aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* mod_authz_internal: Hint at roles for external JIDs being read-onlyKim Alvefur2024-11-011-1/+1
| | | | | Roles for JIDs outside the current host are derived from configuration only with this module.
* mod_admin_shell: Allow assigning roles to arbitrary JIDs when supportedKim Alvefur2024-11-011-1/+5
| | | | mod_authz_internal does not support this
* scansion: Remove publisher attribute from bookmarks2 testsKim Alvefur2024-10-311-2/+2
| | | | | Seems exposing publisher is not enabled in mod_pep, but then it'll be the user themselves most of the time
* scansion: Import XEP-0402 test from prosody-modules rev 2c6b14207271Kim Alvefur2024-10-311-0/+181
| | | | This corresponds to the file mod_bookmarks2/tests/bookmarks2.scs
* util.crypto: Add more ECC methodsStephen Paul Weber2024-10-292-0/+137
| | | | | | | pkey_meth_derive: to derive a shared symmetric key from two ECC keys pkey_meth_public_raw: to get the raw form of the public key import_public_ec_raw: to import the raw form of the public key generate_p256_keypair: key generation for the P-256 curve
* util.pubsub: Fix test to account for not using util.errorKim Alvefur2024-10-291-1/+1
|
* mod_pubsub: Move precondition error wrangling out of util.pubsubKim Alvefur2024-10-292-9/+5
| | | | | | | | | Removes dependency on util.error from util.pubsub which was only used for this one special case. Line count reduction! Would be even nicer if templating could be done by util.error itself.
* util.error: Use is_error() instead of is_err() everywhereKim Alvefur2024-10-293-9/+9
| | | | Continuation of 4b39691a274e
* mod_pubsub: Allow passing additional error contextKim Alvefur2024-10-271-4/+4
| | | | Sometimes it is useful to pass additional information along.
* mod_pubsub: Use error registryKim Alvefur2024-10-271-10/+5
| | | | | | | | | | This is what util.error was made for! This replaces the custom error stanza builder with common code in util.stanza that knows enough about util.error and namespaced errors. Some awkwardness remains in the way util.pubsub returns conflicting form fields.
* doap: Update XEP for mostly editorial changesKim Alvefur2024-10-261-15/+15
| | | | | | | | | | | | | | | | | | | | | XEP-0004: Changes <reported> which is not implemented XEP-0030: A note on some implementations not advertising disco#info XEP-0106: Now references PRECIS which we don't have access to XEP-0107: Editorial fixing of a typo XEP-0133: Removal of 'Get User Password' already done in 21a1b9fb08a1, editorial changes XEP-0153: Editorial changes XEP-0198: Editorial changes and clarifications XEP-0223: Updated security considerations XEP-0292: The difference is that the iq syntax implemented in mod_vcard4 is removed. To become compliant, simply unload this module. XEP-0313: Editorial and minor changes XEP-0398: Advanced to Stable, no other changes XEP-0398: Now mentions the implementation method used in mod_vcard_legacy XEP-0402: Changes only affecting clients XEP-0421: Added requirements we already satisfy XEP-0440: Editorial changes XEP-0478: Editorial changes Due to their size, review of changes to XEP-0045 and XEP-0060 has been left for later.
* util.dnsregistry: Refresh from IANAKim Alvefur2024-10-261-1/+6
| | | | For freshness. Not that it matters a lot for Prosody
* Merge 0.12->trunkKim Alvefur2024-10-261-10/+10
|\
| * mod_admin_adhoc: Fix log messages for reloading modules.Aidan Epstein2024-09-291-10/+10
| | | | | | | | Also rename for loop item so that it doesn't shadow module variable.
* | mod_invites_adhoc: Add password reset commandKim Alvefur2024-10-202-0/+31
| | | | | | | | | | | | To support cases where the admin does not have easy access to the command line to generate a password reset invite for someone who forgot their password.
* | Add Info about mod_announce in the CHANGES file of trunkMenel2024-10-211-0/+1
| |
* | util.xtemplate: Use same argument order in filters even without 'args'Kim Alvefur2024-10-162-11/+3
| | | | | | | | | | | | | | | | | | This removes the different argument order used between '{x|foo}' and '{x|foo(y)}' because the differing order was awkward and confusing. This util does not seem to be widely used so should not be problematic to change this part. The only known use is in mod_pubsub, which does not use the filter function feature.
* | mod_pubsub: Check new role framework for node creation privilegesKim Alvefur2024-10-131-2/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | This enables granting regular users permission to create nodes via the new roles framework. Previously this required either making everyone an admin or writing a custom mod_pubsub variant with different permission details. Previous default behavior of only allowing creation by admin is kept as to not give out unexpected permissions on upgrade, but could be reevaluated at a later time. Fixes #1324
* | MUC: Fix error with nonlegacy hats.Aidan Epstein2024-09-281-1/+1
| |
* | mod_csi: Update correct variables when counting statesKim Alvefur2024-09-211-2/+2
| |
* | mod_csi: Use same label name for gauge as for older counterKim Alvefur2024-09-061-1/+1
| | | | | | | | Consistency.
* | Merge 0.12->trunkKim Alvefur2024-08-302-2/+2
|\|
| * mod_invites: Fix traceback when token_info isn’t setEmmanuel Gil Peyrot2024-07-311-1/+1
| |
| * util.prosodyctl.cert: Ensure old cert is moved out of the wayKim Alvefur2024-08-301-1/+1
| | | | | | | | This should make it visible if the move fails
* | mod_admin_shell: Prevent traceback due to type errorKim Alvefur2024-08-261-1/+2
| | | | | | | | Here too
* | mod_s2s: Fix traceback due to type confusion (Thanks Menel)Kim Alvefur2024-08-261-1/+2
| | | | | | | | The code assumed a 2-d sparse array but it could also be a string.
* | Merge 0.12->trunkKim Alvefur2024-08-181-0/+1
|\|
| * core.moduleapi: Default labels to empty list to fix error if omittedKim Alvefur2024-08-181-0/+1
| | | | | | | | | | In a host-scoped module in the `if is_scoped` clause the resulting `array:append(nil)` call throws.
* | mod_csi: Optimize metrics collection (prematurely)Kim Alvefur2024-08-181-9/+10
| | | | | | | | I did not measure, but this should be way fewer function calls.
* | mod_csi: Rename unused loop variables to '_' [luacheck]Kim Alvefur2024-08-171-2/+2
| |
* | mod_csi: Count how many sessions are using CSI and their stateKim Alvefur2024-08-171-0/+20
| |
* | mod_s2s_bidi: Include empty list of labels in metricsKim Alvefur2024-08-161-3/+3
| | | | | | | | | | Throws error attempting to append the nil label list to an array for host-scoped metrics.
* | Merge 0.12->trunkKim Alvefur2024-08-161-0/+3
|\|
| * net.http: Throw error if missing TLS context for HTTPS requestKim Alvefur2024-08-081-0/+3
| | | | | | | | | | | | | | Prevents the mistake of creating a http context without any TLS context and then trying to use HTTPS, which doesn't work right. Thanks nils
* | mod_s2s_bidi: Collect some metricsKim Alvefur2024-08-111-0/+7
| |
* | mod_auth_internal_{hashed,plain}: Respect flag for disabled accounts in ↵Kim Alvefur2024-08-092-0/+6
| | | | | | | | | | | | | | test_password() This API method is used e.g. in HTTP modules which also should respect disabled accounts.
* | mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478Kim Alvefur2024-08-032-8/+37
| | | | | | | | | | | | | | | | This is the time after liveness checks are performed via the respective read-timeout event, which by default involves sending a space character but could be overridden e.g. as is done by mod_smacks. Only advertised, unsure what we would do with it.
* | core.certmanager: Include ffdhe2048 from RFC 7919 as default DH paramKim Alvefur2024-07-121-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | This removes one manual (yet undocumented) step that was supposed to be done to get a complete 'intermediate' configuration. This file can be found on the Internet by searching for "ffdhe2048" and can be verified by comparing the hexadecimal representation of p from the RFC with the output of `openssl asn1parse`. Given the preference and prevalence of ECDHE, it seems likely that few would have noticed this.
* | util.sslconfig: Support DH parameters as literal stringKim Alvefur2024-07-122-3/+16
| | | | | | | | Simplifies shipping well-known DH parameters in the config
* | Merge 0.12->trunkKim Alvefur2024-07-110-0/+0
|\|
| * util.xtemplate: Fix error on applying each() to zero stanzasKim Alvefur2024-07-112-2/+6
| | | | | | | | Backport of 1f93e4f78c53
* | util.xtemplate: Fix error on applying each() to zero stanzasKim Alvefur2024-07-113-2/+10
| |
* | Merge 0.12->trunkKim Alvefur2024-07-071-1/+16
|\|
| * net.server_event: Add 'wrapserver' APIKim Alvefur2024-07-071-1/+16
| | | | | | | | | | | | | | | | | | This enables accepting admin stream socket (UNIX) connections trough the same procedures as any other (TCP) socket, which avoids problems caused by using the wrapclient API, which ends up discarding early data due to only expecting early connection failure. Fixes #1867
* | MUC: Don't default component admins to being room ownersMatthew Wild2024-06-182-1/+5
| | | | | | | | | | | | | | | | | | | | This change has various technical and social benefits. If ownership of a MUC is really needed, it can be gained using the 'Set affiliation' ad-hoc command or prosodyctl shell. Example client incompatibility with the old behaviour: - https://github.com/monal-im/Monal/issues/1085
* | MUC: Add per-room PM restriction functionality (thanks Wirlaburla)Matthew Wild2024-05-232-0/+127
| | | | | | | | Based on mod_muc_restrict_pm in prosody-modules d82c0383106a
* | Merge 0.12->trunkKim Alvefur2024-06-121-0/+2
|\|
| * scansion: Enable blocklist compat during tests to fix CIKim Alvefur2024-06-121-0/+2
| |
* | scansion: Add roster groups setting to pubsub form in testsKim Alvefur2024-06-124-0/+6
| |
* | util.prosodyctl: Use notify socket to wait for Prosody to be readyKim Alvefur2024-05-191-0/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously, prosodyctl only waits for the pidfile to appear, which does not necessarily mean that Prosody is fully ready to receive traffic. By waiting until Prosody says it's ready via the systemd notify socket we know for sure that Prosody is really ready. Notably this should ensure that when running `make integration-test` Prosody is really ready when Scansion starts running tests. Not sure if this timeout handling is optimal.