aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | net.tls_luasec: Expose method for loading a certificateKim Alvefur2023-05-272-2/+2
| | | | | | | | | | Further isolates LuaSec from Prosody core, with the ultimate goal of allowing LuaSec to be replaced more easily.
* | net.certmanager: Move LuaSec feature detection to net.tls_luasecKim Alvefur2023-05-272-35/+36
| | | | | | | | | | Further isolates LuaSec from Prosody core, with the ultimate goal of allowing LuaSec to be replaced more easily.
* | util.dependencies: Print tables itself to reduce number of importsKim Alvefur2023-05-261-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rationale: See diffstat When this module is imported, it ends up calling stty via term_width() in util.human.io.table(). When this happens outside of a terminal, the following message is sent to stdout: stty: 'standard input': Inappropriate ioctl for device Not importing this module avoids that. Furthermore three is value in this module having minimal dependencies as they might not be available when it does the checks. Ref a1fed82c44b9
* | util.sasl: Add basic tests for OAUTHBEARERKim Alvefur2023-05-261-0/+32
| |
* | util.sasl.oauthbearer: Tighter parsing of SASL messageKim Alvefur2023-05-261-1/+3
| | | | | | | | | | Previously the kvsep before and after the kvpairs would have been included in kvpairs, which is incorrect but should be harmless.
* | Merge 0.12->trunkKim Alvefur2023-05-242-0/+6
|\|
| * mod_s2s: Add event where resolver for s2sout can be tweakedKim Alvefur2022-08-182-0/+6
| | | | | | | | | | | | | | | | Could be used to implement custom connection methods (c.f. mod_onions) without needing to duplicate the rest of route_to_new_session(). Adds a feature to enable detection since it can be difficult to detect support for an event otherwise.
* | teal: Describe http_url methodKim Alvefur2023-05-241-0/+3
| | | | | | | | | | It is not part of the "real" module API, but used in various places. Extending the API seems hard to describe in a type-safe way.
* | mod_admin_shell: Show internal URL in addition to external in http:listKim Alvefur2023-05-241-5/+8
| | | | | | | | To help with configuring reverse proxies.
* | mod_http: Add way to retrieve internal URL instead of externalKim Alvefur2023-05-241-2/+2
| | | | | | | | | | | | | | | | This could be of help when configuring reverse proxies, as it is the internal URL the proxy must point at. Argument treated as an enum "internal" "external"(default) to allow for future extensibility.
* | util.jsonschema: Update test suite ignore rulesKim Alvefur2023-05-201-5/+6
| | | | | | | | A test case was added in the middle, so all these need to be reordered.
* | mod_admin_shell: Allow logging HTTP events with debug:logevents("http")Kim Alvefur2023-05-141-0/+3
| | | | | | | | | | Mirroring debug:events("http"), and to replace the "Firing event: GET /" log lines in net.http.server
* | mod_admin_shell: Allow logging global events with debug:logevents("*")Kim Alvefur2023-05-141-1/+5
| | | | | | | | Missing feature. It should behave like debug:events()
* | net.http.server: Remove "Firing event" logs, use event logging insteadKim Alvefur2023-05-141-4/+0
| | | | | | | | | | | | | | | | Since these are noisy and we have the thing in util.helpers to log events fired. The new status line events are meant to replace these as they include more useful info.
* | net.http.server: Log request and response status linesKim Alvefur2023-05-141-0/+3
| | | | | | | | Points out the beginning and end of a request.
* | net.http.server: Assign each request its own log sourceKim Alvefur2023-05-141-5/+8
| |
* | net.http.server: Assign an ID to each request, shared with responseKim Alvefur2023-05-141-0/+3
| | | | | | | | | | Goal is improve tracking of individual HTTP requests throughout its life-cycle. Having a single ID to use in logging should help here.
* | mod_tokenauth: Support selection of _no_ role at allKim Alvefur2023-05-071-5/+6
| | | | | | | | | | | | If a grant does not have a role, we should not go and make one up. While not very useful for XMPP if you can't even login, it may be useful for OAuth2/OIDC.
* | mod_tokenauth: Return error instead of session for token without roleKim Alvefur2023-05-071-1/+3
| | | | | | | | | | Such a session triggers errors in module:may or other places since it is generally expected that a session must have a role.
* | mod_adhoc: Silence permission errors when listing commandsKim Alvefur2023-05-071-3/+3
| | | | | | | | | | | | | | | | | | Since throwing a pile of 'access denied', even at debug level, seems akin to calling wolf :) Cutting down on debug noise is also good. Passing a flag instead of using module:could seemed easier here.
* | mod_invites: Fix password reset invitesKim Alvefur2023-05-071-1/+1
| | | | | | | | Caused by roles changing from table|nil to always table in c2616274bef7
* | core.sessionmanager: Delay closing a replaced connection after replacementKim Alvefur2023-05-072-2/+2
| | | | | | | | | | | | | | | | | | | | Closing the session invokes ondisconnect and session close logic, including mod_smacks hibernation and the timer that destroys the session after a timeout. By closing the connection after it has been detached from the sessions table it will no longer invoke the ondetach handler, which should prevent the above problem.
* | doap: Update reference for publishing of XEP-0478: Stream Limits AdvertisementKim Alvefur2023-05-041-1/+2
| |
* | mod_c2s,mod_s2s: Fix tag name for SLA (thanks mjk)Kim Alvefur2023-05-032-5/+5
| | | | | | | | | | | | | | The (still not published) XEP-xxxx: Stream Limits Advertisement uses the element <max-bytes/> to advertise the maximum octet size of top level stream elements. "size" was probably a leftover of an even earlier version of the (Proto)XEP.
* | Merge 0.12->trunkKim Alvefur2023-05-011-0/+8
|\|
| * mod_csi_simple: Disable revert-to-inactive timer when going to active modeKim Alvefur2023-05-011-0/+4
| | | | | | | | This timer shouldn't kick in in the middle of active mode.
| * mod_csi_simple: Clear delayed active mode timer on disableKim Alvefur2023-05-011-0/+4
| | | | | | | | | | | | It should not be there afterwards. Noticed that it seems to fire some time after resumption claiming that the queue size is nil, implying that it may hold a reference to an expired session somehow.
* | mod_admin_shell: Refactor 'cert' columnKim Alvefur2023-04-301-4/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Removes some dead code and hopefully simplifies a bit. There's a tree of possibilities with the two tri-state status properties, something like chain: * nil -- cert validation disabled? * invalid -- something wrong with the chain (including ee cert) * valid -- chain ok cert: * nil -- incomplete validation?? * invalid -- mismatched names or such * valid -- all good!
* | util.jsonschema: Fix UTF-8ness of 'minLength' and 'maxLength'Kim Alvefur2023-04-233-6/+17
| |
* | util.jsonschema: Implement 'minContains' and 'maxContains'Kim Alvefur2023-04-233-12/+8
| |
* | util.jsonschema: Add some comments wrt Lua-specificsKim Alvefur2023-04-221-0/+4
| |
* | util.jsonschema: Implement 'luaPattern' - Lua variant of 'pattern'Kim Alvefur2023-04-222-0/+7
| | | | | | | | | | Like 'pattern' but uses Lua patterns instead of Regular Expressions, since only a subset of regex are also valid Lua patterns.
* | util.jsonschema: Implement 'luaPatternProperties' as Lua variant of ↵Kim Alvefur2023-04-222-2/+42
| | | | | | | | | | | | | | | | 'patternProperties' Previous version of this patch used 'patternProperties' but that would only work with simpler ECMA-262 regular expressions are also valid Lua patterns.
* | util.jsonschema: Tweak description of disabled testKim Alvefur2023-04-221-1/+1
| | | | | | | | | | | | This doesn't fail because of additionalProperties, looks more like some issue with recursive definitions and util.jsonpointer that I don't want feel like investigating now.
* | util.jsonschema: Enable passing IEEE 754 equality testKim Alvefur2023-04-221-1/+0
| |
* | util.jsonschema: Fix NYI 'patternProperties' definitionKim Alvefur2023-04-221-1/+1
| | | | | | | | It's defined as an object mapping regex to schema, not a single schema
* | util.error: Add test for #1805Kim Alvefur2023-04-191-0/+3
| | | | | | | | Checks that it doesn't fail on a stanza without <error> tag
* | Merge 0.12->trunkKim Alvefur2023-04-192-2/+2
|\|
| * util.error: Fix error on conversion of invalid error stanza, fix #1805Kim Alvefur2023-04-191-1/+1
| | | | | | | | | | | | | | | | | | Error stanzas should have an <error> element, but if you pass a stanza without one to util.error.from_stanza() it triggers an attempt to index a nil value, which this patch avoids. In the conditional, it should be safe to assume error_tag is non-nil since condition can't have those values then.
| * mod_admin_shell: Fix display of remote cert status when expired etcKim Alvefur2023-04-061-1/+1
| | | | | | | | | | Looks like autocomplete unhelpfully capitalized this word, but it's lowercase where it is set in mod_s2s_auth_certs
* | mod_tls: Drop request for client certificates on outgoing connectionsKim Alvefur2023-04-191-1/+1
| | | | | | | | | | | | It is the other end who should request client certificates for these connections, we only need to send ours. Hopefully this was treated as a noop, so probably no harm in keeping it. But hey, spring cleaning? :)
* | mod_csi: Always advertise featureKim Alvefur2023-04-161-2/+1
| | | | | | | | | | | | Was previously supposed to be conditionally advertised based on availability of a module handling the actual optimizations, which was removed in be9ac41f1619
* | mod_tokenauth: Fix parsing binary part of tokensKim Alvefur2023-04-121-1/+1
| | | | | | | | | | | | Fixes parsing of tokens that happen to have a `;` in their secret part, otherwise it splits there and the later bit goes into the username and hitting the "Invalid token in storage" condition.
* | mod_tokenauth: Only check if expiry of expiring tokensKim Alvefur2023-04-121-1/+1
| | | | | | | | | | | | | | | | Some tokens, e.g. OAuth2 refresh tokens, might not have their lifetime explicitly bounded here, but rather be bounded by the lifetime of something else, like the OAuth2 client. Open question: Would it be better to enforce a lifetime on all tokens?
* | mod_admin_shell: Use same wildcard matching in other s2s commandKim Alvefur2023-04-101-6/+5
| | | | | | | | Consistency is nice.
* | mod_admin_shell: Factor apart wildcard matching into function for reuseKim Alvefur2023-04-101-14/+18
| | | | | | | | Applying this for s2s:close[all]() would also be nice.
* | mod_csi: Remove module status, doesn't work because of mod_smacksKim Alvefur2023-04-101-12/+0
| | | | | | | | | | | | | | This was meant to warn in case you had only mod_csi without a logic handling module like mod_csi_simple by checking if anything hooked this event, however mod_smacks also hooks this event and so this isn't really a useful way of detecting this condition.
* | mod_http: Fix reliance on previous tostring() format of util.setKim Alvefur2023-04-101-2/+7
| | | | | | | | | | | | | | | | a863e4237b91 unintentionally changed the format of HTTP CORS headers, which were apparently relying on the output of tostring(), which it shouldn't have. Explicitly serializing it this time.
* | util.human.io: Fix column width miscalculationKim Alvefur2023-04-091-3/+0
| | | | | | | | | | | | Fixes that the more fixed width columns there are, the narrower the resulting table becomes. A right-aligned variable-width column at the last position should always be flush to the right side of the terminal.
* | util.human.io: Fix error with ellipsis to negative lengthKim Alvefur2023-04-091-1/+1
| | | | | | | | | | Can happen if you resize the terminal too narrow that the space left for variable width columns end up negative.