| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Some tokens, e.g. OAuth2 refresh tokens, might not have their lifetime
explicitly bounded here, but rather be bounded by the lifetime of
something else, like the OAuth2 client.
Open question: Would it be better to enforce a lifetime on all tokens?
|
|
|
|
| |
Consistency is nice.
|
|
|
|
| |
Applying this for s2s:close[all]() would also be nice.
|
|
|
|
|
|
|
| |
This was meant to warn in case you had only mod_csi without a logic
handling module like mod_csi_simple by checking if anything hooked this
event, however mod_smacks also hooks this event and so this isn't really
a useful way of detecting this condition.
|
|
|
|
|
|
|
|
| |
a863e4237b91 unintentionally changed the format of HTTP CORS headers,
which were apparently relying on the output of tostring(), which it
shouldn't have.
Explicitly serializing it this time.
|
|
|
|
|
|
|
|
|
| |
We had config:get() but not this.
> <MattJ> Yeah, why did we never implement that?
Handy if you want to quickly try out settings without reloading the
whole config.
|
|
|
|
|
| |
E.g. if you want to show connections to/from a domain, including its
subdomains, this is handy.
|
|
|
|
|
|
| |
Updated by Zash, the original patch by Jonas had put the duration
parsing function in util.datetime but MattJ later did the same thing but
differently in f4d7fe919969
|
|
|
|
|
|
| |
Updated by Zash, the original patch by Jonas had put the duration
parsing function in util.datetime but MattJ later did the same thing but
differently in f4d7fe919969
|
|
|
|
|
|
|
|
| |
Since prosodyctl shell with additional arguments assumes the first two
are a section:command() and any following arguments are strings, passing
a bare 'nil' is not possible. In order to avoid delving into this rabbit
hole, instead produce a token that alone is not really a legal JID for
use as wildcard.
|
|
|
|
|
|
|
| |
IPv6 addresses can be pretty long, so if they can be more compact,
that's nice.
But nobody would disable IPv6, would they?
|
|
|
|
|
| |
These gets used for usernames, resources and other random session fields
that don't have a column definition in `available_columns`
|
|
|
|
| |
Missed the # in 93c1590b5951
|
|
|
|
| |
Reasoning: a hostname is one part, a JID is 3 parts.
|
| |
|
|
|
|
|
| |
Harder to accidentally count wrong if Lua is doing the counting on a
plausible input.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
For some unknown reason, this was required with the old mock util.time
functions prior to 012d6e7b723a.
After 012d6e7b723a, it breaks. So I'm happy to revert to not delaying
anything. This makes tests pass again.
|
|
|
|
|
|
| |
This method ends up going up for each collection and the :clear() method
is only available to global modules (see e.g. mod_c2s), while regular
per-host modules get scoped stats
|
|
|
|
|
| |
Motivation: Investigating clients that seem to forget to set CSI.
Also, of course, MORE GRAPHS!
|
|
|
|
| |
We probably want to refactor revoke_token() to use this one in the future.
|
|\ |
|
| |
| |
| |
| |
| |
| | |
There shouldn't be one here but if there is, for some reason, it's
better to close it than have it around to wake up and possibly try to
destroy the session.
|
| |
| |
| |
| |
| |
| | |
Unsure exactly how this happens, but sometimes a watchdog appears to
close a session that isn't hibernating, or hasn't hibernating long
enough.
|
| |
| |
| |
| | |
Other places doesn't have "mod_" there, why should it here?
|
| |
| |
| |
| |
| | |
Only supporting exact match on full JID isn't helpful if you want to
list sessions per host or user.
|
| |
| |
| |
| | |
For mod_invites_register to apply on user creation.
|
| |
| |
| |
| |
| |
| | |
Part of an update to mod_invites and friends to the new authz and roles.
Invites with roles in the old way will need to be migrated, but with
invites often being short lived it is probably not a long-lived problem.
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
By checking the password_updated_at for non-nilness before using it,
we avoid a nasty crash :-).
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
This is another iteration on top of the previous sub-tokens work. Essentially,
the concept of a "parent token" has been replaced with the concept of a
"grant" to which all tokens now belong. The grant does not have any tokens
when first created, but the create_token() call can add them.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Properties of sub-tokens:
- They share the same id as their parent token
- Sub-tokens may not have their own sub-tokens (but may have sibling tokens)
- They always have the same or shorter lifetime compared to their parent token
- Revoking a parent token revokes all sub-tokens
- Sub-tokens always have the same JID as the parent token
- They do not have their own 'accessed' property - accessing a sub-token
updates the parent token's accessed time
Although this is a generic API, it is designed to at least fill the needs of
OAuth2 refresh + access tokens (where the parent token is the refresh token
and the sub-tokens are access tokens).
|
| | |
|
| |
| |
| |
| | |
Spaces, no hyphen, apparently.
|
| |
| |
| |
| |
| | |
Fixes that otherwise the user was created in a disabled state and left
as such.
|
| |
| |
| |
| |
| |
| | |
Idea here is to prevent a user from being created with the default role
if a different role was given, but that dance wouldn't be needed if no
role is provided.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
Plan to use this for integration tests.
|
| |
| |
| |
| |
| |
| | |
This gives the broadcaster access to the node configuration, which is now
important for itemreply. It probably also fixes a bug with the notify_*
node config options?
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This matches ejabberd's behaviour, using the 'pubsub#itemreply' config option.
Although the current definition of this option in the specification is not
as clear as it could be, I think matching what existing deployments do is the
best option to resolve the ambiguity and reduce fragmentation.
We should update the spec to be clearer about how to use and interpret this
option.
The 'expose_publisher' option for mod_pubsub is now an override (always expose
or never expose). If unset, it will use the per-node config (which defaults to
not exposing).
Thanks to Link Mauve, edhelas and goffi for sparking this feature.
|
| |
| |
| |
| |
| |
| |
| | |
Errors in sha256 becasue `token_secret` is nil since it was not passed
to _get_validated_token_info().
Looks like a simple oversight in ebe3b2f96cad
|