aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | Merge 0.12->trunkKim Alvefur2024-10-261-10/+10
|\|
| * mod_admin_adhoc: Fix log messages for reloading modules.Aidan Epstein2024-09-291-10/+10
| | | | | | | | Also rename for loop item so that it doesn't shadow module variable.
* | mod_invites_adhoc: Add password reset commandKim Alvefur2024-10-202-0/+31
| | | | | | | | | | | | To support cases where the admin does not have easy access to the command line to generate a password reset invite for someone who forgot their password.
* | Add Info about mod_announce in the CHANGES file of trunkMenel2024-10-211-0/+1
| |
* | util.xtemplate: Use same argument order in filters even without 'args'Kim Alvefur2024-10-162-11/+3
| | | | | | | | | | | | | | | | | | This removes the different argument order used between '{x|foo}' and '{x|foo(y)}' because the differing order was awkward and confusing. This util does not seem to be widely used so should not be problematic to change this part. The only known use is in mod_pubsub, which does not use the filter function feature.
* | mod_pubsub: Check new role framework for node creation privilegesKim Alvefur2024-10-131-2/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | This enables granting regular users permission to create nodes via the new roles framework. Previously this required either making everyone an admin or writing a custom mod_pubsub variant with different permission details. Previous default behavior of only allowing creation by admin is kept as to not give out unexpected permissions on upgrade, but could be reevaluated at a later time. Fixes #1324
* | MUC: Fix error with nonlegacy hats.Aidan Epstein2024-09-281-1/+1
| |
* | mod_csi: Update correct variables when counting statesKim Alvefur2024-09-211-2/+2
| |
* | mod_csi: Use same label name for gauge as for older counterKim Alvefur2024-09-061-1/+1
| | | | | | | | Consistency.
* | Merge 0.12->trunkKim Alvefur2024-08-302-2/+2
|\|
| * mod_invites: Fix traceback when token_info isn’t setEmmanuel Gil Peyrot2024-07-311-1/+1
| |
| * util.prosodyctl.cert: Ensure old cert is moved out of the wayKim Alvefur2024-08-301-1/+1
| | | | | | | | This should make it visible if the move fails
* | mod_admin_shell: Prevent traceback due to type errorKim Alvefur2024-08-261-1/+2
| | | | | | | | Here too
* | mod_s2s: Fix traceback due to type confusion (Thanks Menel)Kim Alvefur2024-08-261-1/+2
| | | | | | | | The code assumed a 2-d sparse array but it could also be a string.
* | Merge 0.12->trunkKim Alvefur2024-08-181-0/+1
|\|
| * core.moduleapi: Default labels to empty list to fix error if omittedKim Alvefur2024-08-181-0/+1
| | | | | | | | | | In a host-scoped module in the `if is_scoped` clause the resulting `array:append(nil)` call throws.
* | mod_csi: Optimize metrics collection (prematurely)Kim Alvefur2024-08-181-9/+10
| | | | | | | | I did not measure, but this should be way fewer function calls.
* | mod_csi: Rename unused loop variables to '_' [luacheck]Kim Alvefur2024-08-171-2/+2
| |
* | mod_csi: Count how many sessions are using CSI and their stateKim Alvefur2024-08-171-0/+20
| |
* | mod_s2s_bidi: Include empty list of labels in metricsKim Alvefur2024-08-161-3/+3
| | | | | | | | | | Throws error attempting to append the nil label list to an array for host-scoped metrics.
* | Merge 0.12->trunkKim Alvefur2024-08-161-0/+3
|\|
| * net.http: Throw error if missing TLS context for HTTPS requestKim Alvefur2024-08-081-0/+3
| | | | | | | | | | | | | | Prevents the mistake of creating a http context without any TLS context and then trying to use HTTPS, which doesn't work right. Thanks nils
* | mod_s2s_bidi: Collect some metricsKim Alvefur2024-08-111-0/+7
| |
* | mod_auth_internal_{hashed,plain}: Respect flag for disabled accounts in ↵Kim Alvefur2024-08-092-0/+6
| | | | | | | | | | | | | | test_password() This API method is used e.g. in HTTP modules which also should respect disabled accounts.
* | mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478Kim Alvefur2024-08-032-8/+37
| | | | | | | | | | | | | | | | This is the time after liveness checks are performed via the respective read-timeout event, which by default involves sending a space character but could be overridden e.g. as is done by mod_smacks. Only advertised, unsure what we would do with it.
* | core.certmanager: Include ffdhe2048 from RFC 7919 as default DH paramKim Alvefur2024-07-121-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | This removes one manual (yet undocumented) step that was supposed to be done to get a complete 'intermediate' configuration. This file can be found on the Internet by searching for "ffdhe2048" and can be verified by comparing the hexadecimal representation of p from the RFC with the output of `openssl asn1parse`. Given the preference and prevalence of ECDHE, it seems likely that few would have noticed this.
* | util.sslconfig: Support DH parameters as literal stringKim Alvefur2024-07-122-3/+16
| | | | | | | | Simplifies shipping well-known DH parameters in the config
* | Merge 0.12->trunkKim Alvefur2024-07-110-0/+0
|\|
| * util.xtemplate: Fix error on applying each() to zero stanzasKim Alvefur2024-07-112-2/+6
| | | | | | | | Backport of 1f93e4f78c53
* | util.xtemplate: Fix error on applying each() to zero stanzasKim Alvefur2024-07-113-2/+10
| |
* | Merge 0.12->trunkKim Alvefur2024-07-071-1/+16
|\|
| * net.server_event: Add 'wrapserver' APIKim Alvefur2024-07-071-1/+16
| | | | | | | | | | | | | | | | | | This enables accepting admin stream socket (UNIX) connections trough the same procedures as any other (TCP) socket, which avoids problems caused by using the wrapclient API, which ends up discarding early data due to only expecting early connection failure. Fixes #1867
* | MUC: Don't default component admins to being room ownersMatthew Wild2024-06-182-1/+5
| | | | | | | | | | | | | | | | | | | | This change has various technical and social benefits. If ownership of a MUC is really needed, it can be gained using the 'Set affiliation' ad-hoc command or prosodyctl shell. Example client incompatibility with the old behaviour: - https://github.com/monal-im/Monal/issues/1085
* | MUC: Add per-room PM restriction functionality (thanks Wirlaburla)Matthew Wild2024-05-232-0/+127
| | | | | | | | Based on mod_muc_restrict_pm in prosody-modules d82c0383106a
* | Merge 0.12->trunkKim Alvefur2024-06-121-0/+2
|\|
| * scansion: Enable blocklist compat during tests to fix CIKim Alvefur2024-06-121-0/+2
| |
* | scansion: Add roster groups setting to pubsub form in testsKim Alvefur2024-06-124-0/+6
| |
* | util.prosodyctl: Use notify socket to wait for Prosody to be readyKim Alvefur2024-05-191-0/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously, prosodyctl only waits for the pidfile to appear, which does not necessarily mean that Prosody is fully ready to receive traffic. By waiting until Prosody says it's ready via the systemd notify socket we know for sure that Prosody is really ready. Notably this should ensure that when running `make integration-test` Prosody is really ready when Scansion starts running tests. Not sure if this timeout handling is optimal.
* | net.server_epoll: Add support for systemd socket activationKim Alvefur2024-05-142-0/+41
| | | | | | | | | | | | | | | | | | | | Allows creating listening sockets and accepting client connections before Prosody starts. This is unlike normal Prosody dynamic resource management, where ports may added and removed at any time, and the ports defined by the config. Weird things happen if these are closed (e.g. due to reload) so here we prevent closing and ensure sockets are reused when opened again.
* | Merge 0.12->trunkKim Alvefur2024-04-271-2/+7
|\|
| * mod_admin_shell: Allow matching on host or bare JID in c2s:showKim Alvefur2023-03-311-2/+2
| | | | | | | | | | | | | | | | | | Only supporting exact match on full JID isn't helpful if you want to list sessions per host or user. Backport of 430333198e4c Fixes #1857
| * mod_blocklist: Drop blocked messages without error, option to restore ↵Kim Alvefur2024-04-271-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | compliant behavior From XEP-0191: > For message stanzas, the server SHOULD return an error, which SHOULD > be <service-unavailable/>. Following this may leak to a blocked JID that they have been blocked, which seems contrary to the goal of pretending to be perpetually offline.
* | mod_pep: Implement 'roster' (group) access_modelKim Alvefur2023-12-034-2/+26
| | | | | | | | | | | | | | Allows e.g. restricting your vcard4 to only family or similar. Notes: This does not include roster groups in the configuration form, so the client will have to get them from the actual roster.
* | mod_announce: Suppress luacheck warningsMatthew Wild2024-04-261-3/+3
| |
* | mod_announce: Add shell commands and APIs for sending to all/online/rolesMatthew Wild2024-04-241-3/+85
| |
* | prosodyctl shell: Fix invocation with 3+ command argumentsMatthew Wild2024-04-241-1/+1
| | | | | | | | | | | | | | The code correctly inserted the ',' when there was already a "%q" in the format string, but then the next argument would fail to match because it inserted ", %q" instead of "%q". The code now matches both, ensuring the generated code will not produce a syntax error with multiple arguments.
* | mod_blocklist: Fix fix signal for letting stanzas passKim Alvefur2024-04-231-2/+0
| | | | | | | | Returning nothing/nil lets stanzas pass, returning anything else blocks
* | mod_blocklist: Check JID of mediated MUC invite sender against blocklistMatthew Wild2024-04-221-1/+16
| | | | | | | | | | This ensures that someone on your blocklist is unable to invite you to MUC rooms.
* | mod_saslauth: Log when tls-exporter is NOT supported, as well as when it isMatthew Wild2024-04-171-0/+2
| |
* | net.unbound: Show canonical name in textual format (e.g. in shell)Kim Alvefur2024-04-141-1/+5
| | | | | | | | | | | | | | libunbound does not tell us the whole chain of CNAMEs, only the final canonical name. This is to aid in debugging since it will only be shown in the shell.