mod_s2s_status: Add missing return (thanks Zash)

mod_c2s_conn_throttle: Reduce log level from error->info Our general policy is that "error" should never be triggerable by remote entities, and that it is always about something that requires admin intervention. This satisfies neither condition. The "warn" level can be used for unexpected events/behaviour triggered by remote entities, and this could qualify. However I don't think failed auth attempts are unexpected enough. I selected "info" because it is what is also used for other notable session lifecycle events.

mod_http_admin_api: Abort request if no valid username

mod_http_admin_api: Fix some luacheck warnings and code style issues

mod_http_admin_api: Support PATCH for user enabled status

mod_http_admin_api: Support for setting user account enabled status

mod_http_admin_api: Only include user deletion_request if account is disabled

mod_http_admin_api: Return avatar metadata from get_user_info()

mod_audit_auth: Improve user-agent building (fixes traceback)

mod_http_admin_api: Include information about pending deletion request, if any

mod_measure_active_users: Use the new mod_lastlog2 API

mod_measure_active_users: Exclude disabled user accounts from counts ...if usermanager exposes that API (it's in trunk, not 0.12).

mod_lastlog2: Fix to interpret stored data structure correctly

mod_http_admin_api: Include user account status and activity in get_user_info

mod_lastlog2: Expose API to query the last active time of a user

mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection

mod_log_sasl_mech: Handle auth event from other than mod_saslauth E.g. mod_http_oauth2

mod_http_oauth2: Add logger to "session" for auth event So many assumptions in so many other modules about auth-success/fail

mod_http_oauth2: Move some code earlier

mod_restrict_xmpp: Allow all XEP-0199 pings to self No permission to send a ping without a 'to' attribute?

mod_restrict_xmpp/README: Fix definition list rendering Pandoc wants a blank line between items.

mod_http_oauth2: Reject unparsable URLs This used to be caught by luaPattern=https:// in the schema but that's been removed for some reason

mod_http_oauth2: Return validation output added in trunk rev 72d7830505f0 It's not fun at all to try to register a client and only get back "failed schema validation", this should help with that.

mod_s2s_smacks_timeout: Add note about being merged in trunk mod_s2s

mod_http_oauth2: Handle login_hint without @hostpart Makes life easier for the client when it does not know the full JID, which might not have the same hostpart as the authorization server URL.

mod_audit: Fix querying for both user and global events Forgot to fix this before I pushed

mod_storage_s3: Fix mapping archive query limit to ?max-keys=

mod_audit: Fix error due to sub-second precision timestamps os.date() does not handle them

mod_storage_s3: Remove wrapper and original timestamp from payload (BC) Unpacking the wrapper was already removed in 66986f5271c3 so it was broken already. Just rely on the Last-Modified date instead, it's not going to be accurate if a different timestamp is passed, e.g. with migrations, but that will have to be a future problem. Perhaps the X-Amz-Meta-* can be used?

mod_storage_s3: Fix sorting items by correct field

mod_storage_s3: Fix passing of prefixes, should not be urlencoded

mod_audit: Update command to handle storing JIDs instead of only usernames

mod_client_management: Include session in the other new-client event too

luacheckrc: Replace deprecated module:once with :on_ready So that :once is warned about properly. module:once was only added in trunk so it shouldn't have gotten very far yet.

mod_restrict_xmpp: Add vcard4 PEP node to profile permission

mod_client_management: Include session in new-client event Needed by mod_audit_auth

mod_http_oauth2: Fire authentication events on login form For e.g. mod_audit_auth to use. A bit hacky because upon review many modules don't seem to handle the lack of an XMPP session in the event payload.

mod_http_oauth2: Comment on authorization code storage

mod_audit_tokens: Record events fired by mod_tokenauth in audit log

mod_audit_auth: Add audit record when a client connects that has not been seen before

mod_audit_auth: Ignore FAST authentication events by default FAST is more like a cookie that allows linking new connections to a previous (e.g. password) authentication. Since we assume that FAST tokens are secure (not user generated) and not shareable, it reduces a lot of noise by filtering out uninteresting authentication events.

mod_restrict_xmpp: Fix remaining hard-coded role name

mod_audit: Update README with new name of mod_audit_register

mod_audit_user_accounts: Renamed from mod_audit_register

mod_audit_register: Support for deregister and enable/disable events

mod_audit_status: Support writing heartbeat with async storage drivers

mod_storage_xmlarchive: Support using requested archive-id However diverging from the date-prefixed format means it will need to look through the whole archive to find a particular ID.

mod_storage_xmlarchive: Pass hostname to converter for converting all users

mod_storage_xmlarchive: Migrate all users/rooms if no JID argument given

misc: Add a basic grafterm dashboard For those of us who would rather have less JavaScript

misc: Add a Grafana dashboard

mod_storage_s3: Sort archive items by LastModified Otherwise they would get sorted by who knows what, probably the path. Also not sure if the timestamp comparisons were correct before.

mod_storage_s3: Reorder path components (BC: invalidates any existing data) keyvalue: /bucket/hostname/username/store archive: /bucket/hostname/username/store/yyyy-mm-dd/with/key

mod_storage_s3: Fix querying for basic MAM parameters I guess I was planning to hash the 'with' part but changed my mind half way through implementing and also never tested this.

luacheck: Add new module API methods from trunk See * trunk rev 4d4f9e42bcf8 * trunk rev 65fb0d7a2312 * trunk rev c9ef35fab0b1

mod_storage_s3: Implement search for set of IDs This together with the full id range query enables support for urn:xmpp:mam:2#extended in mod_mam

mod_storage_s3: Advertise full id range archive query capability

mod_audit: Use new module API for period/time ranges It was added around the same time as the parse_duration function

mod_auth_oauth_external: Fix typo

mod_storage_xmlarchive: Fix "user" iteration API Fixes use in prosody-migrator. Otherwise this particular API is not used much, or this would have been noticed before. Usually it is a different store like 'accounts' that is responsible for providing the authoritative list of users. Thanks Ge0rG for testing

mod_storage_s3: Fix storing archives for host itself (e.g. mod_audit) Fixes error due to path constructor trying to do string.gsub(nil) with missing username or with fields.

mod_register_redirect: docs: Fix typo in example (thanks melvo)

mod_sasl2_sm: Remove duplicate advertisement of stream management (thanks singpolyma)

mod_invites_page: Add support for Haiku and mobile Linux

mod_invites_page: Also remove jQuery usage in client page

mod_invites_page: Stop displaying the QRCode to mobile devices

mod_register_apps: Remove intrinsic size from SVGs, to always display them at their full size

mod_invites_page: Typo in preventing the default event when clicking on show all

mod_http_avatar: Fix displaying the fallback on Firefox

mod_invites_page: Move the JS script to its own file

mod_invites_page: Replace jQuery with vanilla.js in the HTML

mod_register_apps: Add Renga to the list of supported clients

mod_http_oauth2: Make defaults more secure This should be fine since we don't have a lot of clients to be backwards-compatible with.

mod_http_oauth2: Skip consent screen if requested by client and same scopes already granted This follows the intent behind the OpenID Connect 'prompt' parameter when it does not include the 'consent' keyword, that is the client wishes to skip the consent screen. If the user has already granted the exact same scopes to the exact same client in the past, then one can assume that they may grant it again.

mod_audit: Replace argument parsing debug print() with debug logging prosodyctl -v to view

mod_audit_register: Include hostpart with audit events here too mod_audit seems to expect this to be JIDs, not bare usernames.

mod_audit_auth: Include hostpart with audit events mod_audit seems to expect this to be JIDs, not bare usernames.

mod_audit: Fix storing IP prefixes Was essentially calling new_ip(new_ip())

mod_audit: Fix showing session details in module command The namespaced session element was not accounted for.

mod_audit: Also record human-readable name of country Nicer to show in graphs but less machine-usable Throw in continent in case that turns out to be useful one day

mod_audit: Fix recording location info The method :query_by_addr only works for IPv4, even if you open the IPv6 database, which is an odd API. It also returns a table, not a string.

mod_audit: Parse IP into util.ip object once and reuse Mostly for my own sanity

mod_audit: Pass IP address in string form Passing an util.ip object to :text_tag() would be an error.

mod_audit: Fix use of util.ip Yes, weirdly named 'new' function

mod_firewall: Add FROM COUNTRY condition based on GeoIP DB

mod_firewall: Tweak page outline Having 'Sender/recipient matching' under 'Stanza matching' makes more sense to me than the former being a top level item.

mod_aws_profile: Fix use of timer API

mod_auth_oauth_external: Enable experimental http connection pooling Connection pooling may provide a performance boost since it does a few requests per authentication.

mod_storage_s3: Enable connection pooling added in latest trunk Speed boost, something like a 30% improvement with http://localhost Small risk of failed requests due to limits on number of requests per connection or timeouts.

mod_storage_s3: Fix logging Seems request and response loggers is only a thing on http requests and responses from net.http.server, not net.http requests.

mod_storage_s3: Sort imports For pedantic reasons

mod_storage_s3: Implement archive store deletion Not the most efficient way but should work.

mod_storage_s3: Skip archive items matching on date but not full datetime Since it only encodes dates in paths, it would have returned items from outside the specified start..end range if they were from earlier or later in the same (UTC) day.

mod_storage_s3: Move request signing into a net.http hook

mod_client_management: Report on longest lived token when grant does not expire E.g. for mod_http_oauth2 where by default the grant itself is unlimited, while refresh tokens are issued with one week lifetime, but are renewed with each use.

mod_muc_members_json: Fix typo in example and set correct syntax highlighter

mod_muc_members_json: Expand example config and docs for clarity

mod_storage_appendmap: Include timestamps when appending data Meant to give some sense of when each piece of data was added, to aid in debugging changes or manual rollbacks.

mod_storage_appendmap: Implement item/user iteration methods

mod_http_health: Copypaste IP access control code

mod_dnsupdate: Support advertising explicit non-existence of service

mod_http_admin_api: Support for adding/removing group MUCs

mod_groups_muc_bookmarks: Update bookmarks when a group MUC is added/removed

mod_groups_internal: Update to support multiple MUCs per group This was a feature request for Snikket.

mod_storage_ejabberdsql_readonly: Don't use MySQL-specific syntax util.sql should take care of transformation when MySQL is in use.

mod_client_management: Bail out retrieving tokens for user Fixes core/usermanager.lua:118: attempt to index a nil value (field '?')

mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.

mod_http_oauth2: Restrict introspection to clients own tokens The introspection code was added before the client hash was added in 0860497152af which allows connecting tokens to clients.

mod_http_oauth2: Implement introspection endpoint "Tell me about this token"

mod_http_status: Add IP allowlisting capabilities Based on mod_http_openmetrics

mod_rest: Limit payload size (cf stanza size limits) Otherwise the limit would be defined by the HTTP stack.

mod_storage_s3: Add brief README

mod_storage_s3: Treat 404 to GET as a signal for empty data

mod_storage_s3: Use '@' as placeholder for empty (host) store slots Used when the server stores things for itself.

mod_storage_s3: Handle archive query without parameters

mod_storage_s3: Implement Archive storage

mod_storage_s3: Implement iteration of keyvalue keys (users usually)

mod_storage_s3: Implement keyvalue deletion

mod_storage_s3: Handle signing of request ?query part

mod_storage_s3: Beginnings of an experimental S3 storage driver Tested against MinIO