From fc68c36454b50b526b4877c2dd30d01ef8bc8526 Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Fri, 29 May 2009 18:04:53 +0100
Subject: mod_legacyauth: Hide stream feature when secure auth is enabled, and
 session isn't secure

---
 plugins/mod_legacyauth.lua | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua
index f1ffef34..8bff51fe 100644
--- a/plugins/mod_legacyauth.lua
+++ b/plugins/mod_legacyauth.lua
@@ -19,7 +19,12 @@ local usermanager = require "core.usermanager";
 
 module:add_feature("jabber:iq:auth");
 module:add_event_hook("stream-features", function (session, features)
-	if not session.username then features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up(); end
+	if secure_auth_only and not session.secure then
+		-- Sorry, not offering to insecure streams!
+		return;
+	elseif not session.username then
+		features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up();
+	end
 end);
 
 module:add_iq_handler("c2s_unauthed", "jabber:iq:auth", 
-- 
cgit v1.2.3