aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* | mod_invites_register: Allow roles to be an ordered list, first being primaryKim Alvefur2023-03-301-1/+14
| | | | | | | | | | | | Part of an update to mod_invites and friends to the new authz and roles. Invites with roles in the old way will need to be migrated, but with invites often being short lived it is probably not a long-lived problem.
* | mod_tokenauth: Add API to inspect individual grants or all of a user's grantsMatthew Wild2023-03-291-0/+18
| |
* | mod_tokenauth: Move grant validation to a reusable functionMatthew Wild2023-03-291-6/+25
| |
* | mod_tokenauth: fix traceback if password has never been changedJonas Schäfer2023-03-281-1/+1
| | | | | | | | | | By checking the password_updated_at for non-nilness before using it, we avoid a nasty crash :-).
* | mod_tokenauth: Fire events on grant creation and revocationMatthew Wild2023-03-281-1/+13
| |
* | mod_tokenauth: Fix storage API mistake in revocationKim Alvefur2023-03-281-1/+1
| |
* | mod_tokenauth: Fix traceback when checking expiry of tokens with no expiryMatthew Wild2023-03-271-1/+2
| |
* | mod_tokenauth: Refactor API to separate tokens and grantsMatthew Wild2023-03-271-115/+92
| | | | | | | | | | | | | | This is another iteration on top of the previous sub-tokens work. Essentially, the concept of a "parent token" has been replaced with the concept of a "grant" to which all tokens now belong. The grant does not have any tokens when first created, but the create_token() call can add them.
* | mod_tokenauth: Support for creating sub-tokensMatthew Wild2023-03-261-22/+110
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Properties of sub-tokens: - They share the same id as their parent token - Sub-tokens may not have their own sub-tokens (but may have sibling tokens) - They always have the same or shorter lifetime compared to their parent token - Revoking a parent token revokes all sub-tokens - Sub-tokens always have the same JID as the parent token - They do not have their own 'accessed' property - accessing a sub-token updates the parent token's accessed time Although this is a generic API, it is designed to at least fill the needs of OAuth2 refresh + access tokens (where the parent token is the refresh token and the sub-tokens are access tokens).
* | mod_tokenauth: return error if storage of new token failsMatthew Wild2023-03-261-1/+4
| |
* | core.usermanager: Correct formatting of not implemented errorKim Alvefur2023-03-261-1/+1
| | | | | | | | Spaces, no hyphen, apparently.
* | mod_admin_shell: Enable user after creation with roleKim Alvefur2023-03-261-0/+5
| | | | | | | | | | Fixes that otherwise the user was created in a disabled state and left as such.
* | mod_admin_shell: Simplify user creation when no role givenKim Alvefur2023-03-261-8/+16
| | | | | | | | | | | | Idea here is to prevent a user from being created with the default role if a different role was given, but that dance wouldn't be needed if no role is provided.
* | mod_server_contact_info: Reorder dataform keys for more aligned viewKim Alvefur2023-03-241-9/+10
| |
* | mod_tokenauth: Track last access time (last time a token was used)Matthew Wild2023-03-241-3/+15
| |
* | plugins: Prefix module imports with prosody namespaceKim Alvefur2023-03-24100-503/+503
| |
* | mod_debug_reset: Remove unused importMatthew Wild2023-03-231-1/+0
| |
* | mod_debug_reset: New module to "reset" a running server (e.g. for testing)Matthew Wild2023-03-231-0/+41
| | | | | | | | Plan to use this for integration tests.
* | mod_pep: Pass node/service objects to broadcaster when resending last itemMatthew Wild2023-03-221-1/+1
| | | | | | | | | | | | This gives the broadcaster access to the node configuration, which is now important for itemreply. It probably also fixes a bug with the notify_* node config options?
* | mod_pubsub/pubsub.lib: Fix accidental name/var swap (thanks scansion)Matthew Wild2023-03-221-2/+2
| |
* | mod_pubsub, mod_pep: Support per-node configurable inclusion of publisherMatthew Wild2023-03-223-4/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This matches ejabberd's behaviour, using the 'pubsub#itemreply' config option. Although the current definition of this option in the specification is not as clear as it could be, I think matching what existing deployments do is the best option to resolve the ambiguity and reduce fragmentation. We should update the spec to be clearer about how to use and interpret this option. The 'expose_publisher' option for mod_pubsub is now an override (always expose or never expose). If unset, it will use the per-node config (which defaults to not exposing). Thanks to Link Mauve, edhelas and goffi for sparking this feature.
* | mod_tokenauth: Fix traceback in get_token_session()Kim Alvefur2023-03-211-2/+2
| | | | | | | | | | | | | | Errors in sha256 becasue `token_secret` is nil since it was not passed to _get_validated_token_info(). Looks like a simple oversight in ebe3b2f96cad
* | mod_tokenauth: Switch to new token format (invalidates existing tokens!)Matthew Wild2023-03-211-14/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The new format has the following properties: - 5 bytes longer than the previous format - The token now has separate 'id' and 'secret' parts - the token itself is no longer stored in the DB, and the secret part is hashed - The only variable length field (JID) has been moved to the end - The 'secret-token:' prefix (RFC 8959) is now included Compatibility with the old token format was not maintained, and all previously issued tokens are invalid after this commit (they will be removed from the DB if used).
* | mod_tokenauth: Log error when token validation failsMatthew Wild2023-03-211-0/+3
| |
* | mod_auth_internal_plain: Fix user creation done via mod_admin_shellVitaly Orekhov2023-03-211-1/+4
| | | | | | | | | | | | | | | | | | Following the new behavior in auth_internal_hashed (c8f59ce7d3cf), the account will be created and disabled, instead of returning an error telling password being nil when calling saslprep(). Note that mod_auth_internal_plain does not have full support for enabled/disabled accounts, but that may be fixed in subsequent commits.
* | mod_auth_internal_hashed: Shorten call pathKim Alvefur2023-03-181-3/+2
| | | | | | | | | | Why did it call a function defined in the same module through usermanager?
* | util.sasl.oauthbearer: Return username from callback instead using authzid (BC)Kim Alvefur2023-03-161-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | RFC 6120 states that > If the initiating entity does not wish to act on behalf of another > entity, it MUST NOT provide an authorization identity. Thus it seems weird to require it here. We can instead expect an username from the token data passed back from the profile. This follows the practice of util.sasl.external where the profile callback returns the selected username, making the authentication module responsible for extracting the username from the token.
* | mod_auth_internal_hashed: Record time of account disable / re-enableKim Alvefur2023-03-121-0/+2
| | | | | | | | Could be useful for e.g. #1772
* | mod_admin_shell: Limit module dependency listings to loaded on current hostKim Alvefur2023-03-101-2/+9
| | | | | | | | | | | | E.g. module:info("http") with many http modules loaded would show a lot of duplication, as each module would be listed for each host, even if not actually enabled on that host.
* | mod_authz_internal: Fix wrong role name field in user_can_assume_role()Kim Alvefur2023-03-091-1/+1
| | | | | | | | | | Made it reject the primary role since it compares against a non-existent field, i.e. nil.
* | Merge 0.12->trunkKim Alvefur2023-03-051-3/+7
|\|
| * mod_http: Unhook CORS handlers only if active (fixes #1801)Kim Alvefur2023-03-051-3/+7
| |
* | mod_admin_shell: Show reverse dependencies in module:info()Kim Alvefur2023-03-051-0/+6
| | | | | | | | Why was this module loaded? Now you can find out!
* | authz: Add method for retrieving all rolesKim Alvefur2023-03-041-0/+4
| | | | | | | | | | | | | | | | Some of the OAuth stuff highlights a small need to retrieve a list of roles somehow. Handy if you ever need a role selector in adhoc or something. Unless there's some O(n) thing we were avoiding?
* | mod_tokenauth: Fix misplaced closing parenthesisKim Alvefur2023-03-021-1/+1
| | | | | | | | `type(x ~= y)` is always a string, thus truthy
* | mod_tokenauth: Gracefully handle missing tokensMatthew Wild2023-03-011-0/+1
| |
* | mod_auth_internal_hashed: Add oauthbearer handler to our SASL profileMatthew Wild2023-03-011-1/+4
| |
* | mod_tokenauth: Add SASL handler backend that can accept and verify tokensMatthew Wild2023-03-011-0/+18
| | | | | | | | | | This is designed for use by other modules that want to accept tokens issued by mod_tokenauth, without duplicating all the necessary logic.
* | mod_tokenauth: Add some sanity checking of the new optional parametersMatthew Wild2023-03-011-0/+4
| |
* | mod_tokenauth: Add 'purpose' constraintMatthew Wild2023-03-011-1/+2
| | | | | | | | | | | | | | | | | | | | This allows tokens to be tied to specific purposes/protocols. For example, we shouldn't (without specific consideration) allow an OAuth token to be dropped into a slot expecting a FAST token. While FAST doesn't currently use mod_tokenauth, it and others may do in the future. It's better to be explicit about what kind of token code is issuing or expecting.
* | mod_saslauth: Support for SASL handlers forcing a specific resourceMatthew Wild2023-03-011-2/+4
| | | | | | | | The token layer supports tokens that are tied to a given resource.
* | mod_admin_adhoc: Add XEP-0133 commands to Disable and Re-Enable usersKim Alvefur2023-02-231-0/+66
| | | | | | | | Enables UI in clients supporting XEP-0050
* | mod_admin_shell: Add commands to disable and enable accountsKim Alvefur2023-02-231-0/+32
| | | | | | | | First proper UI to enable/disable, allowing it to be tested.
* | mod_c2s: Disconnect accounts when they are disabledKim Alvefur2023-02-231-0/+1
| | | | | | | | | | | | | | | | We decided that at the first stage, accounts that are disabled should simply be prevented from authenticating, thus they should also be prevented from having connected sessions. Since this is aimed to be a moderation action for cases of abuse, they shouldn't be allowed to continue being connected.
* | mod_auth_internal_hashed: Implement methods to enable and disable usersKim Alvefur2023-02-231-4/+9
| |
* | mod_auth_internal_hashed: Implement is_enabled() methodKim Alvefur2023-02-231-3/+5
| | | | | | | | Uses 'disabled' property already introduced in aed38948791f
* | mod_auth_internal_hashed: Add stub methods for enabling and disabling usersKim Alvefur2023-02-221-0/+8
| | | | | | | | But how and where?
* | mod_auth_internal_hashed: Refactor to prepare for disabling usersKim Alvefur2023-02-221-2/+7
| | | | | | | | | | | | Moving this out will make space for a dynamic check whether a particular user is disabled or not, which is one possible response to abuse of account privileges.
* | Merge 0.12->trunkMatthew Wild2023-02-201-0/+3
|\|
| * mod_websocket: Fire pre-session-close event (fixes #1800)0.12.3Matthew Wild2023-02-201-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This event was added in a7c183bb4e64 and is required to make mod_smacks know that a session was intentionally closed and shouldn't be hibernated (see fcea4d9e7502). Because this was missing from mod_websocket's session.close(), mod_smacks would always attempt to hibernate websocket sessions even if they closed cleanly. That mod_websocket has its own copy of session.close() is something to fix another day (probably not in the stable branch). So for now this commit makes the minimal change to get things working again. Thanks to Damian and the Jitsi team for reporting.