mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-03 21:27:38 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions
12950 commits 12 branches 100 tags 40 MiB
Commit graph

12950 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kim Alvefur
93ddf6892c prosody.loader: Ensure already loaded modules are found in old and new namespaces 
Prevents modules being initialized twice, ensuring that
require"prosody.util.foo" == require"util.foo"
 2023-03-17 15:11:26 +01:00
Kim Alvefur
d06cc5176b prosody.loader: Incorporate search path rewrite patch from Debian packages 
Nice to drop that patch.

Will allow loading this to do something both when installed under a
prosody directory or from a source checkout.
 2023-03-17 14:36:02 +01:00
Kim Alvefur
d33f55156b prosody.loader: Allow loading modules under 'prosody' namespace (#1223) 
Actually `hg mv`-ing all the files is disruptive, basically breaking
everything from rebasing all my WIP draft commits to the package
building. So instead, what if we didn't and instead rewrote package
names as they are `require()`-d?

Debian packages produced by the Prosody are already installed into this
structure so much will Just Work if all require calls are updated.
 2023-03-17 13:51:43 +01:00
Kim Alvefur
9dd7ce434d mod_auth_internal_hashed: Shorten call path 
Why did it call a function defined in the same module through
usermanager?
 2023-03-18 16:13:32 +01:00
Kim Alvefur
c11d121c06 util.sasl.{scram,plain}: Pass authzid to SASL profile callback 
For potential future use.

Used for logging into a different account than the one used for
authentication.
 2023-03-16 13:57:30 +01:00
Kim Alvefur
f23ad827a3 util.jsonschema: Disable some further new failing tests 
Absolute references, weird fractions, unevaluatedProperties???
 2023-03-11 12:12:49 +01:00
Kim Alvefur
fc0e882e29 util.jsonschema: Ignore some new tests in test suite 
These seem to be using absolute URI references, Not Yet Implemented
 2023-03-11 12:01:17 +01:00
Matthew Wild
7a6d2e1226 util.table: Expand table.move() tests (thanks mutation testing) 2023-03-17 17:06:05 +00:00
Kim Alvefur
b156f013c4 util.sasl.scram: Fix off-by-one indentation 2023-03-16 13:52:22 +01:00
Kim Alvefur
2331fc8b65 util.sasl.oauthbearer: Adjust parsing of GS2 to allow lack of authzid 
Partly copied from util.sasl.scram and then reduced a bit.
 2023-03-16 13:45:49 +01:00
Kim Alvefur
8aecd19812 doap: Sort by XEP number 
To keep them sorted.

Not pedantic at all!
 2023-03-16 13:20:19 +01:00
Kim Alvefur
566a991f84 util.sasl.oauthbearer: Return username from callback instead using authzid (BC) 
RFC 6120 states that
>  If the initiating entity does not wish to act on behalf of another
>  entity, it MUST NOT provide an authorization identity.

Thus it seems weird to require it here.  We can instead expect an
username from the token data passed back from the profile.

This follows the practice of util.sasl.external where the profile
callback returns the selected username, making the authentication module
responsible for extracting the username from the token.
 2023-03-16 12:18:23 +01:00
Matthew Wild
944c25f352 util.sasl.oauthbearer: Fix syntax error in b796e08e6376 2023-03-15 12:02:23 +00:00
Matthew Wild
9dedc78f3c util.sasl.oauthbearer: Attach token_info to sasl handler 
This allows token-aware things to access extra information about the
authentication, such as when the token is due to expire and the attached
custom 'data'.
 2023-03-15 09:41:38 +00:00
Kim Alvefur
adb37b8272 util.ip: Add Teal interface description 2023-03-14 19:46:46 +01:00
Matthew Wild
55106e91ce util.ip: Tests for truncate() 2023-03-14 18:40:16 +00:00
Kim Alvefur
5afb393d53 mod_auth_internal_hashed: Record time of account disable / re-enable 
Could be useful for e.g. #1772
 2023-03-12 01:24:59 +01:00
Matthew Wild
84c0204ea2 util.ip: Add ip.truncate() to return a new IP with only the prefix of another 2023-03-14 18:24:58 +00:00
Matthew Wild
3eedf79c8b util.ip: Add is_ip() helper method to detect if an object is an ip object 2023-03-14 18:23:33 +00:00
Kim Alvefur
9c8b2f5099 doap: Add RFC 7628 introduced in ab1164eda011 2023-03-12 13:05:50 +01:00
Kim Alvefur
b64d6afeab util.jwt: Import definition of key from util.crypto 
Turns out we had a definition of that already
 2023-03-10 13:58:43 +01:00
Kim Alvefur
7623bc24de util.jwt: Fixup argument and type order 2023-03-10 13:58:14 +01:00
Kim Alvefur
c425da3c6a mod_admin_shell: Limit module dependency listings to loaded on current host 
E.g. module:info("http") with many http modules loaded would show a lot
of duplication, as each module would be listed for each host, even if
not actually enabled on that host.
 2023-03-10 12:33:02 +01:00
Kim Alvefur
4fa75289f6 util.jwt: Document interface as Teal definition file 2023-03-10 10:55:50 +01:00
Kim Alvefur
cb65c58950 mod_authz_internal: Fix wrong role name field in user_can_assume_role() 
Made it reject the primary role since it compares against a non-existent
field, i.e. nil.
 2023-03-09 16:02:55 +01:00
Kim Alvefur
11a3373e89 Merge 0.12->trunk 2023-03-05 15:45:44 +01:00
Kim Alvefur
0890b20fbf mod_http: Unhook CORS handlers only if active (fixes #1801) 2023-03-05 15:45:01 +01:00
Kim Alvefur
283322543e mod_admin_shell: Show reverse dependencies in module:info() 
Why was this module loaded? Now you can find out!
 2023-03-05 14:08:26 +01:00
Kim Alvefur
32445b3082 core.moduleapi: Record reverse dependencies 
Useful to know why a module was auto-loaded without having to dig trough
all other modules for the one that depends on it.
 2023-03-05 14:07:08 +01:00
Kim Alvefur
4d46c27840 authz: Add method for retrieving all roles 
Some of the OAuth stuff highlights a small need to retrieve a list of
roles somehow. Handy if you ever need a role selector in adhoc or
something.

Unless there's some O(n) thing we were avoiding?
 2023-03-04 18:40:43 +01:00
Kim Alvefur
7b7cad2b66 mod_tokenauth: Fix misplaced closing parenthesis 
`type(x ~= y)` is always a string, thus truthy
 2023-03-02 22:34:29 +01:00
Kim Alvefur
aabfdaf01a util.sasl.oauthbearer: Fix traceback on authz in unexpected format 
E.g. if you were to just pass "username" without @hostname, the split
will return nil, "username" and the nil gets passed to saslprep() and it
does not like that.
 2023-03-02 14:37:46 +01:00
Matthew Wild
9e02d322d8 mod_tokenauth: Gracefully handle missing tokens 2023-03-01 18:43:54 +00:00
Matthew Wild
4ce832123e mod_auth_internal_hashed: Add oauthbearer handler to our SASL profile 2023-03-01 13:05:17 +00:00
Matthew Wild
b435f6d52a mod_tokenauth: Add SASL handler backend that can accept and verify tokens 
This is designed for use by other modules that want to accept tokens issued
by mod_tokenauth, without duplicating all the necessary logic.
 2023-03-01 13:04:36 +00:00
Matthew Wild
f3d152eb1b mod_tokenauth: Add some sanity checking of the new optional parameters 2023-03-01 13:02:51 +00:00
Matthew Wild
a58a6d2317 mod_tokenauth: Add 'purpose' constraint 
This allows tokens to be tied to specific purposes/protocols. For example, we
shouldn't (without specific consideration) allow an OAuth token to be dropped
into a slot expecting a FAST token.

While FAST doesn't currently use mod_tokenauth, it and others may do in the
future. It's better to be explicit about what kind of token code is issuing or
expecting.
 2023-03-01 13:01:21 +00:00
Matthew Wild
16137b3b14 mod_saslauth: Support for SASL handlers forcing a specific resource 
The token layer supports tokens that are tied to a given resource.
 2023-03-01 12:56:08 +00:00
Matthew Wild
6db4afa0c3 util.sasl: Add SASL OAUTHBEARER mechanism (RFC 7628) 2023-03-01 12:55:00 +00:00
Kim Alvefur
d5661f1de3 mod_admin_adhoc: Add XEP-0133 commands to Disable and Re-Enable users 
Enables UI in clients supporting XEP-0050
 2023-02-23 18:39:02 +01:00
Kim Alvefur
087ffc7f32 CHANGES: Mention new ability to disable and enable user accounts 2023-02-23 18:11:15 +01:00
Kim Alvefur
701fb4fce0 mod_admin_shell: Add commands to disable and enable accounts 
First proper UI to enable/disable, allowing it to be tested.
 2023-02-23 18:10:06 +01:00
Kim Alvefur
893dce647b mod_c2s: Disconnect accounts when they are disabled 
We decided that at the first stage, accounts that are disabled should
simply be prevented from authenticating, thus they should also be
prevented from having connected sessions.  Since this is aimed to be a
moderation action for cases of abuse, they shouldn't be allowed to
continue being connected.
 2023-02-23 16:28:57 +01:00
Kim Alvefur
bb65a83696 core.usermanager: Fire events when enabling and disabling users 
Allow modules to act on this state change, e.g. kick accounts etc.
 2023-02-23 16:25:31 +01:00
Kim Alvefur
931c14e50b core.usermanager: Add methods for enabling and disabling users 
Calling into the auth module, where available.
 2023-02-23 16:24:41 +01:00
Kim Alvefur
ef6ad34029 core.usermanager: Add Teal description file 2023-02-23 16:04:02 +01:00
Kim Alvefur
fe206323b5 mod_auth_internal_hashed: Implement methods to enable and disable users 2023-02-23 14:44:35 +01:00
Kim Alvefur
96acef2170 mod_auth_internal_hashed: Implement is_enabled() method 
Uses 'disabled' property already introduced in aed38948791f
 2023-02-23 14:34:10 +01:00
Kim Alvefur
9c49ca70fd util.prosodyctl.check: Suggest 'http_cors_override' instead of older CORS settings 
The cross_domain_* settings were added here prior to http_cors_override
being added back in 17d87fb2312a, so for a time there was no
replacement, but now there is.
 2023-02-22 22:27:42 +01:00
Kim Alvefur
4704e98af6 mod_auth_internal_hashed: Add stub methods for enabling and disabling users 
But how and where?
 2023-02-22 15:32:40 +01:00