aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* moduleapi: Remove redundant expansion of ':' prefix in permission namesKim Alvefur2022-07-201-1/+0
|
* moduleapi: Distribute permissions set from global modules to all hostsKim Alvefur2022-07-201-0/+8
| | | | | | Roles and permissions will always happen in the context of a host. Prevents error upon indexing since `hosts["*"] == nil`
* mod_tokenauth: New API that better fits how modules are using token authMatthew Wild2022-07-201-12/+40
| | | | | | This also updates the module to the new role API, and improves support for scope/role selection (currently treated as the same thing, which they almost are).
* mod_authz_internal: Use util.roles, some API changes and config supportMatthew Wild2022-07-193-95/+146
| | | | | | | | | | | | | | | | This commit was too awkward to split (hg record didn't like it), so: - Switch to the new util.roles lib to provide a consistent representation of a role object. - Change API method from get_role_info() to get_role_by_name() (touches sessionmanager and usermanager) - Change get_roles() to get_user_roles(), take a username instead of a JID This is more consistent with all other usermanager API methods. - Support configuration of custom roles and permissions via the config file (to be documented).
* util.roles: Add new utility module to consolidate role objects and methodsMatthew Wild2022-07-191-0/+100
|
* usermanager, mod_auth_*: Add get_account_info() returning creation/update timeMatthew Wild2022-07-123-2/+35
| | | | | | | This is useful for a number of things. For example, listing users that need to rotate their passwords after some event. It also provides a safer way for code to determine that a user password has changed without needing to set a handler for the password change event (which is a more fragile approach).
* core.moduleapi: Expand permission name ':' prefix earlierKim Alvefur2022-06-151-3/+3
| | | | | | Ensures it applies to the context as string case Somehow this fixes everything
* core.moduleapi: Fixup method nameKim Alvefur2022-06-151-1/+1
| | | | | | `get_user_role()` did not exist anywhere else. MattJ said `get_user_default_role()` was indented
* teal-src: update module.d.tl with new access control methodsMatthew Wild2022-06-151-0/+5
|
* Switch to a new role-based authorization framework, removing is_admin()Matthew Wild2022-06-1515-131/+269
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We began moving away from simple "is this user an admin?" permission checks before 0.12, with the introduction of mod_authz_internal and the ability to dynamically change the roles of individual users. The approach in 0.12 still had various limitations however, and apart from the introduction of roles other than "admin" and the ability to pull that info from storage, not much actually changed. This new framework shakes things up a lot, though aims to maintain the same functionality and behaviour on the surface for a default Prosody configuration. That is, if you don't take advantage of any of the new features, you shouldn't notice any change. The biggest change visible to developers is that usermanager.is_admin() (and the auth provider is_admin() method) have been removed. Gone. Completely. Permission checks should now be performed using a new module API method: module:may(action_name, context) This method accepts an action name, followed by either a JID (string) or (preferably) a table containing 'origin'/'session' and 'stanza' fields (e.g. the standard object passed to most events). It will return true if the action should be permitted, or false/nil otherwise. Modules should no longer perform permission checks based on the role name. E.g. a lot of code previously checked if the user's role was prosody:admin before permitting some action. Since many roles might now exist with similar permissions, and the permissions of prosody:admin may be redefined dynamically, it is no longer suitable to use this method for permission checks. Use module:may(). If you start an action name with ':' (recommended) then the current module's name will automatically be used as a prefix. To define a new permission, use the new module API: module:default_permission(role_name, action_name) module:default_permissions(role_name, { action_name[, action_name...] }) This grants the specified role permission to execute the named action(s) by default. This may be overridden via other mechanisms external to your module. The built-in roles that developers should use are: - prosody:user (normal user) - prosody:admin (host admin) - prosody:operator (global admin) The new prosody:operator role is intended for server-wide actions (such as shutting down Prosody). Finally, all usage of is_admin() in modules has been fixed by this commit. Some of these changes were trickier than others, but no change is expected to break existing deployments. EXCEPT: mod_auth_ldap no longer supports the ldap_admin_filter option. It's very possible nobody is using this, but if someone is then we can later update it to pull roles from LDAP somehow.
* mod_saslauth: Rename field from 'scope'->'role'Matthew Wild2022-06-151-1/+1
| | | | | | | The 'scope' term derives from OAuth, and represents a bundle of permissions. We're now setting on the term 'role' for a bundle of permissions. This change does not affect any public modules I'm aware of.
* util.session: Add role management methodsMatthew Wild2022-06-151-0/+6
|
* Merge 0.12->trunkMatthew Wild2022-08-181-4/+8
|\
| * mod_admin_shell: Switch names for user role management commandsKim Alvefur2022-08-151-4/+8
| | | | | | | | | | | | | | user:roles() does not convey that this is the mutating command, it should have been called setroles from the start but wasn't due to lack of foresight. This has to accidentally removing roles when wanting to show them.
* | util.stanza: Add method for extracting a single attribute valueKim Alvefur2022-08-173-3/+10
| | | | | | | | | | | | | | | | | | Sometimes you only care about a single attribute, but the child tag itself may be optional, leading to needing `tag and tag.attr.foo` or `stanza:find("tag@foo")`. The `:find()` method is fairly complex, so avoiding it for this kind of simpler use case is a win.
* | mod_time: Remove obsolete XEP-0090 supportKim Alvefur2022-08-153-15/+3
| | | | | | | | Deprecated even before Prosody even started, obsolete for over a decade.
* | util.datetime: Update Teal interface descriptionKim Alvefur2022-08-171-7/+5
| | | | | | | | Integers were required before, now any number should work.
* | util.datetime: Remove a lineKim Alvefur2022-08-171-2/+1
| | | | | | | | | | | | | | | | No idea why the locals were declared on a line by itself. Perhaps line length considerations? But saving 6 characters in width by adding a whole line with 47 characters seems excessive. This is still within the 150 character limit set by .luacheckrc
* | mod_time: Return sub-second precision timestampsKim Alvefur2022-08-141-1/+2
| | | | | | | | Because why not? Who even has this module enabled?
* | mod_storage_sql: Drop archive timestamp precision pending schema updateKim Alvefur2022-08-141-1/+2
| | | | | | | | | | | | The "when" column is an INTEGER which will probably be unhappy about storing higher precision timestamps, so we keep the older behavior for now.
* | mod_mam: Store archives with sub-second precision timestampsKim Alvefur2022-08-143-10/+10
| | | | | | | | | | | | | | | | | | | | | | Changes sub-second part of example timestamp to .5 in order to avoid floating point issues. Some clients use timestamps when ordering messages which can lead to messages having the same timestamp ending up in the wrong order. It would be better to preserve the order messages are sent in, which is the order they were stored in.
* | util.datetime: Add support for sub-second precision timestampsKim Alvefur2022-08-143-7/+36
| | | | | | | | | | | | Lua since 5.3 raises a fuss when time functions are handed a number with a fractional part and the underlying C functions are all based on integer seconds without support for more precision.
* | util.datetime: Fix argument order in testsKim Alvefur2022-08-141-6/+6
| | | | | | | | The expected value goes first.
* | util.signal: Fix name conflict in Teal interface declarationKim Alvefur2022-08-101-4/+4
| |
* | util.error: Use avoid name conflict in Teal interface declarationKim Alvefur2022-08-101-8/+8
| | | | | | | | Naming things ... Thing or thing_t?
* | util.uuid: Fix syntax of Teal interface declaration fileKim Alvefur2022-08-101-1/+1
| |
* | util.timer: Add Teal interface descriptionKim Alvefur2022-07-241-0/+8
| |
* | util.termcolours: Add Teal interface descriptionKim Alvefur2022-07-241-0/+7
| |
* | util.queue: Add Teal interface descriptionKim Alvefur2022-07-241-0/+21
| |
* | util.logger: Add Teal interface descriptionKim Alvefur2022-07-241-0/+18
| |
* | util.bitcompat: Add Teal type specificationKim Alvefur2022-06-301-0/+8
| |
* | util.struct: Add Teal interface description fileKim Alvefur2022-06-151-0/+6
| |
* | util.table: Add move() to Teal interface description fileKim Alvefur2022-06-151-0/+1
| |
* | util.set: Add teal type declaration fileKim Alvefur2022-02-161-0/+21
| |
* | util.serialization: Add Teal type specificationKim Alvefur2021-12-011-0/+33
| |
* | util.dataforms: Add missing :data() to Teal definitionKim Alvefur2021-11-151-0/+1
| |
* | util.dataforms: Restructure Teal definition fileKim Alvefur2021-11-151-45/+46
| | | | | | | | | | The PR has been merged and there's no reason not to have nested records and other definitions.
* | util.human.io: Add Teal interface definitionKim Alvefur2021-11-101-0/+28
| |
* | util.promise: Add Teal interface specification fileKim Alvefur2022-07-242-3/+23
| |
* | teal: add stub util.array teal defsKim Alvefur2022-07-241-0/+9
| |
* | net.server: Add teal description fileKim Alvefur2022-07-241-0/+65
| |
* | net.http: Add teal description filesKim Alvefur2022-07-246-0/+190
| |
* | util.human.units: Specify enum argument to format()Kim Alvefur2021-07-051-1/+4
| |
* | core.storagemanager: Convert old Typed Lua description file into TealKim Alvefur2021-03-242-68/+74
| | | | | | | | | | | | | | | | Still only a type definition. Typed Lua is no longer maintained. Teal is currently an active project.
* | util.hex: Update Teal spec for function rename in a0ff5c438e9dKim Alvefur2022-08-101-0/+2
| |
* | doap: Update XEP versions for which no code changes appear neededKim Alvefur2022-08-082-14/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | XEP-0004: Partial forms are handled XEP-0045: We're already strict with GC 1.0 XEP-0060: Change in semantics wrt 'pubsub#type', but not in code XEP-0115: No protocol change XEP-0138: Specification moved to Obsolete XEP-0163: Editorial only change XEP-0215: Minor schema change XEP-0280: Editorial change XEP-0297: Had the wrong version number XEP-0106: Note missing piece for version 1.1 XEP-0313: Editorial change XEP-0363: Editorial clarification, no code change required XEP-0380: Registry additions, no code change needed XEP-0384: Not directly supported, only here because people will ask otherwise XEP-0445: Broken out of XEP-0401
* | various: Update IETF RFC URLs for tools.ietf.org transitionKim Alvefur2022-08-054-10/+10
| | | | | | | | | | | | See https://www.ietf.org/blog/finalizing-ietf-tools-transition/ Already done in various other places.
* | mod_admin_shell: Remove obsolete module:load() argument from 0.8 timeKim Alvefur2022-08-051-2/+2
| | | | | | | | This 'config' argument was removed without explanation in d8dbf569766c
* | mod_tls: Record STARTTLS state so it can be shown in ShellKim Alvefur2022-08-022-1/+6
| | | | | | | | | | | | | | This field can be viewed using s2s:show(nil, "... starttls") even without any special support in mod_admin_shell, which can be added later to make it nicer. One can then assume that a TLS connection with an empty / nil starttls field means Direct TLS.
* | net.resolvers.basic: Add opt-out argument for DNSSEC security statusKim Alvefur2022-08-021-3/+5
| | | | | | | | | | | | | | This makes explicit which lookups can accept an unsigned response. Insecure (unsigned, as before DNSSEC) A and AAAA records can be used as security would come from TLS, but an insecure TLSA record is worthless.