aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* mod_invites: Import from prosdy-modules@5fc306239db3Kim Alvefur2021-12-272-0/+340
|
* util.stanza: Cover :find method in testsKim Alvefur2021-12-311-0/+12
| | | | This method is a bit complex so good to have some test coverage
* util.stanza: Remove dead codeKim Alvefur2021-12-311-5/+0
| | | | | These cases are caught by `check_text(v, ..)` above. Those errors do not contain the attribute however, which would have been nice.
* util.stanza: Increase test coverage to cover validation errorsKim Alvefur2021-12-311-0/+25
|
* util.stanza: Make type error message consistent with othersKim Alvefur2021-12-311-1/+1
|
* mod_smacks: Log error to silence luacheckKim Alvefur2021-12-311-0/+2
|
* mod_smacks: Limit "old" session resumption countersKim Alvefur2021-12-311-0/+19
| | | | | | Doing this when creating a whole new session seems reasonable because it is already expensive and this is when it may be adding to the old session store, while a successful resumption should be plus-minus zero.
* mod_smacks: Record timestamp with persisted countersKim Alvefur2021-12-311-2/+4
| | | | | For future cleanup routine when people inevitably complain about this data being stored there forever
* util_datamapper: Fix typo in unit testsKim Alvefur2021-12-291-1/+1
|
* util.datamapper: Add support for $ref pointersKim Alvefur2021-12-293-40/+81
| | | | Allows reuse of repetitive definitions in schemas.
* util.jsonschema: Add support for $ref pointersKim Alvefur2021-12-292-44/+70
|
* util.jsonpointer: Resolve JSON Pointers per RFC 6901Kim Alvefur2021-12-293-1/+87
|
* make: Add target for rebuilding from Teal sourcesKim Alvefur2021-12-291-0/+2
|
* net.resolvers: Report DNSSEC validation errors instead of NoErrorKim Alvefur2021-12-282-3/+13
| | | | Thanks Martin bringing this case to attention
* mod_auth_internal_hashed: Up iteration count to 10000 per XEP-0438Kim Alvefur2021-12-263-2/+9
| | | | | | | | More security for less pain than switching to SCRAM-SHA-256 The XEP will likely be change to reference the RFC that will probably come from draft-ietf-kitten-password-storage once it is ready, and then we should update to follow that.
* mod_auth_internal_hashed: Make SCRAM iteration count configurableKim Alvefur2021-12-261-1/+1
|
* mod_admin_shell: Log creation of incoming s2s connections during pingKim Alvefur2021-12-271-0/+2
| | | | | The 's2s-created' fires just after accepting the TCP connection, before the addresses are known, so this can have some false positives.
* mod_smacks: sprinkle some metrics on itJonas Schäfer2021-12-271-2/+45
|
* openmetrics/histograms: improve code clarityKim Alvefur2021-12-272-2/+2
| | | | | If buckets thresholds are to be taken as "less than or equal to", then using the less than or equal to operator seems sensible.
* openmetrics/histograms: fix incorrect condition for bucketingJonas Schäfer2021-12-262-2/+2
| | | | | | The buckets thresholds are to be taken as "less than or equal to". The condition as written in the code did only "less than", not "less than or equal to". That's fixed now.
* mod_admin_shell: Print s2s related events while waiting for pingKim Alvefur2021-12-261-1/+28
| | | | Gives a better idea of what's taking time.
* util.xml: Use variable instead of constant for consistency (thanks Thijs)Matthew Wild2021-12-261-1/+1
|
* core.certmanager: Add curveslist to 'old' Mozilla TLS presetKim Alvefur2021-12-261-1/+2
| | | | | | | Unsure if this was overlooked before or a recent addition. Reproduced the data from JSON file available. Would be nice to have a tool that does that.
* util.prosodyctl.check: Remove obsolete settings from known globalsKim Alvefur2021-12-251-2/+0
|
* util.prosodyctl.check: Add some more obsolete settingsKim Alvefur2021-12-251-0/+6
|
* mod_tombstones: Add some future TODOsKim Alvefur2021-12-231-0/+4
|
* mod_tombstones: Add a very basic test caseKim Alvefur2021-12-232-0/+41
|
* mod_tombstones: Remember deleted accounts #1307Kim Alvefur2021-12-232-0/+76
| | | | | | | | | Presence subscriptions are normally revoked on account deletion, which informs the contact. Sometimes this notification gets lost e.g. due to s2s problems. The accounts JID may also be present e.g. in MUC affiliations, chat group member lists, pubsub subscriptions or other systems. These may grant privileges which would fall to someone who creates the same account again, which this module is meant to prevent.
* mod_smacks: Compact code using new stanza APIKim Alvefur2021-12-221-9/+2
|
* mod_http: Clean up redirects handlers for wildcard on http module unloadKim Alvefur2021-12-221-0/+7
| | | | | These would previously be left behind. Probably mostly harmless except for clogging up the `debug:events()` listing in the console.
* mod_smacks: Use more compact resumption tokensKim Alvefur2021-12-221-2/+2
| | | | | | UUID seems like insane overkill for something user-scoped and not security-sensitive. All that is needed is to avoid conflicts among what should be relatively long-lived sessions.
* util.id: Add a 'tiny' variantKim Alvefur2021-12-021-0/+3
| | | | | Conversations uses this for its randomized resources. Presumably fine and collision resistant enough when you have a few devices at most.
* util.id: Adjust entropy levels, with rationalesKim Alvefur2021-12-024-6/+17
| | | | | Modules using ids for logging should not need the now pretty large medium one.
* MUC: Switch ID algorithm for IQ relay (fixes #1266, #1435)Kim Alvefur2021-10-051-3/+5
|
* MUC: Add method for getting the occupant id salt to allow reuseKim Alvefur2021-10-052-5/+12
|
* util.prosodyctl.cert: Copy SAN/wildcard certs only onceKim Alvefur2021-12-221-1/+5
|
* util.x509: Fix to include wildcard identityKim Alvefur2021-12-221-0/+3
|
* core.certmanager: Check index for wildcard certsKim Alvefur2021-12-221-1/+2
|
* prosodyctl cert: use the indexing functions for better UXJonas Schäfer2021-12-212-19/+29
| | | | | | These provide (a) a way to deal with random assortments of certs and (b) avoid unnecessary error messages and warnings, according to #1669 anyway, which this fixes.
* prosodyctl: Hide process management commands when init system should be used ↵Kim Alvefur2021-12-211-3/+19
| | | | instead
* prosodyctl: Reorder help sectionsKim Alvefur2021-12-211-5/+5
| | | | | | By how old the commands are? Or how disruptive the changes are? Or just by what feels best?
* mod_roster: Improve readability of bare-JID checkKim Alvefur2021-12-221-2/+2
| | | | | | | Silences luacheck too All we care about is that it is a bare JID, not a full JID with a resource, since those are forbidden in rosters.
* mod_roster: pass correct username to roster-item-removedJonas Schäfer2021-12-222-1/+76
| | | | | | | | | | | The other invocations use it that way, and the only listener in trunk which uses it (in mod_presence) expects it that way. Passing the username of the JID from the removed entry causes incorrect unavailable presence stanzas to be sent, allegedly kicking people off MUCs. Fixes #1121.
* core.certmanager: Rename preset option to 'tls_preset'Kim Alvefur2021-12-222-1/+2
| | | | TLS good, SSL bad.
* core.certmanager: Add "legacy" preset for keeping previous default settingsKim Alvefur2021-12-221-1/+3
| | | | If anyone wants that.
* core.certmanager: Add TLS 1.3 cipher suites to Mozilla TLS presetsKim Alvefur2021-11-031-1/+7
|
* core.certmanager: Presets based on Mozilla SSL Configuration GeneratorKim Alvefur2019-12-222-0/+61
| | | | ssl_preset = "modern"
* moduleapi: Support stripping of multi-word from module namesMatthew Wild2021-12-221-1/+1
| | | | | | The goal is to allow module:provides("foo-bar") with a mod_foo_bar_ prefix being stripped. It will break any existing modules that use a prefix and have hyphens instead of underscores. No such modules are known.
* adminstream: fire disconnected event on lower layer disconnectJonas Schäfer2021-12-211-0/+1
| | | | | | | | | | | This may in theory cause multiple disconnect events for the adminstream client, if the only code using that wasn't calling os.exit right away. Hence, this should be a good enough partial fix for #1671. It is not a full fix, because the shell will only notice the disconnect after one has hit enter in the input; until then, it is stuck in a read() call to stdin and completely oblivious to the disconnect.
* CHANGES: Add various thingsKim Alvefur2021-12-211-2/+14
|