From fc68c36454b50b526b4877c2dd30d01ef8bc8526 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Fri, 29 May 2009 18:04:53 +0100 Subject: mod_legacyauth: Hide stream feature when secure auth is enabled, and session isn't secure --- plugins/mod_legacyauth.lua | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua index f1ffef34..8bff51fe 100644 --- a/plugins/mod_legacyauth.lua +++ b/plugins/mod_legacyauth.lua @@ -19,7 +19,12 @@ local usermanager = require "core.usermanager"; module:add_feature("jabber:iq:auth"); module:add_event_hook("stream-features", function (session, features) - if not session.username then features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up(); end + if secure_auth_only and not session.secure then + -- Sorry, not offering to insecure streams! + return; + elseif not session.username then + features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up(); + end end); module:add_iq_handler("c2s_unauthed", "jabber:iq:auth", -- cgit v1.2.3