| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
MattJ contributed new APIs for retrieving the actually used certificate
and chain to LuaSec, which are not in a release at the time of this
commit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This originally used a WIP implementation of cert:sigalg(), a method to
retrieve certificate signature algorithm, but it was never submitted
upstream. https://github.com/Zash/luasec/tree/zash/sigalg
cert:getsignaturename() was merged in
https://github.com/brunoos/luasec/commit/de393417b7c7566caf1e0a0ad54132942ac4f049
XEP-0440 v0.3.0 made implementing tls-server-end-point a MUST
|
|
|
|
|
|
|
|
| |
Since this channel binding method is said to enable TLS offloading then
you need tell Prosody the hash (or the full cert), so this seems like a
good start.
Support is RECOMMENDED in XEP-0440 version 0.2
|
| |
|
|
|
|
| |
Ensures the periodic cleanup really does remove expired tokens.
|
|
|
|
| |
This should ensure expired grants eventually disappear.
|
|
|
|
|
|
|
|
|
|
| |
Generally it is expected that a grant would have at least one token as
long as the grant is in active use.
Refresh tokens issued by mod_http_oauth2 have a lifetime of one week by
default, so the idea here is that if that refresh token expired and
another week goes by without the grant being used, then the whole grant
can be removed.
|
| |
|
| |
|
|
|
|
| |
Use of datetime was removed in 6ac5ad578565
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Suggested by jstein in the chat
This option label is used by XMPP clients to explain what the option does.
a) The user should know where the data is archived.
b) The user needs a statement that can be enabled/disabled by the variable. A question would have the wrong logic here.
|
| |
| |
| |
| | |
Does this run in a thread?
|
| |
| |
| |
| |
| | |
This ensures that all interactions with storage happen inside an async
thread, allowing async waiting to be performed in storage drivers.
|
| |
| |
| |
| |
| |
| |
| | |
Maybe it is better to run daily and weekly tasks 'now' on the theory
that people set these things up during times that are appropriate for
maintenance already, so the same time next day or next week might be
fine for periodic cleanup.
|
| |
| |
| |
| | |
Fixes "Could not delete messages for room 'x': (nil)"
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This method would previously never delete the first (and only) item
since it works out which item should become the first item after the
trim operation, which doesn't make sense when all should be removed.
This also works as an optimization for when all the last item should be
trimmed, thus items should be removed.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Behavior change: It becomes up to the authorization module whether to
allow requests. The default, mod_authz_internal, will allow users on the
*parent* host only, breaking use by some components.
Remaining question is whether to deprecate the `http_file_share_access`
setting or leave as a way to complement/bypass access control?
|
| |
| |
| |
| |
| |
| | |
Thought it was a case mismatch at first, fixed that, but it changed
nothing because the error was in the leaf part of the errors, not the
chain part.
|
| |
| |
| |
| |
| |
| | |
This removes the need to configure e.g. http_external_url or similar
settings in order to get correct URLs out of prosodyctl, as the API
depends on portmanager to know the actual ports that are used.
|
| |
| |
| |
| |
| |
| | |
This appears to have been a copy-paste of the grant revocation function,
or maybe the other way around. Either way, it deleted the whole grant
instead of the individual token as might be expected.
|
| |
| |
| |
| |
| | |
Using util.dependencies appeared to cause problems with running tests in
Busted, so this also removes that and uses pcall directly.
|
| |
| |
| |
| |
| | |
Probably a workaround for the lack of argument passing when using xpcall
in Lua 5.1, no longer relevant.
|
| |
| |
| |
| |
| |
| | |
This communicates the accepted values in case the config diverges from
them. Note that older documentation used an "admin" value behaving like
an alias to true, but this is no longer handled. Should it?
|
| |
| |
| |
| |
| | |
Passing something from module:get_option() to ipairs() suggests that the
option is a list of some sort.
|
| | |
|
| |
| |
| |
| | |
Because it makes sense and improves feedback via logging
|
| |
| |
| |
| | |
Missed this one in previous sweep
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
Missed this one, was probably only looking for get_option_number
|
| | |
|
| |
| |
| |
| | |
Since it doesn't actually do strict typing :)
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Many of these fall into a few categories:
- util.cache size, must be >= 1
- byte or item counts that logically can't be negative
- port numbers that should be in 1..0xffff
|
| |
| |
| |
| | |
Improves readability ("1 day" vs 86400) and centralizes validation.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Using the new shift function in datamanager, either the oldest items are
removed or all the later items are moved into a new file that replaces
the old.
Hidden behind a feature flag for now.
|
|\| |
|
| |
| |
| |
| | |
Fixes use in PEP where the JID does not equal the bare domain.
|
| |
| |
| |
| |
| |
| | |
Removed in 536055476912 because it was not used anywhere else in the
file, but per the documentation it is meant to inform external upload
services of the expiry time of the upload itself.
|
| |
| |
| |
| |
| |
| |
| | |
This gives us more granular control over different types of user account.
Accounts registered by IBR get assigned prosody:registered by default, while
accounts provisioned by an admin (e.g. via prosodyctl shell) will receive
prosody:member by default.
|
| |
| |
| |
| |
| |
| | |
Overrides the util.jwt default of 1h with the intended TTL of 10
minutes. Because util.jwt now has its own expiry checks, so the 'expiry'
field is no longer used and can thus be removed.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This makes it so that --admin and --role are no longer mutually
exclusive, they the former is simply treated as another --role.
This was likely a leftover from when only a single role was possible.
It does however become unclear which should be the primary, since the
order is not preserved by argparse.
Bonus: Loading of modules is avoided with only the --help is shown.
|
| |
| |
| |
| | |
Forgot to change the column name in 9a7523ea45cb
|