aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
Commit message (Collapse)AuthorAgeFilesLines
* mod_invites_register: Don't restrict username for roster invites (thanks ↵origin/13.013.0Matthew Wild4 hours1-1/+1
| | | | | | | lissine) The username field of roster invites is the username of the inviter. It is not possible for a roster invite to restrict the registration username.
* mod_storage_internal: Fix queries with only start returning extra itemsKim Alvefur2 days1-10/+8
| | | | | | | | | | Queries with start > last item would return one item, because there's some boundary condition in binary_search(). This is here fixed by always applying filters that omit items outside the requested range. See also 2374c7665d0b
* mod_storage_sql: Retrieve all indices to see if the new one existsKim Alvefur5 days1-1/+1
| | | | Otherwise it warns about it being missing, even if it exists.
* mod_invites_register: Stricter validation of registration eventsMatthew Wild6 days1-2/+14
| | | | | | | | | | | | | | | This fixes two problems: 1) Account invites that were created with a specific username were not in fact restricted to that username. 2) Password reset invites were not restricted to resetting passwords, but could be used to create an arbitrary new account if the client or registration frontend (e.g. mod_invites_register_web) doesn't handle/enforce the username. This new validation ensures that registrations and resets are always for the username specified in the invitation.
* mod_storage_sql: Mark unused argument as suchKim Alvefur7 days1-1/+1
| | | | Make `make lint` happy again
* mod_storage_sql: Handle failure to deploy new UNIQUE indexKim Alvefur7 days1-4/+6
| | | | | | | | | | Somehow a user ended up with duplicate data preventing creation of the new unique index needed for UPSERT (see 3ec48555b773). This should eventually self-heal #1918 if the duplicate data is replaced by the older DELETE + INSERT method. Without any index at all, it will be slower.
* mod_http: Log problems parsing IP addresses in X-Forwarded-For (Thanks Boris)Kim Alvefur7 days1-3/+11
|
* mod_http: Fix IP address normalization (Thanks Boris)Kim Alvefur7 days1-1/+1
| | | | | | | | | | This fixes the problem that an un-bracketed IPv6 address will not match the first pattern (since it matches brackets) and instead the first decimal digits will match the pattern meant to strip port numbers from IPv4 addresses, e.g. 2001:db8::1 --> 2000 This pattern instead matches enough of a regular IPv4 address to make an IPv6 address fall back to the last case.
* mod_storage_sql: Add shell command to create tables and indices (again)Kim Alvefur7 days1-0/+33
| | | | | | | This is meant as a way to diagnose e.g. issues creating indices. It would have been nice to capture e.g. PostgreSQL notices, but LuaDBI would need support for this first, see https://github.com/mwild1/luadbi/issues/62
* mod_storage_sql: Delay showing SQL library error until attempted loadKim Alvefur9 days1-13/+17
| | | | | | | This should ensure that e.g. failure to load LuaSQLite3 is not logged unless it is needed, since module failures are very verbose. Closes #1919
* mod_admin_shell: Add role:list() and role:show() commandsMatthew Wild12 days1-0/+60
|
* mod_authz_internal: Improve error message when invalid role specifiedMatthew Wild12 days1-1/+5
|
* mod_admin_shell: Visual tweaks to the output of debug:cert_index()13.0.1Matthew Wild13 days1-2/+9
|
* mod_admin_shell: Add debug:cert_index() commandMatthew Wild13 days1-0/+50
|
* mod_tls: Collect full certificate chain validation informationKim Alvefur2025-04-011-1/+2
| | | | | | Enabling at least one of the ssl.verifyext modes enables a callback that collects all the errors, which are used by mod_s2s to report better problem descriptions.
* mod_s2s: Handle single message from chain validationKim Alvefur2025-04-011-9/+15
| | | | | | Setting ssl.verifyext enables a callback that collects all errors from every layer of the certificate chain. Otherwise a single string is returned, which we did not handle before.
* mod_s2s: Deal with OpenSSL changing spelling in stringsKim Alvefur2025-04-011-1/+1
| | | | https://github.com/openssl/openssl/commit/ade08735f9d0ac85d611c5abee8a1df651bbca13
* mod_tls: Enable Prosody's certificate checking for incoming s2s connections ↵Matthew Wild2025-04-011-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (fixes #1916) (thanks Damian, Zash) Various options in Prosody allow control over the behaviour of the certificate verification process For example, some deployments choose to allow falling back to traditional "dialback" authentication (XEP-0220), while others verify via DANE, hard-coded fingerprints, or other custom plugins. Implementing this flexibility requires us to override OpenSSL's default certificate verification, to allow Prosody to verify the certificate itself, apply custom policies and make decisions based on the outcome. To enable our custom logic, we have to suppress OpenSSL's default behaviour of aborting the connection with a TLS alert message. With LuaSec, this can be achieved by using the verifyext "lsec_continue" flag. We also need to use the lsec_ignore_purpose flag, because XMPP s2s uses server certificates as "client" certificates (for mutual TLS verification in outgoing s2s connections). Commit 99d2100d2918 moved these settings out of the defaults and into mod_s2s, because we only really need these changes for s2s, and they should be opt-in, rather than automatically applied to all TLS services we offer. That commit was incomplete, because it only added the flags for incoming direct TLS connections. StartTLS connections are handled by mod_tls, which was not applying the lsec_* flags. It previously worked because they were already in the defaults. This resulted in incoming s2s connections with "invalid" certificates being aborted early by OpenSSL, even if settings such as `s2s_secure_auth = false` or DANE were present in the config. Outgoing s2s connections inherit verify "none" from the defaults, which means OpenSSL will receive the cert but will not terminate the connection when it is deemed invalid. This means we don't need lsec_continue there, and we also don't need lsec_ignore_purpose (because the remote peer is a "server"). Wondering why we can't just use verify "none" for incoming s2s? It's because in that mode, OpenSSL won't request a certificate from the peer for incoming connections. Setting verify "peer" is how you ask OpenSSL to request a certificate from the client, but also what triggers its built-in verification.
* mod_roster: Fix shell commands when a component is involved (fixes #1908)Kim Alvefur2025-03-311-1/+1
| | | | | Prevent attempt to load rosters on Components since they do not have users or rosters.
* mod_admin_shell, prosodyctl shell: Report command failure when no password ↵Matthew Wild2025-03-311-1/+7
| | | | entered (fixes #1907)
* doap: Add XEP-0333Kim Alvefur2025-03-232-2/+0
|
* doap: Add XEP-0334Kim Alvefur2025-03-232-2/+0
|
* mod_http_file_share: Explicitly reject all unsupported rangesKim Alvefur2025-03-231-0/+3
| | | | Fail fast. Otherwise it sends the whole file.
* mod_http_file_share: Fix off by one in Range responseKim Alvefur2025-03-231-2/+3
| | | | See #1914
* mod_storage_sql: Drop legacy index without confirmation to ease upgradesKim Alvefur2025-03-231-10/+6
| | | | | Deleting one index should be safe enough to do without requiring a explicitly upgrading during downtime. People had trouble with this.
* mod_storage_sql: Fix indentationKim Alvefur2025-03-191-28/+28
| | | | Off-by-one in autoindent after `if not success then` since 3ec48555b773
* mod_http_file_share: Improve error reporting by using util.error moreKim Alvefur2025-03-161-9/+30
| | | | | This should pass back the error message as well as the status code to the client.
* prosodyctl shell: More reliable detection of REPL/interactive mode (fixes #1895)Matthew Wild2025-03-131-4/+2
|
* mod_admin_shell: Remove outdated help text (fixes #1898)Matthew Wild2025-03-131-7/+2
| | | | | | | | The ! commands have been broken for some time, and we're not going to implement them right now. If we want fancier editing, we can now do that on the client side (with readline and stuff). Also removes mention of telnet!
* mod_websocket: Merge session close handling changes from mod_c2s (bug fixes)Matthew Wild2025-03-111-11/+17
| | | | | | | | | | | | | | | | | This should bring some fixes and general robustness that mod_websocket had missed out on. The duplicated code here is not at all ideal. To prevent this happening again, we should figure out how to have the common logic in a single place, while still being able to do the websocket-specific parts that we need. The main known bug that this fixes is that it's possible for a session to get into a non-destroyable state. For example, if we try to session:close() a hibernating session, then session.conn is nil and the function will simply return without doing anything. In the mod_c2s code we already handle this, and just destroy the session. But if a hibernating websocket session is never resumed or becomes non-resumable, it will become immortal! By merging the fix from mod_c2s, the session should now be correctly destroyed.
* mod_c2s: Code formatting changeMatthew Wild2025-03-111-2/+6
| | | | | | Although we do sometimes use single-line if blocks, I'm expanding this one to make it easier to compare with the duplicated (but modified) code in mod_websocket that we plan to de-duplicate one day.
* mod_storage_internal: Use UUIDv7 for message idsMatthew Wild2025-03-101-2/+2
| | | | | | This matches what we use for SQL already, so provides some consistency. Client developers prefer sortable ids.
* mod_external_services: Also use TURN REST credential algo for 'turns' ↵Matthew Wild2025-03-011-0/+1
| | | | (thanks moreroid)
* mod_component: Don't return error reply for errors, fixes #1897Kim Alvefur2025-02-221-1/+3
|
* mod_bosh,mod_websocket: Don't load mod_http_altconnect in global contextKim Alvefur2025-02-222-2/+6
| | | | | | It blocked loading on VirtualHosts since it was already loaded globally Thanks eTaurus
* mod_invites: Hide --group flag unless mod_invites_groups is enabledMatthew Wild2025-02-171-1/+6
| | | | | | The WIP groups support is not complete yet, and won't work without extra modules (which are not yet a part of Prosody). For now we hide --group support unless mod_invites_groups (community module) is specified in modules_enabled.
* mod_invites: Fix traceback when no flags passedMatthew Wild2025-02-171-6/+6
|
* mod_invites: Deprecate 'mod_invites generate' in favour of new shell commandsMatthew Wild2025-02-171-108/+61
|
* mod_admin_shell: Improve help listing in non-REPL modeMatthew Wild2025-02-171-2/+36
|
* mod_admin_shell: Fix simple command execution (e.g. help)Matthew Wild2025-02-171-3/+15
|
* mod_admin_shell: Set flag on session when in REPL modeMatthew Wild2025-02-171-0/+4
|
* mod_admin_shell: Improved error handling for shell-invoked commandsMatthew Wild2025-02-171-5/+25
|
* mod_admin_shell, util.prosodyctl.shell: Process command-line args on ↵Matthew Wild2025-02-171-18/+95
| | | | | | | | | | | | server-side, with argparse support This allow a shell-command to provide a 'flags' field, which will automatically cause the parameters to be fed through argparse. The rationale is to make it easier for more complex commands to be invoked from the command line (`prosodyctl shell foo bar ...`). Until now they were limited to accepting a list of strings, and any complex argument processing was non-standard and awkward to implement.
* mod_invites: Fix storing --group (thanks lissine)Kim Alvefur2025-02-171-1/+1
| | | | | | | This made it ignore `--group` completely, but if you incorrectly used `--group foo` it would store `groups=true`. Introduced in 9ba11ef91ce4
* mod_bosh, mod_websocket: Add soft dependency on mod_http_altconnectMatthew Wild2025-02-162-0/+4
|
* mod_http_altconnect: Imported from prosody-modules 6d5a19bdd718 w/changesMatthew Wild2025-02-161-0/+52
| | | | | | | Changes from community version: - Add options to allow explicit control over whether BOSH/WS is advertised - Always serve XML at /host-meta (no guessing based on Accept), least surprising
* mod_http_file_share: Persist total storage usage when it increases (fixes #1891)Matthew Wild2025-02-151-0/+1
|
* core.certmanager: Move LuaSec verification tweaks to mod_s2sKim Alvefur2025-02-151-0/+8
| | | | | These two settings are only really needed for XMPP server-to-server connections.
* mod_cloud_notify, mod_cron, mod_invites: Add 'prosody.' prefix to requiresMatthew Wild2025-02-153-10/+10
|
* MUC: Use new XEP namespace for hats by defaultMatthew Wild2025-02-141-1/+1
| | | | Revert with muc_hats_compat = true in the config if necessary.
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-16 14:56:34 +0000