From a53ffcca735a64ed727e38d9f440a75b08b0ab9b Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Thu, 10 Feb 2022 15:48:34 +0000
Subject: mod_legacyauth: Default to require encryption

---
 plugins/mod_legacyauth.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'plugins')

diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua
index 941806d3..52f2c143 100644
--- a/plugins/mod_legacyauth.lua
+++ b/plugins/mod_legacyauth.lua
@@ -12,7 +12,7 @@ local st = require "util.stanza";
 local t_concat = table.concat;
 
 local secure_auth_only = module:get_option("c2s_require_encryption",
-	module:get_option("require_encryption"))
+	module:get_option("require_encryption", true))
 	or not(module:get_option("allow_unencrypted_plain_auth"));
 
 local sessionmanager = require "core.sessionmanager";
-- 
cgit v1.2.3


From a02e872f8651ea4729697bd7ccc88f7f952c3f04 Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Thu, 10 Feb 2022 15:49:01 +0000
Subject: mod_invites_register: Default to require encryption

In line with the Prosody-wide default change for 0.12.
---
 plugins/mod_invites_register.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'plugins')

diff --git a/plugins/mod_invites_register.lua b/plugins/mod_invites_register.lua
index e02b5bc0..9a5570ab 100644
--- a/plugins/mod_invites_register.lua
+++ b/plugins/mod_invites_register.lua
@@ -4,7 +4,7 @@ local jid_bare = require "util.jid".bare;
 local rostermanager = require "core.rostermanager";
 
 local require_encryption = module:get_option_boolean("c2s_require_encryption",
-	module:get_option_boolean("require_encryption", false));
+	module:get_option_boolean("require_encryption", true));
 local invite_only = module:get_option_boolean("registration_invite_only", true);
 
 local invites;
-- 
cgit v1.2.3


From 73d1bb12184cd5bc91c5996ecc574149d9637d73 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sat, 25 Dec 2021 16:23:40 +0100
Subject: various: Require encryption by default for real

These options have been specified (and enabled) in the default config file for
a long time. However if unspecified in the config, they were not enabled. Now
they are.

This may result in a change of behaviour for people using very old config
files that lack the require_encryption options. But that's what we want.
---
 plugins/mod_register_ibr.lua | 2 +-
 plugins/mod_s2s.lua          | 2 +-
 plugins/mod_s2s_bidi.lua     | 2 +-
 plugins/mod_saslauth.lua     | 2 +-
 plugins/mod_tls.lua          | 4 ++--
 5 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'plugins')

diff --git a/plugins/mod_register_ibr.lua b/plugins/mod_register_ibr.lua
index 83d284c8..8042de7e 100644
--- a/plugins/mod_register_ibr.lua
+++ b/plugins/mod_register_ibr.lua
@@ -18,7 +18,7 @@ local util_error = require "util.error";
 
 local additional_fields = module:get_option("additional_registration_fields", {});
 local require_encryption = module:get_option_boolean("c2s_require_encryption",
-	module:get_option_boolean("require_encryption", false));
+	module:get_option_boolean("require_encryption", true));
 
 pcall(function ()
 	module:depends("register_limits");
diff --git a/plugins/mod_s2s.lua b/plugins/mod_s2s.lua
index 836cf347..655cb599 100644
--- a/plugins/mod_s2s.lua
+++ b/plugins/mod_s2s.lua
@@ -40,7 +40,7 @@ local opt_keepalives = module:get_option_boolean("s2s_tcp_keepalives", module:ge
 local secure_auth = module:get_option_boolean("s2s_secure_auth", false); -- One day...
 local secure_domains, insecure_domains =
 	module:get_option_set("s2s_secure_domains", {})._items, module:get_option_set("s2s_insecure_domains", {})._items;
-local require_encryption = module:get_option_boolean("s2s_require_encryption", false);
+local require_encryption = module:get_option_boolean("s2s_require_encryption", true);
 local stanza_size_limit = module:get_option_number("s2s_stanza_size_limit", 1024*512);
 
 local measure_connections_inbound = module:metric(
diff --git a/plugins/mod_s2s_bidi.lua b/plugins/mod_s2s_bidi.lua
index 28e047de..addcd6e2 100644
--- a/plugins/mod_s2s_bidi.lua
+++ b/plugins/mod_s2s_bidi.lua
@@ -10,7 +10,7 @@ local st = require "util.stanza";
 local xmlns_bidi_feature = "urn:xmpp:features:bidi"
 local xmlns_bidi = "urn:xmpp:bidi";
 
-local require_encryption = module:get_option_boolean("s2s_require_encryption", false);
+local require_encryption = module:get_option_boolean("s2s_require_encryption", true);
 
 module:hook("s2s-stream-features", function(event)
 	local origin, features = event.origin, event.features;
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 212b977a..30d7acfa 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -17,7 +17,7 @@ local errors = require "util.error";
 
 local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler;
 
-local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", false));
+local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", true));
 local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false)
 local insecure_mechanisms = module:get_option_set("insecure_sasl_mechanisms", allow_unencrypted_plain_auth and {} or {"PLAIN", "LOGIN"});
 local disabled_mechanisms = module:get_option_set("disable_sasl_mechanisms", { "DIGEST-MD5" });
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 9b80486a..afc1653a 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -10,8 +10,8 @@ local create_context = require "core.certmanager".create_context;
 local rawgetopt = require"core.configmanager".rawget;
 local st = require "util.stanza";
 
-local c2s_require_encryption = module:get_option("c2s_require_encryption", module:get_option("require_encryption"));
-local s2s_require_encryption = module:get_option("s2s_require_encryption");
+local c2s_require_encryption = module:get_option("c2s_require_encryption", module:get_option("require_encryption", true));
+local s2s_require_encryption = module:get_option("s2s_require_encryption", true);
 local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false;
 local s2s_secure_auth = module:get_option("s2s_secure_auth");
 
-- 
cgit v1.2.3


From 067a0ad4d8e8831f5cac75099926d60a7bad6323 Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Thu, 10 Feb 2022 19:54:14 +0000
Subject: usermanager, mod_saslauth: Default to internal_hashed if no auth
 module specified

The default config was updated in this way long ago, but if no option was
present in the config, Prosody would load internal_plain.

This change can result in changes (for the better) for people using very old
configuration files lacking an 'authentication' setting.
---
 plugins/mod_saslauth.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'plugins')

diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 30d7acfa..ab863aa3 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -309,7 +309,7 @@ module:hook("stream-features", function(event)
 			return;
 		end
 
-		local authmod = module:get_option_string("authentication", "internal_plain");
+		local authmod = module:get_option_string("authentication", "internal_hashed");
 		if available_mechanisms:empty() then
 			log("warn", "No available SASL mechanisms, verify that the configured authentication module '%s' is loaded and configured correctly", authmod);
 			return;
-- 
cgit v1.2.3


From ab835fed13e300b3a49131296917f5038eb6c06c Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Fri, 4 Mar 2022 15:22:45 +0000
Subject: util.hex: Deprecate to/from in favour of encode/decode, for
 consistency!

---
 plugins/mod_auth_internal_hashed.lua | 2 +-
 plugins/mod_storage_xep0227.lua      | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'plugins')

diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua
index 1b0e76ed..cf851eef 100644
--- a/plugins/mod_auth_internal_hashed.lua
+++ b/plugins/mod_auth_internal_hashed.lua
@@ -14,7 +14,7 @@ local usermanager = require "core.usermanager";
 local generate_uuid = require "util.uuid".generate;
 local new_sasl = require "util.sasl".new;
 local hex = require"util.hex";
-local to_hex, from_hex = hex.to, hex.from;
+local to_hex, from_hex = hex.encode, hex.decode;
 local saslprep = require "util.encodings".stringprep.saslprep;
 local secure_equals = require "util.hashes".equals;
 
diff --git a/plugins/mod_storage_xep0227.lua b/plugins/mod_storage_xep0227.lua
index 1a7baaeb..9a3ca002 100644
--- a/plugins/mod_storage_xep0227.lua
+++ b/plugins/mod_storage_xep0227.lua
@@ -68,11 +68,11 @@ local function createOuterXml(user, host)
 end
 
 local function hex_to_base64(s)
-	return base64.encode(hex.from(s));
+	return base64.encode(hex.decode(s));
 end
 
 local function base64_to_hex(s)
-	return base64.encode(hex.from(s));
+	return base64.encode(hex.decode(s));
 end
 
 local handlers = {};
-- 
cgit v1.2.3