aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* | mod_user_account_management: Fire events with a fake (not destroyed) sessionMatthew Wild2023-11-301-3/+24
| | | | | | | | | | | | | | Previously these events fired after the session had been destroyed, which removes many of the useful properties. The ones I chose to preserve here are the ones used by the community module mod_audit, which seems like a good baseline.
* | mod_cron: Rebuild with new LuaFormatter settings (tabs!)Kim Alvefur2023-11-301-77/+59
| |
* | mod_user_account_management: Add support for soft-deletion of accounts via IBRMatthew Wild2023-11-301-13/+137
| | | | | | | | | | | | | | | | | | | | | | | | When registration_delete_grace_period is set, accounts will be disabled for the specified grace period before they are fully deleted. During the grace period, accounts can be restored with the user:restore() shell command. The primary purpose is to prevent accidental or malicious deletion of a user's account, which is traditionally very easy for any XMPP client to do with a single stanza.
* | mod_cron: Update Teal source and rebuildMatthew Wild2023-11-301-77/+75
| |
* | mod_cron: Rename variable to fix shadowing (#luacheck)Matthew Wild2023-11-301-2/+2
| |
* | mod_cron: Add shell command to list registered cron tasks with statusMatthew Wild2023-11-301-0/+28
| |
* | mod_saslauth: Allow plugins to override return SASL condition/textMatthew Wild2023-11-301-1/+3
| |
* | luacheckrc, mod_http_file_share: Update for module API change (once->on_ready)Matthew Wild2023-11-301-1/+1
| |
* | usermanager, mod_auth_internal_hashed: Support metadata when disabling a userMatthew Wild2023-11-301-1/+2
| | | | | | | | | | This allows us to store a time, actor, comment and/or reason why an account was disabled, which seems a generally useful thing to support.
* | mod_mam: Use for loop in metadata queryKim Alvefur2023-11-261-4/+2
| | | | | | | | | | | | Some storage drivers will perform cleanup after the last iteration, but if only one step is taken this might be delayed until the garbage collector gets to it.
* | mod_tokenauth: Ignore invalid grants in storage that have no idMatthew Wild2023-11-291-1/+1
| |
* | mod_invites: Fix linter issuesMatthew Wild2023-11-291-4/+4
| |
* | mod_admin_shell: Fix linter issuesMatthew Wild2023-11-291-24/+26
| |
* | mod_invites: Use new shell-command APIMatthew Wild2023-11-291-22/+25
| |
* | mod_admin_shell: Remove verbose loggingMatthew Wild2023-11-291-4/+0
| |
* | mod_admin_shell: Remove timer:info() (it's been debug:timers() for some time)Matthew Wild2023-11-291-3/+0
| |
* | mod_admin_shell: Support for 'shell-command' items (global and per-host)Matthew Wild2023-11-291-0/+169
| | | | | | | | | | | | This should simplify adding shell commands from other modules, which will reduce the growth of mod_admin_shell and make it easier for community modules to expose commands too.
* | mod_admin_shell: Refactor help to data structures for extensibilityMatthew Wild2023-11-291-157/+239
| | | | | | | | | | This makes it easier for commands added by other modules to add to the help output, for example.
* | mod_storage_internal: Clear archive item count cache after experimental trimKim Alvefur2023-11-261-1/+3
| | | | | | | | | | | | | | The previous count would be invalid at this point. Should be possible to math out how many items are left, but this is left as future work.
* | mod_blocklist: Remove weak cache (and increase default LRU cache size)Kim Alvefur2023-11-261-18/+10
| | | | | | | | | | | | | | Weak tables are said to have suboptimal performance, so we might as well get replace it with an increased default LRU cache size. Sorry about the 'and'
* | mod_storage_internal: Close lazy-loading list abstraction after trimKim Alvefur2023-11-261-0/+6
| | | | | | | | Should be done here too.
* | mod_storage_internal: Only close lazy-loading list store abstractionsKim Alvefur2023-11-261-1/+3
| | | | | | | | | | Since datamanager can fall back to the old method of loading the whole list, which wouldn't come with a :close method.
* | mod_storage_internal: Close archive list after completion of iterationKim Alvefur2023-11-231-0/+1
| | | | | | | | | | This closes the two FDs that the random access list abstraction uses, otherwise they are left to the garbage collector.
* | mod_pubsub: Provide some node properties in summary template #1809Kim Alvefur2023-11-221-1/+11
| | | | | | | | | | | | Gives some access to node details which are otherwise hard to determine if you only see the plain text summary, since it is shared based on the pubsub#type setting (or payload xmlns).
* | mod_admin_shell: Fix lint [luacheck]Kim Alvefur2023-11-211-10/+8
| |
* | mod_admin_shell: Add debug:async() command to show blocked async runnersMatthew Wild2023-11-211-0/+65
| |
* | mod_s2s_auth_dane_in: Bail out on explicit service denialKim Alvefur2023-11-121-0/+1
| |
* | mod_tokenauth: Include more details in debug logsKim Alvefur2023-11-121-5/+5
| | | | | | | | | | Had a hard time following what was happening when it did not specify which grant or token was being removed.
* | mod_storage_sql: Use UUIDv7 as keysKim Alvefur2023-07-171-1/+1
| | | | | | | | | | Potentially allows sorting on those directly as they will be in increasing order.
* | mod_muc: Switch to module:could() for some implicit access control checksMatthew Wild2023-11-071-2/+2
| |
* | mod_muc: Allow guest users to list rooms by defaultMatthew Wild2023-11-071-0/+3
| |
* | mod_muc: Add :list-rooms permissionMatthew Wild2023-11-071-1/+5
| |
* | mod_tokenauth: Fix saving grants after clearing expired tokensKim Alvefur2023-11-051-4/+4
| | | | | | | | | | Previously the whole grant was deleted if it found one expired toke, which was not indented.
* | mod_s2s_auth_certs: Remove LuaSec compat that moved to net.serverKim Alvefur2023-11-041-6/+1
| |
* | muc.register: Clarify what's going on when enforcing nicknamesKim Alvefur2023-11-031-0/+2
| | | | | | | | Does this make it clearer what is going on?
* | mod_s2s: Automagically enable DANE for s2sin if 'use_dane' is enabledKim Alvefur2023-11-021-0/+6
| | | | | | | | Simplifies configuration, only one already existing boolean to flip.
* | mod_s2s_auth_dane_in: DANE support for s2sinKim Alvefur2023-11-011-0/+114
| | | | | | | | | | Complements the DANE support for outgoing connections included in net.connect
* | mod_bosh: Include stream attributes in stream-features eventMatthew Wild2023-10-281-1/+1
| | | | | | | | | | This matches what mod_c2s does, and fixes a traceback in mod_sasl2_fast when used with BOSH (that module tries to use event.stream.from).
* | mod_saslauth: Clear 'auto' from endpoint hash var, it's not a real hash ↵Matthew Wild2023-10-261-0/+1
| | | | | | | | (thanks tmolitor)
* | mod_saslauth, mod_c2s: Disable tls-server-end-point channel binding by defaultMatthew Wild2023-10-262-14/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This channel binding method is now enabled when a hash is manually set in the config, or it attempts to discover the hash automatically if the value is the special string "auto". A related change to mod_c2s prevents complicated certificate lookups in the client connection hot path - this work now happens only when this channel binding method is used. I'm not aware of anything else that uses ssl_cfg (vs ssl_ctx). Rationale for disabling by default: - Minor performance impact in automatic cert detection - This method is weak against a leaked/stolen private key (other methods such as 'tls-exporter' would not be compromised in such a case) Rationale for keeping the implementation: - For some deployments, this may be the only method available (e.g. due to TLS offloading in another process/server).
* | mod_saslauth: Fix traceback in tls-server-end-point channel bindingMatthew Wild2023-10-261-3/+8
| |
* | mod_admin_shell: Make 'Role' column dynamically sizedKim Alvefur2023-10-261-1/+1
| | | | | | | | | | | | | | Some of the new roles don't quite fit nicely into 4 characters (excluding ellipsis). Given the ability to dynamically add additional roles from the config and possibly from modules, it seems better to just make it a relative size since we can't know how long they will be.
* | mod_saslauth: Actively close cert file after readingMatthew Wild2023-10-241-0/+1
| | | | | | | | Explicit > implicit
* | mod_saslauth: Fix read format string (thanks tmolitor)Matthew Wild2023-10-241-1/+1
| |
* | mod_cron: Make task frequencies configurable in overly generic mannerKim Alvefur2023-10-221-5/+4
| | | | | | | | Requested feature for many modules, notably MAM and file sharing.
* | mod_saslauth: Get correct 'tls-server-end-point' with new LuaSec APIKim Alvefur2022-10-231-12/+15
| | | | | | | | | | | | MattJ contributed new APIs for retrieving the actually used certificate and chain to LuaSec, which are not in a release at the time of this commit.
* | mod_c2s: Add session.ssl_cfg/ssl_ctx for direct TLS connectionsMatthew Wild2022-09-071-0/+8
| |
* | mod_saslauth: Derive hash from certificate per tls-server-end-pointKim Alvefur2021-06-291-0/+34
| | | | | | | | | | | | | | | | | | | | | | This originally used a WIP implementation of cert:sigalg(), a method to retrieve certificate signature algorithm, but it was never submitted upstream. https://github.com/Zash/luasec/tree/zash/sigalg cert:getsignaturename() was merged in https://github.com/brunoos/luasec/commit/de393417b7c7566caf1e0a0ad54132942ac4f049 XEP-0440 v0.3.0 made implementing tls-server-end-point a MUST
* | mod_saslauth: Support tls-server-end-point via manually specified hashKim Alvefur2020-12-071-0/+13
| | | | | | | | | | | | | | | | Since this channel binding method is said to enable TLS offloading then you need tell Prosody the hash (or the full cert), so this seems like a good start. Support is RECOMMENDED in XEP-0440 version 0.2
* | mod_tokenauth: Set name/description on cleanup jobKim Alvefur2023-10-211-1/+1
| |