aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | scansion: Fix tests failing after addition of pubsub#itemreply config fieldMatthew Wild2023-03-234-0/+51
| | | | | | | | This is a newly added field, and we expect to see it in these places now.
* | scansion: Fix tests failing due to lack of 'publisher'Matthew Wild2023-03-231-1/+1
| | | | | | | | | | publisher is no longer included by default in broadcasts, but configured via pubsub#itemreply instead.
* | scansion: Add tests for pubsub#itemreply in PEPMatthew Wild2023-03-221-0/+205
| |
* | scansion: PEP notifications no longer carry 'publisher' by defaultMatthew Wild2023-03-221-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | Previous behaviour: - publisher was always included in PEP notifications - publisher was never included in get_items requests New behaviour: - publisher is included in both notifications and retrieval if itemreply == publisher - publisher is not ever included if itemreply ~= publisher
* | mod_pep: Pass node/service objects to broadcaster when resending last itemMatthew Wild2023-03-221-1/+1
| | | | | | | | | | | | This gives the broadcaster access to the node configuration, which is now important for itemreply. It probably also fixes a bug with the notify_* node config options?
* | mod_pubsub/pubsub.lib: Fix accidental name/var swap (thanks scansion)Matthew Wild2023-03-221-2/+2
| |
* | mod_pubsub, mod_pep: Support per-node configurable inclusion of publisherMatthew Wild2023-03-223-4/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This matches ejabberd's behaviour, using the 'pubsub#itemreply' config option. Although the current definition of this option in the specification is not as clear as it could be, I think matching what existing deployments do is the best option to resolve the ambiguity and reduce fragmentation. We should update the spec to be clearer about how to use and interpret this option. The 'expose_publisher' option for mod_pubsub is now an override (always expose or never expose). If unset, it will use the per-node config (which defaults to not exposing). Thanks to Link Mauve, edhelas and goffi for sparking this feature.
* | mod_tokenauth: Fix traceback in get_token_session()Kim Alvefur2023-03-211-2/+2
| | | | | | | | | | | | | | Errors in sha256 becasue `token_secret` is nil since it was not passed to _get_validated_token_info(). Looks like a simple oversight in ebe3b2f96cad
* | CHANGES: Add keyval+Matthew Wild2023-03-211-0/+4
| |
* | features: Add "keyval+"Matthew Wild2023-03-211-0/+2
| |
* | storagemanager: Add keyval+ (combined keyval + map) store typeMatthew Wild2022-09-272-0/+203
| | | | | | | | | | | | | | | | This combines the two most common store types, which modules often end up opening with both interfaces separately anyway. As well as combining them, I've taken the opportunity to improve some of the method names to make them clearer.
* | core.features: Add feature for prosody.loaderKim Alvefur2023-03-181-0/+2
| | | | | | | | Allows modules explicit dependencies upon its availability
* | executables: Invoke loader to allow mixing of old and new import styleKim Alvefur2023-03-172-0/+8
| | | | | | | | | | Now both require"util.foo" and require"prosody.util.foo" should be equivalent.
* | mod_tokenauth: Switch to new token format (invalidates existing tokens!)Matthew Wild2023-03-211-14/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The new format has the following properties: - 5 bytes longer than the previous format - The token now has separate 'id' and 'secret' parts - the token itself is no longer stored in the DB, and the secret part is hashed - The only variable length field (JID) has been moved to the end - The 'secret-token:' prefix (RFC 8959) is now included Compatibility with the old token format was not maintained, and all previously issued tokens are invalid after this commit (they will be removed from the DB if used).
* | mod_tokenauth: Log error when token validation failsMatthew Wild2023-03-211-0/+3
| |
* | util.sasl.oauthbearer: Fix gs2-header parsingMatthew Wild2023-03-211-1/+1
| |
* | mod_auth_internal_plain: Fix user creation done via mod_admin_shellVitaly Orekhov2023-03-211-1/+4
| | | | | | | | | | | | | | | | | | Following the new behavior in auth_internal_hashed (c8f59ce7d3cf), the account will be created and disabled, instead of returning an error telling password being nil when calling saslprep(). Note that mod_auth_internal_plain does not have full support for enabled/disabled accounts, but that may be fixed in subsequent commits.
* | prosody.loader: Ensure already loaded modules are found in old and new ↵Kim Alvefur2023-03-171-0/+14
| | | | | | | | | | | | | | namespaces Prevents modules being initialized twice, ensuring that require"prosody.util.foo" == require"util.foo"
* | prosody.loader: Incorporate search path rewrite patch from Debian packagesKim Alvefur2023-03-171-8/+20
| | | | | | | | | | | | | | Nice to drop that patch. Will allow loading this to do something both when installed under a prosody directory or from a source checkout.
* | prosody.loader: Allow loading modules under 'prosody' namespace (#1223)Kim Alvefur2023-03-173-2/+19
| | | | | | | | | | | | | | | | | | | | Actually `hg mv`-ing all the files is disruptive, basically breaking everything from rebasing all my WIP draft commits to the package building. So instead, what if we didn't and instead rewrote package names as they are `require()`-d? Debian packages produced by the Prosody are already installed into this structure so much will Just Work if all require calls are updated.
* | mod_auth_internal_hashed: Shorten call pathKim Alvefur2023-03-181-3/+2
| | | | | | | | | | Why did it call a function defined in the same module through usermanager?
* | util.sasl.{scram,plain}: Pass authzid to SASL profile callbackKim Alvefur2023-03-162-5/+4
| | | | | | | | | | | | | | For potential future use. Used for logging into a different account than the one used for authentication.
* | util.jsonschema: Disable some further new failing testsKim Alvefur2023-03-111-1/+4
| | | | | | | | Absolute references, weird fractions, unevaluatedProperties???
* | util.jsonschema: Ignore some new tests in test suiteKim Alvefur2023-03-111-1/+4
| | | | | | | | These seem to be using absolute URI references, Not Yet Implemented
* | util.table: Expand table.move() tests (thanks mutation testing)Matthew Wild2023-03-171-0/+31
| |
* | util.sasl.scram: Fix off-by-one indentationKim Alvefur2023-03-161-2/+2
| |
* | util.sasl.oauthbearer: Adjust parsing of GS2 to allow lack of authzidKim Alvefur2023-03-162-4/+5
| | | | | | | | Partly copied from util.sasl.scram and then reduced a bit.
* | doap: Sort by XEP numberKim Alvefur2023-03-161-6/+6
| | | | | | | | | | | | To keep them sorted. Not pedantic at all!
* | util.sasl.oauthbearer: Return username from callback instead using authzid (BC)Kim Alvefur2023-03-162-38/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | RFC 6120 states that > If the initiating entity does not wish to act on behalf of another > entity, it MUST NOT provide an authorization identity. Thus it seems weird to require it here. We can instead expect an username from the token data passed back from the profile. This follows the practice of util.sasl.external where the profile callback returns the selected username, making the authentication module responsible for extracting the username from the token.
* | util.sasl.oauthbearer: Fix syntax error in b796e08e6376Matthew Wild2023-03-151-1/+1
| |
* | util.sasl.oauthbearer: Attach token_info to sasl handlerMatthew Wild2023-03-151-0/+2
| | | | | | | | | | | | This allows token-aware things to access extra information about the authentication, such as when the token is due to expire and the attached custom 'data'.
* | util.ip: Add Teal interface descriptionKim Alvefur2023-03-141-0/+20
| |
* | util.ip: Tests for truncate()Matthew Wild2023-03-141-0/+22
| |
* | mod_auth_internal_hashed: Record time of account disable / re-enableKim Alvefur2023-03-121-0/+2
| | | | | | | | Could be useful for e.g. #1772
* | util.ip: Add ip.truncate() to return a new IP with only the prefix of anotherMatthew Wild2023-03-141-0/+12
| |
* | util.ip: Add is_ip() helper method to detect if an object is an ip objectMatthew Wild2023-03-141-0/+5
| |
* | doap: Add RFC 7628 introduced in ab1164eda011Kim Alvefur2023-03-121-0/+1
| |
* | util.jwt: Import definition of key from util.cryptoKim Alvefur2023-03-101-4/+2
| | | | | | | | Turns out we had a definition of that already
* | util.jwt: Fixup argument and type orderKim Alvefur2023-03-101-1/+1
| |
* | mod_admin_shell: Limit module dependency listings to loaded on current hostKim Alvefur2023-03-101-2/+9
| | | | | | | | | | | | E.g. module:info("http") with many http modules loaded would show a lot of duplication, as each module would be listed for each host, even if not actually enabled on that host.
* | util.jwt: Document interface as Teal definition fileKim Alvefur2023-03-101-0/+40
| |
* | mod_authz_internal: Fix wrong role name field in user_can_assume_role()Kim Alvefur2023-03-091-1/+1
| | | | | | | | | | Made it reject the primary role since it compares against a non-existent field, i.e. nil.
* | Merge 0.12->trunkKim Alvefur2023-03-051-3/+7
|\|
| * mod_http: Unhook CORS handlers only if active (fixes #1801)Kim Alvefur2023-03-051-3/+7
| |
* | mod_admin_shell: Show reverse dependencies in module:info()Kim Alvefur2023-03-051-0/+6
| | | | | | | | Why was this module loaded? Now you can find out!
* | core.moduleapi: Record reverse dependenciesKim Alvefur2023-03-051-0/+4
| | | | | | | | | | Useful to know why a module was auto-loaded without having to dig trough all other modules for the one that depends on it.
* | authz: Add method for retrieving all rolesKim Alvefur2023-03-042-0/+11
| | | | | | | | | | | | | | | | Some of the OAuth stuff highlights a small need to retrieve a list of roles somehow. Handy if you ever need a role selector in adhoc or something. Unless there's some O(n) thing we were avoiding?
* | mod_tokenauth: Fix misplaced closing parenthesisKim Alvefur2023-03-021-1/+1
| | | | | | | | `type(x ~= y)` is always a string, thus truthy
* | util.sasl.oauthbearer: Fix traceback on authz in unexpected formatKim Alvefur2023-03-021-0/+4
| | | | | | | | | | | | E.g. if you were to just pass "username" without @hostname, the split will return nil, "username" and the nil gets passed to saslprep() and it does not like that.
* | mod_tokenauth: Gracefully handle missing tokensMatthew Wild2023-03-011-0/+1
| |