable({
 			Host = true, host = true, VirtualHost = true,
 			Component = true, component = true,
+			FileContents = true,
+			FileLine = true,
+			FileLines = true,
+			Credential = true,
 			Include = true, include = true, RunScript = true }, {
 				__index = function (_, k)
 					if k:match("^ENV_") then
@@ -214,6 +250,10 @@ do
 						t_insert(warnings, ("%s:%d: Duplicate option '%s'"):format(config_file, get_line_number(config_file), k));
 					end
 					set_options[option_path] = true;
+					if errors.is_error(v) then
+						delayed_warnings[option_path] = v;
+						return;
+					end
 					set(config_table, env.__currenthost or "*", k, v);
 				end
 		});
@@ -293,7 +333,6 @@ do
 				end
 				local path_pos, glob = file:match("()([^"..path_sep.."]+)$");
 				local path = file:sub(1, math_max(path_pos-2,0));
-				local config_path = config_file:gsub("[^"..path_sep.."]+$", "");
 				if #path > 0 then
 					path = resolve_relative_path(config_path, path);
 				else
@@ -308,7 +347,7 @@ do
 				return;
 			end
 			-- Not a wildcard, so resolve (potentially) relative path and run through config parser
-			file = resolve_relative_path(config_file:gsub("[^"..path_sep.."]+$", ""), file);
+			file = resolve_relative_path(config_path, file);
 			local f, err = io.open(file);
 			if f then
 				local ret, err = parser.load(f:read("*a"), file, config_table);
@@ -325,7 +364,26 @@ do
 		env.include = env.Include;
 
 		function env.RunScript(file)
-			return dofile(resolve_relative_path(config_file:gsub("[^"..path_sep.."]+$", ""), file));
+			return dofile(resolve_relative_path(config_path, file));
+		end
+
+		env.FileContents = filereader(config_path, "*a");
+		env.FileLine = filereader(config_path, "*l");
+		env.FileLines = linereader(config_path);
+
+		if _G.prosody.paths.credentials then
+			env.Credential = filereader(_G.prosody.paths.credentials, "*a");
+		elseif _G.prosody.process_type == "prosody" then
+			env.Credential = function() error("Credential() requires the $CREDENTIALS_DIRECTORY environment variable to be set", 2) end
+		else
+			env.Credential = function()
+				return errors.new({
+						type = "continue",
+						text = ("%s:%d: Credential() requires the $CREDENTIALS_DIRECTORY environment variable to be set")
+							:format(config_file, get_line_number(config_file));
+					});
+			end
+
 		end
 
 		local chunk, err = envload(data, "@"..config_file, env);
diff --git a/core/features.lua b/core/features.lua
index 99edde51..8e155f70 100644
--- a/core/features.lua
+++ b/core/features.lua
@@ -6,6 +6,14 @@ return {
 		"mod_bookmarks";
 		-- mod_server_info bundled
 		"mod_server_info";
+		-- mod_flags bundled
+		"mod_flags";
+		-- mod_cloud_notify bundled
+		"mod_cloud_notify";
+		-- mod_muc has built-in vcard support
+		"muc_vcard";
+		-- mod_http_altconnect bundled
+		"http_altconnect";
 		-- Roles, module.may and per-session authz
 		"permissions";
 		-- prosody.* namespace
diff --git a/core/moduleapi.lua b/core/moduleapi.lua
index fa5086cf..50524b32 100644
--- a/core/moduleapi.lua
+++ b/core/moduleapi.lua
@@ -136,10 +136,14 @@ function api:require(lib)
 	return f();
 end
 
-function api:depends(name)
+function api:depends(name, soft)
 	local modulemanager = require"prosody.core.modulemanager";
 	if self:get_option_inherited_set("modules_disabled", {}):contains(name) then
-		error("Dependency on disabled module mod_"..name);
+		if not soft then
+			error("Dependency on disabled module mod_"..name);
+		end
+		self:log("debug", "Not loading disabled soft dependency mod_%s", name);
+		return nil, "disabled";
 	end
 	if not self.dependencies then
 		self.dependencies = {};
@@ -431,8 +435,16 @@ function api:handle_items(item_type, added_cb, removed_cb, existing)
 	self:hook("item-added/"..item_type, added_cb);
 	self:hook("item-removed/"..item_type, removed_cb);
 	if existing ~= false then
-		for _, item in ipairs(self:get_host_items(item_type)) do
-			added_cb({ item = item });
+		local modulemanager = require"prosody.core.modulemanager";
+		local modules = modulemanager.get_modules(self.host);
+
+		for _, module in pairs(modules) do
+			local mod = module.module;
+			if mod.items and mod.items[item_type] then
+				for _, item in ipairs(mod.items[item_type]) do
+					added_cb({ source = mod; item = item });
+				end
+			end
 		end
 	end
 end
diff --git a/core/modulemanager.lua b/core/modulemanager.lua
index 873e08e5..7295ba25 100644
--- a/core/modulemanager.lua
+++ b/core/modulemanager.lua
@@ -26,10 +26,9 @@ local xpcall = require "prosody.util.xpcall".xpcall;
 local debug_traceback = debug.traceback;
 local setmetatable, rawget = setmetatable, rawget;
 local ipairs, pairs, type, t_insert = ipairs, pairs, type, table.insert;
-local lua_version = _VERSION:match("5%.%d$");
+local lua_version = _VERSION:match("5%.%d+$");
 
 local autoload_modules = {
-	prosody.platform,
 	"presence",
 	"message",
 	"iq",
@@ -66,6 +65,20 @@ local loader = pluginloader.init({
 			end
 		end
 
+		if metadata.lua then
+			local supported = false;
+			for supported_lua_version in metadata.lua:gmatch("[^, ]+") do
+				if supported_lua_version == lua_version then
+					supported = true;
+					break;
+				end
+			end
+			if not supported then
+				log("warn", "Not loading module, we have Lua %s but the module requires one of (%s): %s", lua_version, metadata.lua, path);
+				return; -- Don't load this module
+			end
+		end
+
 		if metadata.conflicts then
 			local conflicts_features = set.new(array.collect(metadata.conflicts:gmatch("[^, ]+")));
 			local conflicted_features = set.intersection(conflicts_features, core_features);
diff --git a/core/usermanager.lua b/core/usermanager.lua
index 793e7af6..3cd6f16d 100644
--- a/core/usermanager.lua
+++ b/core/usermanager.lua
@@ -244,7 +244,7 @@ local function add_user_secondary_role(user, host, role_name)
 	local role, err = hosts[host].authz.add_user_secondary_role(user, role_name);
 	if role then
 		prosody.events.fire_event("user-role-added", {
-			username = user, host = host, role = role;
+			username = user, host = host, role_name = role_name, role = role;
 		});
 	end
 	return role, err;