Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | | mod_admin_shell: Allow matching on host or bare JID in c2s:show | Kim Alvefur | 2023-03-31 | 1 | -2/+2 | |
| | | | | | | | | | | Only supporting exact match on full JID isn't helpful if you want to list sessions per host or user. | |||||
* | | mod_invites: Record roles as ordered list, first becoming primary role | Kim Alvefur | 2023-03-30 | 1 | -4/+4 | |
| | | | | | | | | For mod_invites_register to apply on user creation. | |||||
* | | mod_invites_register: Allow roles to be an ordered list, first being primary | Kim Alvefur | 2023-03-30 | 1 | -1/+14 | |
| | | | | | | | | | | | | Part of an update to mod_invites and friends to the new authz and roles. Invites with roles in the old way will need to be migrated, but with invites often being short lived it is probably not a long-lived problem. | |||||
* | | mod_tokenauth: Add API to inspect individual grants or all of a user's grants | Matthew Wild | 2023-03-29 | 1 | -0/+18 | |
| | | ||||||
* | | mod_tokenauth: Move grant validation to a reusable function | Matthew Wild | 2023-03-29 | 1 | -6/+25 | |
| | | ||||||
* | | sessionmanager: Preserve 'since' property of original session after resumption | Matthew Wild | 2023-03-29 | 1 | -0/+1 | |
| | | ||||||
* | | util.session: Add 'since' property with timestamp of session creation | Matthew Wild | 2023-03-29 | 1 | -0/+2 | |
| | | ||||||
* | | mod_tokenauth: fix traceback if password has never been changed | Jonas Schäfer | 2023-03-28 | 1 | -1/+1 | |
| | | | | | | | | | | By checking the password_updated_at for non-nilness before using it, we avoid a nasty crash :-). | |||||
* | | teal-src/README: Words on Compiling to Lua | Kim Alvefur | 2023-03-28 | 1 | -0/+17 | |
| | | ||||||
* | | teal-src/README: Tweak markdown syntax | Kim Alvefur | 2023-03-28 | 1 | -1/+3 | |
| | | ||||||
* | | mod_tokenauth: Fire events on grant creation and revocation | Matthew Wild | 2023-03-28 | 1 | -1/+13 | |
| | | ||||||
* | | teal-src: Add a README with a few pointers to get started | Kim Alvefur | 2023-03-28 | 1 | -0/+29 | |
| | | ||||||
* | | teal-src: Add keyval+ store type | Matthew Wild | 2023-03-28 | 1 | -0/+1 | |
| | | ||||||
* | | mod_tokenauth: Fix storage API mistake in revocation | Kim Alvefur | 2023-03-28 | 1 | -1/+1 | |
| | | ||||||
* | | mod_tokenauth: Fix traceback when checking expiry of tokens with no expiry | Matthew Wild | 2023-03-27 | 1 | -1/+2 | |
| | | ||||||
* | | mod_tokenauth: Refactor API to separate tokens and grants | Matthew Wild | 2023-03-27 | 1 | -115/+92 | |
| | | | | | | | | | | | | | | This is another iteration on top of the previous sub-tokens work. Essentially, the concept of a "parent token" has been replaced with the concept of a "grant" to which all tokens now belong. The grant does not have any tokens when first created, but the create_token() call can add them. | |||||
* | | mod_tokenauth: Support for creating sub-tokens | Matthew Wild | 2023-03-26 | 1 | -22/+110 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Properties of sub-tokens: - They share the same id as their parent token - Sub-tokens may not have their own sub-tokens (but may have sibling tokens) - They always have the same or shorter lifetime compared to their parent token - Revoking a parent token revokes all sub-tokens - Sub-tokens always have the same JID as the parent token - They do not have their own 'accessed' property - accessing a sub-token updates the parent token's accessed time Although this is a generic API, it is designed to at least fill the needs of OAuth2 refresh + access tokens (where the parent token is the refresh token and the sub-tokens are access tokens). | |||||
* | | mod_tokenauth: return error if storage of new token fails | Matthew Wild | 2023-03-26 | 1 | -1/+4 | |
| | | ||||||
* | | moduleapi: Add 'peek' to :may() and new :could() helper to suppress logging | Matthew Wild | 2023-03-26 | 1 | -7/+19 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | The current method logs scary "access denied" messages on failure - this is generally very useful when debugging access control stuff, but in some cases the call is simply a check to see if someone *could* perform an action, even if they haven't requested it yet. One example is determining whether to show the user as an admin in disco. The 'peek' parameter, if true, will suppress such logging. The :could() method is just a simple helper that can make the calling code a bit more readable (suggested by Zash). | |||||
* | | moduleapi: may: Fail early if a local session has no role assigned | Matthew Wild | 2023-03-25 | 1 | -3/+8 | |
| | | | | | | | | | | | | | | We expect every session to explicitly have a role assigned. Falling back to any kind of "default" role (even the user's default role) in the absence of an explicit role could open up the possibility of accidental privilege escalation. | |||||
* | | core.usermanager: Correct formatting of not implemented error | Kim Alvefur | 2023-03-26 | 2 | -5/+5 | |
| | | | | | | | | Spaces, no hyphen, apparently. | |||||
* | | mod_admin_shell: Enable user after creation with role | Kim Alvefur | 2023-03-26 | 1 | -0/+5 | |
| | | | | | | | | | | Fixes that otherwise the user was created in a disabled state and left as such. | |||||
* | | mod_admin_shell: Simplify user creation when no role given | Kim Alvefur | 2023-03-26 | 1 | -8/+16 | |
| | | | | | | | | | | | | Idea here is to prevent a user from being created with the default role if a different role was given, but that dance wouldn't be needed if no role is provided. | |||||
* | | util.jsonschema: Reorder type definition by specification, section | Kim Alvefur | 2023-03-26 | 1 | -14/+37 | |
| | | | | | | | | Also some comment headers and missing properties | |||||
* | | util.jsonschema: Implement 'dependentSchemas' | Kim Alvefur | 2023-03-26 | 3 | -1/+18 | |
| | | | | | | | | | | If this object key exists then this schema must validate against the current object. Seems useful. | |||||
* | | util.jsonschema: Implement 'dependentRequired' | Kim Alvefur | 2023-03-26 | 3 | -1/+24 | |
| | | | | | | | | If this field exists, then these fields must also exist. | |||||
* | | util.roles: Implement a serialization preparation metamethod | Kim Alvefur | 2023-03-26 | 1 | -0/+13 | |
| | | | | | | | | | | | | Should be able to roundtrip trough serialization. Also nice for debug and logging purposes where you might want more details than what the __tostring method provides. | |||||
* | | util.set: Add a serialization preparation metamethod | Kim Alvefur | 2023-03-26 | 1 | -0/+9 | |
| | | | | | | | | | | | | Enables util.serialization to turn Sets into a representation that can be deserialized with an environment trick, i.e. `set{"a","b"}`. Also useful for debug purposes. | |||||
* | | util.format: Update tests for serialization changes | Kim Alvefur | 2023-03-26 | 1 | -5/+5 | |
| | | ||||||
* | | util.format: Restore "freeze" serialization behavior in logging | Kim Alvefur | 2023-03-26 | 1 | -0/+1 | |
| | | | | | | | | | | | | This was implied with the "debug" preset and does nice things like turn util.set objects into "set{a,b,c}" instead of the quite verbose thing you get otherwise. | |||||
* | | util.format: Tweak serialization of %q formatted entries | Kim Alvefur | 2023-03-26 | 1 | -1/+8 | |
| | | | | | | | | | | | | | | Improves serialization of function references especially, the built-in default handling of that in util.serialization is not the most informative. Now, along with the function metatable from util.startup, the actual function can be found by filename and line number. | |||||
* | | util.startup: Tweak function string representation | Kim Alvefur | 2023-03-26 | 1 | -1/+1 | |
| | | | | | | | | | | Mostly in order to avoid triggering the XML syntax highlighting in the console logger. | |||||
* | | mod_server_contact_info: Reorder dataform keys for more aligned view | Kim Alvefur | 2023-03-24 | 1 | -9/+10 | |
| | | ||||||
* | | mod_tokenauth: Track last access time (last time a token was used) | Matthew Wild | 2023-03-24 | 1 | -3/+15 | |
| | | ||||||
* | | teal: Move into prosody namespace | Kim Alvefur | 2023-03-23 | 61 | -20/+20 | |
| | | ||||||
* | | CHANGES: The Great Rename-ning completed! #1223 | Kim Alvefur | 2023-03-17 | 1 | -0/+1 | |
| | | ||||||
* | | plugins: Prefix module imports with prosody namespace | Kim Alvefur | 2023-03-24 | 100 | -503/+503 | |
| | | ||||||
* | | util: Add compat for prosody module name change to C sources | Kim Alvefur | 2023-03-17 | 14 | -14/+64 | |
| | | ||||||
* | | util: Prefix module imports with prosody namespace | Kim Alvefur | 2023-03-17 | 68 | -246/+246 | |
| | | ||||||
* | | net: Prefix module imports with prosody namespace | Kim Alvefur | 2023-03-17 | 20 | -108/+108 | |
| | | ||||||
* | | tests: Make tests work with new namespace prefix | Kim Alvefur | 2023-03-17 | 1 | -2/+2 | |
| | | ||||||
* | | core: Prefix module imports with prosody namespace | Kim Alvefur | 2023-03-17 | 15 | -103/+103 | |
| | | ||||||
* | | executables: Prefix module imports with prosody namespace | Kim Alvefur | 2023-03-17 | 2 | -21/+21 | |
| | | ||||||
* | | mod_debug_reset: Remove unused import | Matthew Wild | 2023-03-23 | 1 | -1/+0 | |
| | | ||||||
* | | scansion: Enable mod_debug_reset during tests | Matthew Wild | 2023-03-23 | 1 | -0/+3 | |
| | | ||||||
* | | mod_debug_reset: New module to "reset" a running server (e.g. for testing) | Matthew Wild | 2023-03-23 | 1 | -0/+41 | |
| | | | | | | | | Plan to use this for integration tests. | |||||
* | | scansion: vcard_temp: Ensure at least one connection is open throughout test | Matthew Wild | 2023-03-23 | 1 | -2/+2 | |
| | | | | | | | | | | | | | | I plan to introduce logic to "reset" the server between individual tests, which is currently triggered by the lack of any connections. This is the only test that has a point where no clients are connected, and it's not necessary, so I changed it to keep the connection open for the duration of the test. | |||||
* | | scansion: Fix tests failing after addition of pubsub#itemreply config field | Matthew Wild | 2023-03-23 | 4 | -0/+51 | |
| | | | | | | | | This is a newly added field, and we expect to see it in these places now. | |||||
* | | scansion: Fix tests failing due to lack of 'publisher' | Matthew Wild | 2023-03-23 | 1 | -1/+1 | |
| | | | | | | | | | | publisher is no longer included by default in broadcasts, but configured via pubsub#itemreply instead. | |||||
* | | scansion: Add tests for pubsub#itemreply in PEP | Matthew Wild | 2023-03-22 | 1 | -0/+205 | |
| | |