Where gethostname or tohostname returns an invalid name, e.g. containing
underscores or something, to_ascii would reject this and return nil,
which triggers an error in the dns lookup.
Reported by prova2 in the chat, for whom tohostname returned a long name
containing underscores.
Rationale: See diffstat
When this module is imported, it ends up calling stty via term_width()
in util.human.io.table(). When this happens outside of a terminal, the
following message is sent to stdout:
stty: 'standard input': Inappropriate ioctl for device
Not importing this module avoids that.
Furthermore three is value in this module having minimal dependencies as
they might not be available when it does the checks.
Ref a1fed82c44b9
This could be of help when configuring reverse proxies, as it is the
internal URL the proxy must point at.
Argument treated as an enum "internal" "external"(default) to allow for
future extensibility.
Since these are noisy and we have the thing in util.helpers to log
events fired.
The new status line events are meant to replace these as they include
more useful info.
If a grant does not have a role, we should not go and make one up.
While not very useful for XMPP if you can't even login, it may be useful
for OAuth2/OIDC.
Since throwing a pile of 'access denied', even at debug level, seems
akin to calling wolf :)
Cutting down on debug noise is also good.
Passing a flag instead of using module:could seemed easier here.
Closing the session invokes ondisconnect and session close logic,
including mod_smacks hibernation and the timer that destroys the session
after a timeout.
By closing the connection after it has been detached from the sessions
table it will no longer invoke the ondetach handler, which should
prevent the above problem.
The (still not published) XEP-xxxx: Stream Limits Advertisement uses the
element <max-bytes/> to advertise the maximum octet size of top level
stream elements. "size" was probably a leftover of an even earlier
version of the (Proto)XEP.
It should not be there afterwards. Noticed that it seems to fire some
time after resumption claiming that the queue size is nil, implying
that it may hold a reference to an expired session somehow.
Removes some dead code and hopefully simplifies a bit.
There's a tree of possibilities with the two tri-state status
properties, something like
chain:
* nil -- cert validation disabled?
* invalid -- something wrong with the chain (including ee cert)
* valid -- chain ok
cert:
* nil -- incomplete validation??
* invalid -- mismatched names or such
* valid -- all good!
Previous version of this patch used 'patternProperties' but that would
only work with simpler ECMA-262 regular expressions are also valid Lua
patterns.
This doesn't fail because of additionalProperties, looks more like some
issue with recursive definitions and util.jsonpointer that I don't want
feel like investigating now.
Error stanzas should have an <error> element, but if you pass a
stanza without one to util.error.from_stanza() it triggers an attempt to
index a nil value, which this patch avoids.
In the conditional, it should be safe to assume error_tag is non-nil
since condition can't have those values then.
It is the other end who should request client certificates for these
connections, we only need to send ours. Hopefully this was treated as a
noop, so probably no harm in keeping it. But hey, spring cleaning? :)
Was previously supposed to be conditionally advertised based on
availability of a module handling the actual optimizations, which was
removed in be9ac41f1619
Fixes parsing of tokens that happen to have a `;` in their secret part,
otherwise it splits there and the later bit goes into the username and
hitting the "Invalid token in storage" condition.
Some tokens, e.g. OAuth2 refresh tokens, might not have their lifetime
explicitly bounded here, but rather be bounded by the lifetime of
something else, like the OAuth2 client.
Open question: Would it be better to enforce a lifetime on all tokens?
