aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* mod_storage_xep0227: treat roster metadata pseudo-entry correctlyJonas Schäfer2022-01-151-1/+1
| | | | | | | | | | The roster version is stored in a pseudo-item which has the key `false`. The if condition in the touched code attempts to guard against this, but it does not take into account that the jid prepping returns nil instead of false. By moving the jid prepping into the if, we can check for the metadata entry safely.
* mod_storage_xep0227: be defensive against empty vCardJonas Schäfer2022-01-151-1/+1
| | | | | An empty vCard store may look like the empty table, which does not have the `attr` key, which would then blow up in util.stanza.deserialize.
* mod_http: Limit unencrypted http port (5280) to loopback by defaultKim Alvefur2022-01-152-0/+2
| | | | | | | | | | | | | | | | | | | | | | Since accessing this port directly over the wider Internet is unlikely to intentional anymore. Most uses will likely be by reverse proxies, by mistake or because of trouble configuring HTTPS. Blocking mistaken uses is just a good thing, letting users send potentially private things unencrypted tends to be Strongly Discouraged these days. Many reverse proxy setups operate over loopback, so listening there instead of all interfaces is a net improvement. Improved automatic certificate location and SNI support has mostly eliminated the need for manual certificate configuration so HTTPS should Just Work once certificates have been provided. For local testing during development, connecting over loopback is likely fine as well. When really needed, `http_interfaces` can still be set. Suggested by Link Mauve
* mod_cron: Allow for a small amount of timer driftKim Alvefur2022-01-152-2/+2
| | | | | | | | | If the timer activates a bit early then a task might be just a few seconds short of being allowed to run. This would run such a task rather than wait another hour. The value 0.5% chosen so that a weekly task does not run an entire hour earlier than last time.
* mod_storage_xep0227: Fix luacheck warningsMatthew Wild2022-01-141-2/+2
|
* mod_storage_xep0227: Add API to iterate all stores of a userMatthew Wild2022-01-141-7/+23
|
* mod_storage_xep0227: Skip self-contacts on roster importMatthew Wild2022-01-141-11/+15
|
* util.xml: Do not allow doctypes, comments or processing instructionsJonas Schäfer2022-01-102-3/+56
| | | | | | | | | | | | | | | | | | Yes. This is as bad as it sounds. CVE pending. In Prosody itself, this only affects mod_websocket, which uses util.xml to parse the <open/> frame, thus allowing unauthenticated remote DoS using Billion Laughs. However, third-party modules using util.xml may also be affected by this. This commit installs handlers which disallow the use of doctype declarations and processing instructions without any escape hatch. It, by default, also introduces such a handler for comments, however, there is a way to enable comments nontheless. This is because util.xml is used to parse human-facing data, where comments are generally a desirable feature, and also because comments are generally harmless.
* mod_http_file_share: Always measure total disk usage for statistics!Kim Alvefur2022-01-111-49/+46
| | | | | | | | | | | Metrics available or not depending on configuration is weird, even tho it might be expensive to calculate and it's only really needed when there is a global quota. Default quota is set to infinity, which is essentially what it was. Reports NaN if there is an error, which should count as over the infinite default quota.
* mod_bookmarks: Fix traceback on attempt to convert invalid bookmarkKim Alvefur2022-01-111-4/+9
| | | | | | | | Found by accidentally publishing {urn:xmpp:bookmarks:0}conference instead of :1 due to testing this earlier for the blocking. By the principle of garbage in, garbage out, just generate a bookmark from the item id / JID and carry on with a warning.
* mod_bookmarks: Block publishing to older XEP-0402 v0.3.0 nodeKim Alvefur2022-01-101-1/+8
| | | | | | | | Having both the :0 and :1 nodes would be especially awkward, since there is no upgrade path for this case. In theory, these should be rare since no clients should have been doing XEP-0402 unless mod_bookmarks(2) was enabled. This was guesstimated to be rare with most clients doing XEP-0048 with Private XML.
* mod_storage_xep0227: Fix writing non-user dataKim Alvefur2022-01-101-2/+3
| | | | | | | Attempt to concatenate nil 'user' Not much data actually makes sense but the migrator tries to write or clear these.
* mod_storage_xep0227: Ignore luacheck warningMatthew Wild2022-01-101-1/+1
|
* mod_storage_xep0227: Support for exporting nodes with no stored configurationMatthew Wild2022-01-101-0/+3
|
* mod_storage_xep0227: Allow overriding the input/output layer for XEP-0227 dataMatthew Wild2022-01-101-27/+49
| | | | This can (and will) be used to support in-memory import/export functions.
* mod_bookmarks: Skip migration of legacy data when emptyKim Alvefur2022-01-101-1/+1
| | | | Should save some cycles and not log the debug message on every login.
* mod_bookmarks: Make sure legacy bookmarks node exists to hold access modelKim Alvefur2022-01-101-19/+28
|
* mod_bookmarks: Broadcast notifications per XEP-0048 and XEP-0411Kim Alvefur2022-01-092-0/+43
| | | | For compatibility with clients relying on the notifications
* util.prosodyctl.cert: Fix boolean logic bugKim Alvefur2022-01-091-1/+1
| | | | | | | Boolean logic, never correct on the first try. We want to skip copying the same cert if it _has_ been imported already, not if it has not.
* migrator: Support pubsub and pep as a special-caseKim Alvefur2022-01-092-10/+25
| | | | | This sorta overloads the type suffix but PEP is used for enough stuff to justify this hack
* migrator: Enhance loggingKim Alvefur2022-01-091-4/+11
|
* migrator: Add option to keep going despite errorsKim Alvefur2022-01-091-0/+14
|
* migrator: Also migrate host/non-user archive dataKim Alvefur2022-01-091-3/+2
| | | | Needed for things like mod_http_file_share
* migrator: Refactor out individual item migrator for code deduplicationKim Alvefur2022-01-091-16/+18
|
* migrator: Include --options in usage infoKim Alvefur2022-01-091-1/+4
|
* migrator: Reuse earlier usage textKim Alvefur2022-01-091-3/+7
|
* migrator: Customise cli argument parsing (--help, --verbose)Kim Alvefur2022-01-091-1/+8
| | | | | Previously -v etc would do nothing and --config without argument would not have worked correctly.
* util.startup: Allow supplying an argument parsing settingsKim Alvefur2022-01-091-2/+2
| | | | | | The 'prosody' global is not global this early so there was no way to override the process type field or argument parsing settings from outside, e.g. from the migrator.
* util.prosodyctl.check: Parameterize replacement instructionsKim Alvefur2022-01-081-11/+25
| | | | | This ought to make it easier to translate in the future. And easier to reword, now!
* util.prosodyctl.check: Move word to ease future translationsKim Alvefur2022-01-081-13/+13
| | | | | | | | | | | Recent experience with translations in the context of Snikket highlighted that sentences spread across concatenated strings like this makes the experience less than pleasant for translators. We don't have translation yet, but it is a future goal and why not? The duplication can be solved with a parameterized function for the common cases.
* util.prosodyctl.check: Use same wording about 'daemonize' and 'no_daemonize'Kim Alvefur2022-01-081-1/+1
| | | | Why would they use different wording?
* mod_bookmarks: Add option for disabling upgrade of legacy bookmarksKim Alvefur2022-01-081-1/+3
| | | | | Might be nice to reduce amount of things happening on connect once all users has upgraded
* mod_bookmarks: Unhook PEP service objects on removal from cacheKim Alvefur2022-01-081-1/+4
| | | | See 1dc00ca6ee9d
* util.pposix: Use mallinfo2() on glibc 2.33, fix #1649Kim Alvefur2022-01-061-5/+12
|
* util.pubsub: Fix item store resize to "max"Kim Alvefur2022-01-064-1/+28
| | | | | Previously this would end up passing the "max" directly to the underlying storage.
* mod_bookmarks: Override the node configuration if it was wrongEmmanuel Gil Peyrot2022-01-061-0/+20
|
* mod_invites: Comment on module loading for HTTP invite URLsKim Alvefur2022-01-051-0/+1
|
* core.certmanager: Disable DANE name checks (not needed for XMPP)Kim Alvefur2021-09-161-1/+1
| | | | | | | Pending https://github.com/brunoos/luasec/pull/179 Should not be done globally, but rather only for s2sout, but that would have to be in mod_tls then.
* mod_bookmarks: Remove compatibility with 0.11Emmanuel Gil Peyrot2022-01-041-6/+0
|
* mod_bookmarks: Import mod_bookmarks2 from prosody-modules @ ad7767a9f3eaEmmanuel Gil Peyrot2022-01-043-0/+417
|
* util.dependencies: Enable warning about missing lua-unboundKim Alvefur2022-01-051-3/+2
| | | | Packages exists now.
* core.modulemanager: Remove compat for mod_console rename in 0.8Kim Alvefur2022-01-051-7/+0
| | | | | Should no longer be needed, especially since mod_admin_telnet morphed into mod_admin_shell and mod_admin_socket
* mod_invites_adhoc: Import from prosody-modules@5001104f0275Kim Alvefur2022-01-052-0/+127
|
* mod_invites_register: Import from prosody-modules@797b51043767Kim Alvefur2021-12-293-0/+177
|
* mod_invites: Silence luacheck warningKim Alvefur2022-01-051-1/+1
|
* mod_invites: Import from prosdy-modules@5fc306239db3Kim Alvefur2021-12-272-0/+340
|
* util.stanza: Cover :find method in testsKim Alvefur2021-12-311-0/+12
| | | | This method is a bit complex so good to have some test coverage
* util.stanza: Remove dead codeKim Alvefur2021-12-311-5/+0
| | | | | These cases are caught by `check_text(v, ..)` above. Those errors do not contain the attribute however, which would have been nice.
* util.stanza: Increase test coverage to cover validation errorsKim Alvefur2021-12-311-0/+25
|
* util.stanza: Make type error message consistent with othersKim Alvefur2021-12-311-1/+1
|