aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
Commit message (Collapse)AuthorAgeFilesLines
* mod_s2s: Improve robustness of outgoing s2s certificate verificationMatthew Wild2022-04-251-0/+11
| | | | | | | | | This change ensures we have positively verified the certificates of the server we are connecting to before marking the session as authenticated. It protects against situations where the verify-or-close stage of the connection was interrupted (e.g. due to an uncaught error). Thanks to Zash for discovery and testing.
* mod_storage_xep0227: Fix mapping of nodes without explicit configurationKim Alvefur2022-04-081-3/+1
| | | | | | | Turns out this table was wrong, it's missing some fields which are required and it's 'name', not 'node'. Setting it to the boolean true invokes compatibility behavior in mod_pep which results in the correct default structure.
* mod_storage_xep0227: Fix conversion of SCRAM into internal format (fix #1741)Kim Alvefur2022-04-081-1/+1
| | | | | Looks like this function was a copy of hex_to_base64 without modifying it to do its inverse.
* mod_storage_xep0227: Support basic listing of PEP nodes in absence of ↵Kim Alvefur2022-03-311-2/+11
| | | | | | pubsub#admin data Allows migrating PEP nodes with default settings
* mod_storage_xep0227: Improve loggingKim Alvefur2022-03-291-1/+1
| | | | What were we looking at?
* mod_storage_xep0227: Handle missing {pubsub#owner}pubsub element (fixes #1740)Matthew Wild2022-04-071-0/+3
|
* mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731)Matthew Wild2022-03-284-1/+8
| | | | | | | | | The same-origin policy enforced by browsers is a security measure that should only be turned off when it is safe to do so. It is safe to do so in Prosody's default modules, but people may load third-party modules that are unsafe. Therefore we have flipped the default, so that modules must explicitly opt in to having CORS headers added on their requests.
* mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)Matthew Wild2022-03-281-13/+31
| | | | | This is far better than pre-0.12, because we now have a universal way to configure and enable/disable CORS on a per-module basis.
* mod_tombstones: Add caching to improve performance on busy servers (fixes #1728)Matthew Wild2022-03-281-11/+42
|
* mod_turn_external: Update status and friendlier handling of missing secret ↵Matthew Wild2022-03-281-1/+4
| | | | option (fixes #1727)
* MUC: Allow kicking users with the same affiliation as the kicker (fixes #1724)Matthew Wild2022-03-231-4/+5
| | | | | | | | | | This is allowed by XEP-0045, which states: "A moderator SHOULD NOT be allowed to revoke moderation privileges from someone with a higher affiliation than themselves (i.e., an unaffiliated moderator SHOULD NOT be allowed to revoke moderation privileges from an admin or an owner, and an admin SHOULD NOT be allowed to revoke moderation privileges from an owner)."
* mod_external_services: Move error message to correct place (fix #1725)Kim Alvefur2022-03-231-2/+2
| | | | | This message was misplaced in c4599a7c534c when the @type and @host check was introduced.
* mod_pubsub: Don't attempt to use server actor as publisher (fixes #1723)Matthew Wild2022-03-211-1/+1
|
* mod_admin_socket: Improve error reporting when socket can't be created ↵Matthew Wild2022-03-191-2/+10
| | | | (fixes #1719)
* mod_admin_socket: Comment on LuaSocket UNIX compat codeKim Alvefur2022-03-161-0/+6
| | | | Ref #1717
* mod_admin_socket: Compat for luasocket prior to unix datagram supportKim Alvefur2022-03-151-0/+3
| | | | | | | | | | The "socket.unix" module exported only a function before https://github.com/lunarmodules/luasocket/commit/aa1b8cc9bc35e56de15eeb153c899e4c51de82a8 when datagram support was added. Fixes #1717 Thanks rsc and lucas for reporting and testing
* mod_invites_register: Push invitee contact entry to inviterKim Alvefur2022-03-151-0/+1
| | | | | | | | | Invitee would not show up in the roster of the invite creator unless they fetch their roster afterwards. Fixes #1715 Thanks gerald
* spelling: non-existing mistakes (thanks timeless)0.12.0Kim Alvefur2022-03-071-1/+1
|
* Spelling: Fix various spelling mistakes (thanks timeless)Kim Alvefur2022-03-072-3/+3
| | | | | | Words, sometimes I wonder how they even work Maybe I missed something.
* Merge config-updates+check-turn from timberMatthew Wild2022-03-049-12/+12
|\
| * util.hex: Deprecate to/from in favour of encode/decode, for consistency!Matthew Wild2022-03-042-3/+3
| |
| * usermanager, mod_saslauth: Default to internal_hashed if no auth module ↵Matthew Wild2022-02-101-1/+1
| | | | | | | | | | | | | | | | | | | | specified The default config was updated in this way long ago, but if no option was present in the config, Prosody would load internal_plain. This change can result in changes (for the better) for people using very old configuration files lacking an 'authentication' setting.
| * various: Require encryption by default for realKim Alvefur2021-12-255-6/+6
| | | | | | | | | | | | | | | | | | These options have been specified (and enabled) in the default config file for a long time. However if unspecified in the config, they were not enabled. Now they are. This may result in a change of behaviour for people using very old config files that lack the require_encryption options. But that's what we want.
| * mod_invites_register: Default to require encryptionMatthew Wild2022-02-101-1/+1
| | | | | | | | In line with the Prosody-wide default change for 0.12.
| * mod_legacyauth: Default to require encryptionMatthew Wild2022-02-101-1/+1
| |
* | mod_c2s,mod_s2s: Fix error on shutdown (Thanks Martin)Kim Alvefur2022-02-222-2/+2
| | | | | | | | | | Since there are two calls to done() that can happen, if the timing is right (or wrong) both can happen, which previously triggered an error.
* | mod_c2s,mod_s2s: Wrap callback to improve tracebacksKim Alvefur2022-02-222-2/+2
| | | | | | | | | | Should make traces point here instead of timer dispatch, making debugging easier
* | mod_carbons: Allow plugging into decision of whether to carbon-copyKim Alvefur2022-02-211-1/+9
| | | | | | | | Similar procedure as mod_csi_simple and mod_mam
* | mod_mam: Fix a commentKim Alvefur2021-12-111-1/+1
| | | | | | | | This is the noop that gets replaced later
* | mod_mam: Allow plugging into archive decisionKim Alvefur2021-12-101-4/+13
|/ | | | Similar procedure as mod_csi_simple
* mod_admin_shell: Use a table to show help sectionsKim Alvefur2022-02-201-17/+19
| | | | Because tables make everything better and more readable!
* mod_c2s: Ignore unused event payload [luacheck]Kim Alvefur2022-02-181-1/+1
|
* mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown ↵Kim Alvefur2022-02-172-2/+32
| | | | | | | | | | steps Ensures unavailable presence and other outgoing stanzas are sent. Waiting for c2s sessions to close first before proceeding to disable and close s2s ensures that unavailable presence can go out, even if it requires dialback to complete first.
* mod_c2s: Close ports in a separate, earlier event from closing sessionsKim Alvefur2022-02-181-0/+2
| | | | | Lets other things step in and do things while c2s ports are closed, e.g. mod_smacks, or other modules with port handlers that forward to c2s.
* mod_s2s: Disable creation of new outgoing connections during shutdownKim Alvefur2022-02-111-0/+7
|
* mod_c2s,mod_s2s: Disable and close port listeners before closing sessionsKim Alvefur2022-02-112-0/+14
| | | | This ensures no new clients can start connecting during shutdown
* mod_posix: Run signal handlers in the startup threadKim Alvefur2021-10-061-7/+13
|
* mod_admin_shell: Squeeze some characters out of the Certificate columnKim Alvefur2022-02-171-2/+2
| | | | The more compact these are, the better
* mod_admin_shell: Fix description of muc:room() (thanks Link Mauve)Kim Alvefur2022-02-151-1/+1
| | | | | But then this is the internal API which is weird and unfriendly to expose externally. Lots of methods to wrap tho ... one day.
* mod_turn_external: Fix type of config option (thanks mirux)Kim Alvefur2022-02-151-1/+1
| | | | | | There was a separate boolean option to enable TLS before, but it was merged with the port number option and it seems the typed API interface got confused.
* mod_invites_register: Load mod_register_ibr in invite only modeKim Alvefur2022-02-101-0/+4
| | | | | This ensures that registration actually works even if allow_registration is not enabled.
* mod_invites_register: Replace COMPAT hackKim Alvefur2022-02-101-1/+1
| | | | | This hack is not needed since a9c975a0f113 so can be removed when included with Prosody.
* mod_turn_external: Add option to enable TURN over TLSKim Alvefur2022-02-101-2/+6
| | | | | | Usually on port 443 to avoid restrictive firewalls. Thanks to Holger for discussion
* mod_turn_external: Simplify configurationKim Alvefur2022-02-101-2/+9
| | | | | Much harder to get boolean options wrong than accidentally adding something unrecognised to a Set.
* mod_admin_shell: Track connected events instead of createdKim Alvefur2022-02-061-3/+3
| | | | | | | | The connection events are more appropriate here, where the s2s-created events happens a bit later or earlier in a sessions lifetime depending on its direction and for outgoing connections isn't actually the creation time (which happens immediately after pressing enter, so not very interesting), but rather closer to the connection time.
* mod_s2s: Add new early s2s-connected eventsKim Alvefur2022-02-061-0/+3
| | | | | Allows doing things based on connections rather than sessions, which may have been created before or after.
* mod_smacks: Tweak resumption age buckets towards multiples of 60Kim Alvefur2022-02-041-1/+1
| | | | | This seems like the thing to do for time, which is usually divided into divisors divisible by 60, or multiplied by multiples of 60
* mod_http: Use interface name as default default global hostnameKim Alvefur2022-02-041-1/+1
| | | | | | | http://[::]:5280/ is as sensible as http://*:5280/ so why not This might be a bit weird when listening no multiple interfaces but not sure we can really do anything sensible then anyway.
* mod_http: Use http_default_host for URLs generated in global contextKim Alvefur2022-02-041-1/+2
| | | | | This might make the global routes less confusing sometimes, or at least valid URLs instead of http://*:5280/ which doesn't make much sense.
* mod_websocket: Only enable host-agnostic HTTP routing when enabled globallyKim Alvefur2022-02-041-1/+3
| | | | | | | This way the host-agnostic http://*:5280/ handler is not enabled, but BOSH can still be used with any local VirtualHost Ref #1712