Kim Alvefur <zash@zash.se> [Sat, 22 Apr 2023 11:59:52 +0200] rev 5358
mod_http_oauth2: Use new mod_cron API for periodic cleanup
Less frequent but this isn't that important after all since, as the
comment states, expired codes are not usable anyway. They're also not
that large so memory usage probably doesn't matter.
Kim Alvefur <zash@zash.se> [Tue, 18 Apr 2023 21:48:31 +0200] rev 5357
mod_audit_status: Fix error on first start
Fixes 'attempt to index a nil value' the first time this module is
loaded, since there's no data yet.
Matthew Wild <mwild1@gmail.com> [Mon, 17 Apr 2023 14:31:50 +0100] rev 5356
mod_muc_rtbl: Use correct occupant object
There is no 'occupant' property for this event.
Kim Alvefur <zash@zash.se> [Mon, 17 Apr 2023 08:26:20 +0200] rev 5355
mod_audit: Move underscore to avoid luacheck warning
Underscore as prefix is taken as a signal that the variable is unused,
but then it is used and luacheck makes noise about that.
Kim Alvefur <zash@zash.se> [Mon, 17 Apr 2023 08:01:09 +0200] rev 5354
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se> [Sat, 15 Apr 2023 10:54:34 +0200] rev 5353
mod_auth_oauth_external: Add configuration example
Kim Alvefur <zash@zash.se> [Sat, 15 Apr 2023 10:46:04 +0200] rev 5352
mod_auth_oauth_external: Linkify password grant
Kim Alvefur <zash@zash.se> [Sat, 15 Apr 2023 10:41:47 +0200] rev 5351
mod_auth_oauth_external: Some notes in README
Kim Alvefur <zash@zash.se> [Thu, 16 Mar 2023 13:04:13 +0100] rev 5350
mod_auth_oauth_external: Allow setting identity instead of discovery URL
Shorter and the .well-known part is, well, well-known.
Kim Alvefur <zash@zash.se> [Thu, 16 Mar 2023 12:45:52 +0100] rev 5349
mod_auth_oauth_external: Support PLAIN via resource owner password grant
Might not be supported by the backend but PLAIN is the lowest common
denominator, so not having it would lock out a lot of clients.
Kim Alvefur <zash@zash.se> [Thu, 16 Mar 2023 12:45:22 +0100] rev 5348
mod_auth_oauth_external: Authenticate against an OAuth 2 provider
But suddenly unsure whether this constitutes an OAuth "client" or
something else? Resource server maybe?
Kim Alvefur <zash@zash.se> [Thu, 13 Apr 2023 09:11:28 +0200] rev 5347
mod_client_management: Fix import of util.error (not errors)
Kim Alvefur <zash@zash.se> [Wed, 12 Apr 2023 11:24:50 +0200] rev 5346
mod_rest: Implement use of refresh tokens in rest.sh example
Because having access tokens expire daily was becoming annoying.
Now this is starting to be in dire need of refactoring.
Kim Alvefur <zash@zash.se> [Wed, 12 Apr 2023 11:24:06 +0200] rev 5345
mod_http_oauth2: Fix error due to reference loop when using refresh token
Kim Alvefur <zash@zash.se> [Wed, 12 Apr 2023 11:22:36 +0200] rev 5344
mod_http_oauth2: Fix table index error when using refresh token
Maxime “pep” Buquet <pep@bouah.net> [Tue, 11 Apr 2023 15:59:35 +0200] rev 5343
mod_muc_http_defaults: Use the new set_subject API. Thanks John Livingston
Kim Alvefur <zash@zash.se> [Mon, 10 Apr 2023 13:24:03 +0200] rev 5342
mod_service_outage_status: XEP-0455: Service Outage Status
Only the out of band part so far.
The in-band pubsub part would need '+notify' support in mod_pubsub,
since mod_pep does not serve the bare-host-JID.
All the hard parts of this XEP is elsewhere, i.e. hosting the document
somewhere reliable.
Kim Alvefur <zash@zash.se> [Mon, 10 Apr 2023 10:49:02 +0200] rev 5341
mod_http_oauth2: Support OpenID UserInfo claims
Actually filling in those details is left to another module because I
don't really wanna mix in a dependency on PEP or mod_vcard here, those
implementation details can be in a second module. Some might want to
fill this from LDAP or something as well.
Kim Alvefur <zash@zash.se> [Mon, 10 Apr 2023 10:47:51 +0200] rev 5340
mod_http_oauth2: Add some debug logging for UserInfo endpoint
Kim Alvefur <zash@zash.se> [Mon, 10 Apr 2023 10:44:23 +0200] rev 5339
mod_http_oauth2: Correct error code when missing credentials for userinfo
Kim Alvefur <zash@zash.se> [Sat, 08 Apr 2023 19:51:24 +0200] rev 5338
mod_rest: Get correct type from config
Autocomplete?
Kim Alvefur <zash@zash.se> [Fri, 07 Apr 2023 21:10:14 +0200] rev 5337
mod_http_debug: Module that echos back HTTP request info for debugging
Written in 2021 for debugging some reverse proxy issue on https://chat.prosody.im/
Kim Alvefur <zash@zash.se> [Fri, 07 Apr 2023 20:26:33 +0200] rev 5336
mod_rest: Allow passing configuring a timeout for <iq> responses
The default 2 minutes is not how long you want to wait, sometimes.
Matthew Wild <mwild1@gmail.com> [Fri, 07 Apr 2023 15:21:54 +0100] rev 5335
mod_audit: Add expiration of entries, and handling of full archive stores
Kim Alvefur <zash@zash.se> [Fri, 07 Apr 2023 15:27:03 +0200] rev 5334
mod_rest/rest.sh: Update 'client_uri' to module page
This started as a convenience wrapper for httpie + mod_rest that
eventually grew OAuth support.
Kim Alvefur <zash@zash.se> [Fri, 07 Apr 2023 15:26:41 +0200] rev 5333
mod_rest/rest.sh: List dependencies in comment
Kim Alvefur <zash@zash.se> [Fri, 07 Apr 2023 15:21:33 +0200] rev 5332
mod_http_oauth2/README: Add rest.sh to known implementations
Matthew Wild <mwild1@gmail.com> [Fri, 07 Apr 2023 13:46:29 +0100] rev 5331
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com> [Fri, 07 Apr 2023 13:44:18 +0100] rev 5330
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com> [Fri, 07 Apr 2023 13:25:34 +0100] rev 5329
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com> [Fri, 07 Apr 2023 13:10:43 +0100] rev 5328
mod_audit_status: Include shutdown reason in log entry
Matthew Wild <mwild1@gmail.com> [Fri, 07 Apr 2023 13:10:20 +0100] rev 5327
mod_audit: Let util.human.io pick a suitable default width
It supports better width detection now.
Matthew Wild <mwild1@gmail.com> [Fri, 07 Apr 2023 13:09:51 +0100] rev 5326
mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com> [Fri, 07 Apr 2023 13:09:31 +0100] rev 5325
mod_audit: Fix iteration of custom payloads to use ipairs
Matthew Wild <mwild1@gmail.com> [Fri, 07 Apr 2023 12:09:21 +0100] rev 5324
mod_audit_status: New module to log server status to audit log
Matthew Wild <mwild1@gmail.com> [Fri, 07 Apr 2023 12:03:29 +0100] rev 5323
mod_audit: Display most recent entries first, rather than showing oldest
This matches the output of 'lastb'.
Matthew Wild <mwild1@gmail.com> [Fri, 07 Apr 2023 12:00:31 +0100] rev 5322
mod_audit: Minor style nit
Matthew Wild <mwild1@gmail.com> [Fri, 07 Apr 2023 12:00:06 +0100] rev 5321
mod_audit: Allow caller to specify time of the event
Kim Alvefur <zash@zash.se> [Fri, 07 Apr 2023 11:38:46 +0200] rev 5320
mod_http_oauth2/README: Link to mod_rest
Kim Alvefur <zash@zash.se> [Fri, 07 Apr 2023 11:37:58 +0200] rev 5319
mod_http_oauth2/README: Link to OAuth and OIDC sites
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 19:31:29 +0100] rev 5318
mod_client_management: README: Update docs to detail shell and XMPP interfaces
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 17:24:16 +0100] rev 5317
mod_http_oauth2: README: Updated documentation to reflect module status
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 16:10:27 +0100] rev 5316
mod_client_management: Add list-clients + manage-clients permissions to users
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 16:09:56 +0100] rev 5315
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 15:24:49 +0100] rev 5314
mod_client_management: Improve representation of authentication methods
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 15:22:10 +0100] rev 5313
mod_client_management: Improve table output
Requires 1f89a2a9f532 and 1023c3faffac from Prosody.
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 15:21:09 +0100] rev 5312
mod_client_management: Fix user:clients() shell command to take a JID
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 15:20:25 +0100] rev 5311
mod_client_management: Use grant id from key
This is a minor tweak - it's faster and preserves compatibility with older
data formats (that we don't necessarily want to be compatible with, but some
of us have messy data stores and it pays to be a little more robust).
Matthew Wild <mwild1@gmail.com> [Wed, 05 Apr 2023 19:45:13 +0100] rev 5310
mod_client_management: Fail to revoke clients that have used passwords
Return an error so the caller can take appropriate action, e.g. encouraging
the user to change their password.
Matthew Wild <mwild1@gmail.com> [Wed, 05 Apr 2023 19:42:16 +0100] rev 5309
mod_client_management: Add support for revocation of clients (when possible)
We decided to keep the unified listing of "clients", which includes both SASL2
clients and OAuth grants, etc. To a user, or someone wanting to manage what
can access their account, they are largely equivalent.
To accomplish this technically, we add a prefix to the id to state what type
it really is.
Matthew Wild <mwild1@gmail.com> [Wed, 05 Apr 2023 19:39:53 +0100] rev 5308
mod_client_management: Include client type in XML response listing
Matthew Wild <mwild1@gmail.com> [Wed, 05 Apr 2023 19:38:59 +0100] rev 5307
mod_sasl2_fast: Add API method to revoke FAST tokens for a given client
Matthew Wild <mwild1@gmail.com> [Tue, 04 Apr 2023 18:09:48 +0100] rev 5306
mod_cloud_notify_filters: Fix traceback when invalid JIDs are submitted
Matthew Wild <mwild1@gmail.com> [Sat, 01 Apr 2023 13:56:53 +0100] rev 5305
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com> [Sat, 01 Apr 2023 13:56:15 +0100] rev 5304
.luacheckrc: Add module.once
Matthew Wild <mwild1@gmail.com> [Sat, 01 Apr 2023 13:22:12 +0100] rev 5303
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com> [Sat, 01 Apr 2023 13:11:53 +0100] rev 5302
mod_audit: Support for adding location (GeoIP) to audit events
This can be more privacy-friendly than logging full IP addresses, and also
more informative to a user - IP addresses don't mean much to the average
person, however if they see activity from outside their expected country, they
can immediately identify suspicious activity.
As with IPs, this field is configurable for deployments that would like to
disable it. Location is also not logged when the geoip library is not
available.
Jonas Schäfer <jonas@wielicki.name> [Sat, 01 Apr 2023 12:10:56 +0200] rev 5301
mod_isolate_host: potentially pedantic optimization
By Zash.
Jonas Schäfer <jonas@wielicki.name> [Sat, 01 Apr 2023 12:03:08 +0200] rev 5300
mod_isolate_host: handle server-generated stanzas
The hook for setting the no_host_isolation is only called for c2s
sessions. This does not work for stanzas generated by the server,
such as PEP notifications or presence probe answers.
To handle that, we do per-stanza checks for the case that the origin
is local.
Jonas Schäfer <jonas@wielicki.name> [Fri, 31 Mar 2023 16:56:42 +0200] rev 5299
mod_authz_delegate: make resistant against startup order issues
There is no guarantee that the target_host gets activated and
initialized before the host this module is loaded on. As
add_default_permission is called during load time by many modules,
we need to be prepared to queue stuff.