Kim Alvefur <zash@zash.se> [Wed, 29 Mar 2023 17:55:29 +0200] rev 5295
Merge accidental extra head
One does not simply rebase public mercurial changesets
Jonas Schäfer <jonas@wielicki.name> [Wed, 29 Mar 2023 17:52:21 +0200] rev 5294
mod_vcard_muc: take roles into account for access check
This allows admins on the MUC component to force-set avatars, even
if they are not owners in a particular MUC, similar to how they
are granted auto-ownership in other contexts.
Jonas Schäfer <jonas@wielicki.name> [Wed, 29 Mar 2023 17:21:45 +0200] rev 5293
mod_authz_delegate: introduce module to "link" authorization of hosts
See the readme :-).
Motivation is allowing Snikket admins to change circle avatars via
the web portal without bypassing Prosody access checks.
Jonas Schäfer <jonas@wielicki.name> [Wed, 29 Mar 2023 17:21:45 +0200] rev 5292
mod_authz_delegate: introduce module to "link" authorization of hosts
See the readme :-).
Motivation is allowing Snikket admins to change circle avatars via
the web portal without bypassing Prosody access checks.
Matthew Wild <mwild1@gmail.com> [Wed, 29 Mar 2023 16:13:42 +0100] rev 5291
mod_sasl2_fast: Add an API that allows modules to check if a client has FAST
Matthew Wild <mwild1@gmail.com> [Wed, 29 Mar 2023 16:13:00 +0100] rev 5290
mod_sasl2_fast: Add flag to FAST sasl_handler for easier identification
Other code that looks at session.sasl_handler can now detect if a client used
FAST to authenticate.
Matthew Wild <mwild1@gmail.com> [Wed, 29 Mar 2023 16:12:15 +0100] rev 5289
mod_sasl2_fast: Fix harmless off-by-one error (invalidates existing tokens!)
Problem:
This was causing the key to become "<token>--cur" instead of the expected
"<token>-cur". As the same key was used by the code to both set and get, it
still worked.
Rationale for change:
Although it worked, it's unintended, inconsistent and messy. It increases the
chances of future bugs due to the unexpected format.
Side-effects of change:
Existing '--cur' entries will not be checked after this change, and therefore
existing FAST clients will fail to authenticate until they attempt password
auth and obtain a new FAST token.
Existing '--cur' entries in storage will not be cleaned up by this commit, but
this is considered a minor issue, and okay for the relatively few FAST
deployments.
Kim Alvefur <zash@zash.se> [Tue, 28 Mar 2023 21:04:23 +0200] rev 5288
mod_http_admin_api: Fix missing import
Forgot in previous commit
Kim Alvefur <zash@zash.se> [Tue, 28 Mar 2023 20:45:11 +0200] rev 5287
mod_http_admin_api: Tweak token session to please module:may()
module:may() checks for type == "c2s", but mod_tokenauth does not
currently include that or most common session properties.
Fixes a traceback resulting from a different code path where
module:may() tries to index event.stanza, which does not exist for http
events.
Matthew Wild <mwild1@gmail.com> [Tue, 28 Mar 2023 12:43:05 +0100] rev 5286
mod_sasl2_fast: Invalidate tokens issued prior to last password change