aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* | Merge 0.12->trunkKim Alvefur2023-12-171-0/+4
|\|
| * mod_disco: Advertise disco#info and #items on bare JIDs to fix #1664Kim Alvefur2023-12-171-0/+4
| | | | | | | | | | | | | | | | Having to add these in *there* places seems less than ideal. I would also think that advertising disco#info is a bit redundant, since it is a requirement for everything in XMPP and if it was missing you would get an error back.
* | mod_storage_internal, tests: Fix before/after combined with the 'reverse' flagMatthew Wild2023-12-121-0/+1
| |
* | mod_http_errors: Simplify CSS via built-in dark modeKim Alvefur2023-12-061-2/+2
| |
* | mod_user_account_management: Clear pending deletion if account re-enabledMatthew Wild2023-12-071-0/+6
| |
* | mod_saslauth: Fire event per SASL stepMatthew Wild2023-12-051-2/+5
| | | | | | | | | | This matches the behaviour of the newer mod_sasl2 implementation. It allows plugins to observe (and potentially, with caution, modify) the SASL exchange.
* | mod_c2s: Make c2s_timeout timer reachable to allow access from other modulesKim Alvefur2023-12-031-1/+3
| | | | | | | | E.g. the timeout could be extended under certain conditions.
* | mod_s2s: Close connection on smacks timeoutKim Alvefur2023-12-021-0/+6
| | | | | | | | | | | | | | | | | | | | | | This merges the mod_s2s_smacks_timeout behavior from prosody-modules This event is fired by mod_smacks when the connection has not responded to an ack-request for a period of time defaulting to 30 seconds, indicating that the connection has become stuck or non-responsive. Closing it prevents routing further messages via this connection and frees resources. A stuck connection may otherwise remain until for a time determined by the OS TCP subsystem, which can be quite long.
* | mod_saslauth: Fire event at start of authentication attemptKim Alvefur2023-12-011-0/+6
| | | | | | | | | | | | As extension point for rate limiting and similar checks, so they can hook a single event instead of <{sasl1}auth> or stream features, which might not be fired in case of SASL2 or e.g. HTTP based login.
* | mod_user_account_management: Fire events with a fake (not destroyed) sessionMatthew Wild2023-11-301-3/+24
| | | | | | | | | | | | | | Previously these events fired after the session had been destroyed, which removes many of the useful properties. The ones I chose to preserve here are the ones used by the community module mod_audit, which seems like a good baseline.
* | mod_cron: Rebuild with new LuaFormatter settings (tabs!)Kim Alvefur2023-11-301-77/+59
| |
* | mod_user_account_management: Add support for soft-deletion of accounts via IBRMatthew Wild2023-11-301-13/+137
| | | | | | | | | | | | | | | | | | | | | | | | When registration_delete_grace_period is set, accounts will be disabled for the specified grace period before they are fully deleted. During the grace period, accounts can be restored with the user:restore() shell command. The primary purpose is to prevent accidental or malicious deletion of a user's account, which is traditionally very easy for any XMPP client to do with a single stanza.
* | mod_cron: Update Teal source and rebuildMatthew Wild2023-11-301-77/+75
| |
* | mod_cron: Rename variable to fix shadowing (#luacheck)Matthew Wild2023-11-301-2/+2
| |
* | mod_cron: Add shell command to list registered cron tasks with statusMatthew Wild2023-11-301-0/+28
| |
* | mod_saslauth: Allow plugins to override return SASL condition/textMatthew Wild2023-11-301-1/+3
| |
* | luacheckrc, mod_http_file_share: Update for module API change (once->on_ready)Matthew Wild2023-11-301-1/+1
| |
* | usermanager, mod_auth_internal_hashed: Support metadata when disabling a userMatthew Wild2023-11-301-1/+2
| | | | | | | | | | This allows us to store a time, actor, comment and/or reason why an account was disabled, which seems a generally useful thing to support.
* | mod_mam: Use for loop in metadata queryKim Alvefur2023-11-261-4/+2
| | | | | | | | | | | | Some storage drivers will perform cleanup after the last iteration, but if only one step is taken this might be delayed until the garbage collector gets to it.
* | mod_tokenauth: Ignore invalid grants in storage that have no idMatthew Wild2023-11-291-1/+1
| |
* | mod_invites: Fix linter issuesMatthew Wild2023-11-291-4/+4
| |
* | mod_admin_shell: Fix linter issuesMatthew Wild2023-11-291-24/+26
| |
* | mod_invites: Use new shell-command APIMatthew Wild2023-11-291-22/+25
| |
* | mod_admin_shell: Remove verbose loggingMatthew Wild2023-11-291-4/+0
| |
* | mod_admin_shell: Remove timer:info() (it's been debug:timers() for some time)Matthew Wild2023-11-291-3/+0
| |
* | mod_admin_shell: Support for 'shell-command' items (global and per-host)Matthew Wild2023-11-291-0/+169
| | | | | | | | | | | | This should simplify adding shell commands from other modules, which will reduce the growth of mod_admin_shell and make it easier for community modules to expose commands too.
* | mod_admin_shell: Refactor help to data structures for extensibilityMatthew Wild2023-11-291-157/+239
| | | | | | | | | | This makes it easier for commands added by other modules to add to the help output, for example.
* | mod_storage_internal: Clear archive item count cache after experimental trimKim Alvefur2023-11-261-1/+3
| | | | | | | | | | | | | | The previous count would be invalid at this point. Should be possible to math out how many items are left, but this is left as future work.
* | mod_blocklist: Remove weak cache (and increase default LRU cache size)Kim Alvefur2023-11-261-18/+10
| | | | | | | | | | | | | | Weak tables are said to have suboptimal performance, so we might as well get replace it with an increased default LRU cache size. Sorry about the 'and'
* | mod_storage_internal: Close lazy-loading list abstraction after trimKim Alvefur2023-11-261-0/+6
| | | | | | | | Should be done here too.
* | mod_storage_internal: Only close lazy-loading list store abstractionsKim Alvefur2023-11-261-1/+3
| | | | | | | | | | Since datamanager can fall back to the old method of loading the whole list, which wouldn't come with a :close method.
* | mod_storage_internal: Close archive list after completion of iterationKim Alvefur2023-11-231-0/+1
| | | | | | | | | | This closes the two FDs that the random access list abstraction uses, otherwise they are left to the garbage collector.
* | mod_pubsub: Provide some node properties in summary template #1809Kim Alvefur2023-11-221-1/+11
| | | | | | | | | | | | Gives some access to node details which are otherwise hard to determine if you only see the plain text summary, since it is shared based on the pubsub#type setting (or payload xmlns).
* | mod_admin_shell: Fix lint [luacheck]Kim Alvefur2023-11-211-10/+8
| |
* | mod_admin_shell: Add debug:async() command to show blocked async runnersMatthew Wild2023-11-211-0/+65
| |
* | mod_s2s_auth_dane_in: Bail out on explicit service denialKim Alvefur2023-11-121-0/+1
| |
* | mod_tokenauth: Include more details in debug logsKim Alvefur2023-11-121-5/+5
| | | | | | | | | | Had a hard time following what was happening when it did not specify which grant or token was being removed.
* | mod_storage_sql: Use UUIDv7 as keysKim Alvefur2023-07-171-1/+1
| | | | | | | | | | Potentially allows sorting on those directly as they will be in increasing order.
* | mod_muc: Switch to module:could() for some implicit access control checksMatthew Wild2023-11-071-2/+2
| |
* | mod_muc: Allow guest users to list rooms by defaultMatthew Wild2023-11-071-0/+3
| |
* | mod_muc: Add :list-rooms permissionMatthew Wild2023-11-071-1/+5
| |
* | mod_tokenauth: Fix saving grants after clearing expired tokensKim Alvefur2023-11-051-4/+4
| | | | | | | | | | Previously the whole grant was deleted if it found one expired toke, which was not indented.
* | mod_s2s_auth_certs: Remove LuaSec compat that moved to net.serverKim Alvefur2023-11-041-6/+1
| |
* | muc.register: Clarify what's going on when enforcing nicknamesKim Alvefur2023-11-031-0/+2
| | | | | | | | Does this make it clearer what is going on?
* | mod_s2s: Automagically enable DANE for s2sin if 'use_dane' is enabledKim Alvefur2023-11-021-0/+6
| | | | | | | | Simplifies configuration, only one already existing boolean to flip.
* | mod_s2s_auth_dane_in: DANE support for s2sinKim Alvefur2023-11-011-0/+114
| | | | | | | | | | Complements the DANE support for outgoing connections included in net.connect
* | mod_bosh: Include stream attributes in stream-features eventMatthew Wild2023-10-281-1/+1
| | | | | | | | | | This matches what mod_c2s does, and fixes a traceback in mod_sasl2_fast when used with BOSH (that module tries to use event.stream.from).
* | mod_saslauth: Clear 'auto' from endpoint hash var, it's not a real hash ↵Matthew Wild2023-10-261-0/+1
| | | | | | | | (thanks tmolitor)
* | mod_saslauth, mod_c2s: Disable tls-server-end-point channel binding by defaultMatthew Wild2023-10-262-14/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This channel binding method is now enabled when a hash is manually set in the config, or it attempts to discover the hash automatically if the value is the special string "auto". A related change to mod_c2s prevents complicated certificate lookups in the client connection hot path - this work now happens only when this channel binding method is used. I'm not aware of anything else that uses ssl_cfg (vs ssl_ctx). Rationale for disabling by default: - Minor performance impact in automatic cert detection - This method is weak against a leaked/stolen private key (other methods such as 'tls-exporter' would not be compromised in such a case) Rationale for keeping the implementation: - For some deployments, this may be the only method available (e.g. due to TLS offloading in another process/server).
* | mod_saslauth: Fix traceback in tls-server-end-point channel bindingMatthew Wild2023-10-261-3/+8
| |