Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 19:31:29 +0100] rev 5318
mod_client_management: README: Update docs to detail shell and XMPP interfaces
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 17:24:16 +0100] rev 5317
mod_http_oauth2: README: Updated documentation to reflect module status
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 16:10:27 +0100] rev 5316
mod_client_management: Add list-clients + manage-clients permissions to users
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 16:09:56 +0100] rev 5315
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 15:24:49 +0100] rev 5314
mod_client_management: Improve representation of authentication methods
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 15:22:10 +0100] rev 5313
mod_client_management: Improve table output
Requires 1f89a2a9f532 and 1023c3faffac from Prosody.
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 15:21:09 +0100] rev 5312
mod_client_management: Fix user:clients() shell command to take a JID
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 15:20:25 +0100] rev 5311
mod_client_management: Use grant id from key
This is a minor tweak - it's faster and preserves compatibility with older
data formats (that we don't necessarily want to be compatible with, but some
of us have messy data stores and it pays to be a little more robust).
Matthew Wild <mwild1@gmail.com> [Wed, 05 Apr 2023 19:45:13 +0100] rev 5310
mod_client_management: Fail to revoke clients that have used passwords
Return an error so the caller can take appropriate action, e.g. encouraging
the user to change their password.
Matthew Wild <mwild1@gmail.com> [Wed, 05 Apr 2023 19:42:16 +0100] rev 5309
mod_client_management: Add support for revocation of clients (when possible)
We decided to keep the unified listing of "clients", which includes both SASL2
clients and OAuth grants, etc. To a user, or someone wanting to manage what
can access their account, they are largely equivalent.
To accomplish this technically, we add a prefix to the id to state what type
it really is.
Matthew Wild <mwild1@gmail.com> [Wed, 05 Apr 2023 19:39:53 +0100] rev 5308
mod_client_management: Include client type in XML response listing
Matthew Wild <mwild1@gmail.com> [Wed, 05 Apr 2023 19:38:59 +0100] rev 5307
mod_sasl2_fast: Add API method to revoke FAST tokens for a given client
Matthew Wild <mwild1@gmail.com> [Tue, 04 Apr 2023 18:09:48 +0100] rev 5306
mod_cloud_notify_filters: Fix traceback when invalid JIDs are submitted
Matthew Wild <mwild1@gmail.com> [Sat, 01 Apr 2023 13:56:53 +0100] rev 5305
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com> [Sat, 01 Apr 2023 13:56:15 +0100] rev 5304
.luacheckrc: Add module.once
Matthew Wild <mwild1@gmail.com> [Sat, 01 Apr 2023 13:22:12 +0100] rev 5303
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com> [Sat, 01 Apr 2023 13:11:53 +0100] rev 5302
mod_audit: Support for adding location (GeoIP) to audit events
This can be more privacy-friendly than logging full IP addresses, and also
more informative to a user - IP addresses don't mean much to the average
person, however if they see activity from outside their expected country, they
can immediately identify suspicious activity.
As with IPs, this field is configurable for deployments that would like to
disable it. Location is also not logged when the geoip library is not
available.
Jonas Schäfer <jonas@wielicki.name> [Sat, 01 Apr 2023 12:10:56 +0200] rev 5301
mod_isolate_host: potentially pedantic optimization
By Zash.
Jonas Schäfer <jonas@wielicki.name> [Sat, 01 Apr 2023 12:03:08 +0200] rev 5300
mod_isolate_host: handle server-generated stanzas
The hook for setting the no_host_isolation is only called for c2s
sessions. This does not work for stanzas generated by the server,
such as PEP notifications or presence probe answers.
To handle that, we do per-stanza checks for the case that the origin
is local.
Jonas Schäfer <jonas@wielicki.name> [Fri, 31 Mar 2023 16:56:42 +0200] rev 5299
mod_authz_delegate: make resistant against startup order issues
There is no guarantee that the target_host gets activated and
initialized before the host this module is loaded on. As
add_default_permission is called during load time by many modules,
we need to be prepared to queue stuff.
Matthew Wild <mwild1@gmail.com> [Thu, 30 Mar 2023 11:32:50 +0100] rev 5298
mod_client_management: New module for users to view/manage permitted clients
This is just the data and API part.
Kim Alvefur <zash@zash.se> [Thu, 30 Mar 2023 12:06:18 +0200] rev 5297
mod_http_admin_api: Add roles to user schema in openapi
Kim Alvefur <zash@zash.se> [Thu, 30 Mar 2023 12:05:05 +0200] rev 5296
mod_http_admin_api: Fix types of numbers in openapi spec
Numbers are just 'number' in both JSON Schema and Lua
Kim Alvefur <zash@zash.se> [Wed, 29 Mar 2023 17:55:29 +0200] rev 5295
Merge accidental extra head
One does not simply rebase public mercurial changesets
Jonas Schäfer <jonas@wielicki.name> [Wed, 29 Mar 2023 17:52:21 +0200] rev 5294
mod_vcard_muc: take roles into account for access check
This allows admins on the MUC component to force-set avatars, even
if they are not owners in a particular MUC, similar to how they
are granted auto-ownership in other contexts.
Jonas Schäfer <jonas@wielicki.name> [Wed, 29 Mar 2023 17:21:45 +0200] rev 5293
mod_authz_delegate: introduce module to "link" authorization of hosts
See the readme :-).
Motivation is allowing Snikket admins to change circle avatars via
the web portal without bypassing Prosody access checks.
Jonas Schäfer <jonas@wielicki.name> [Wed, 29 Mar 2023 17:21:45 +0200] rev 5292
mod_authz_delegate: introduce module to "link" authorization of hosts
See the readme :-).
Motivation is allowing Snikket admins to change circle avatars via
the web portal without bypassing Prosody access checks.
Matthew Wild <mwild1@gmail.com> [Wed, 29 Mar 2023 16:13:42 +0100] rev 5291
mod_sasl2_fast: Add an API that allows modules to check if a client has FAST
Matthew Wild <mwild1@gmail.com> [Wed, 29 Mar 2023 16:13:00 +0100] rev 5290
mod_sasl2_fast: Add flag to FAST sasl_handler for easier identification
Other code that looks at session.sasl_handler can now detect if a client used
FAST to authenticate.
Matthew Wild <mwild1@gmail.com> [Wed, 29 Mar 2023 16:12:15 +0100] rev 5289
mod_sasl2_fast: Fix harmless off-by-one error (invalidates existing tokens!)
Problem:
This was causing the key to become "<token>--cur" instead of the expected
"<token>-cur". As the same key was used by the code to both set and get, it
still worked.
Rationale for change:
Although it worked, it's unintended, inconsistent and messy. It increases the
chances of future bugs due to the unexpected format.
Side-effects of change:
Existing '--cur' entries will not be checked after this change, and therefore
existing FAST clients will fail to authenticate until they attempt password
auth and obtain a new FAST token.
Existing '--cur' entries in storage will not be cleaned up by this commit, but
this is considered a minor issue, and okay for the relatively few FAST
deployments.
Kim Alvefur <zash@zash.se> [Tue, 28 Mar 2023 21:04:23 +0200] rev 5288
mod_http_admin_api: Fix missing import
Forgot in previous commit
Kim Alvefur <zash@zash.se> [Tue, 28 Mar 2023 20:45:11 +0200] rev 5287
mod_http_admin_api: Tweak token session to please module:may()
module:may() checks for type == "c2s", but mod_tokenauth does not
currently include that or most common session properties.
Fixes a traceback resulting from a different code path where
module:may() tries to index event.stanza, which does not exist for http
events.
Matthew Wild <mwild1@gmail.com> [Tue, 28 Mar 2023 12:43:05 +0100] rev 5286
mod_sasl2_fast: Invalidate tokens issued prior to last password change
Kim Alvefur <zash@zash.se> [Mon, 27 Mar 2023 23:19:09 +0200] rev 5285
mod_rest: Add an example bash script for using mod_rest
Also supports --login with mod_http_oauth2
Matthew Wild <mwild1@gmail.com> [Mon, 27 Mar 2023 18:51:12 +0100] rev 5284
mod_http_oauth2: Update to use new API of Prosody mod_tokenauth @ 601d9a375b86
Matthew Wild <mwild1@gmail.com> [Fri, 24 Mar 2023 14:29:07 +0000] rev 5283
mod_http_oauth2: Add support for refresh tokens
Kim Alvefur <zash@zash.se> [Sun, 26 Mar 2023 14:44:30 +0200] rev 5282
mod_http_oauth2: Declare additional client registration fields as strings
Previously any property not listed in the schema was allowed in any
form, which is probably a bit too liberal. Instead, limit extra fields
to simple strings, which should still allow localized versions of the
various URIs and descriptive properties per RFC 7591 ยง2.2
Kim Alvefur <zash@zash.se> [Sun, 26 Mar 2023 14:39:34 +0200] rev 5281
mod_http_oauth2: Stricten check of urlencoded form data
Because type(formdecode("string without equals sign")) == "string", so
best avoid continuing in that case, even if strings mostly behave as
tables as long as you don't hit one of the __index methods.
Kim Alvefur <zash@zash.se> [Sun, 26 Mar 2023 14:37:42 +0200] rev 5280
mod_http_oauth2: Pedantic optimization
Checking the length of the string seems like 30% more expensive than
comparing it with the empty string (by reference, probably).
Kim Alvefur <zash@zash.se> [Sat, 25 Mar 2023 20:18:05 +0100] rev 5279
mod_pubsub_feeds: Fix packaging of support library for installer
Kim Alvefur <zash@zash.se> [Fri, 17 Mar 2023 22:29:55 +0100] rev 5278
mod_muc_rtbl: Handle node purge
Prevents the module from going out of sync with the node in case this
event ever happens.
Kim Alvefur <zash@zash.se> [Fri, 24 Mar 2023 00:07:58 +0100] rev 5277
mod_http_oauth2: Fix traceback on missing 'scope' parameter
parse_scopes() takes a string and it is not optional
Kim Alvefur <zash@zash.se> [Thu, 23 Mar 2023 16:48:18 +0100] rev 5276
mod_http_oauth2: Focus username field automatically
Reduces effort, not having to click or tab to focus the username field.
Should have no negative effects since there's no other elements one
might want to focus.
Kim Alvefur <zash@zash.se> [Thu, 23 Mar 2023 16:28:08 +0100] rev 5275
mod_http_oauth2: Allow user to decide which requested scopes to grant
These should at the very least be shown to the user, so they can decide
whether to grant them.
Considered whether to filter the requested scopes down to actually
understood scopes that would be granted, but decided that this was a bit
complex for a first step, since role role selection and other kinds of
scopes are mixed into the same field here.
Kim Alvefur <zash@zash.se> [Thu, 23 Mar 2023 16:19:09 +0100] rev 5274
mod_http_oauth2: Use <fieldset> in templates because it looks nice
Removes some CSS as well
Kim Alvefur <zash@zash.se> [Thu, 23 Mar 2023 12:47:51 +0100] rev 5273
mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Relies on recent mod_http_oauth2 updates
Kim Alvefur <zash@zash.se> [Wed, 22 Mar 2023 00:09:58 +0100] rev 5272
mod_http_oauth2: Remove another reference to obsolete function
Kim Alvefur <zash@zash.se> [Tue, 21 Mar 2023 22:29:47 +0100] rev 5271
mod_http_oauth2: Relax payload content type checking in revocation
The code expected
Content-Type: application/x-www-form-urlencoded
HTTPie sent
Content-Type: application/x-www-form-urlencoded; charset=utf-8
It did not work
Kim Alvefur <zash@zash.se> [Tue, 21 Mar 2023 22:23:28 +0100] rev 5270
mod_http_oauth2: Remove now unused code
Was apparently only used in revocation which now uses
get_request_credentials() directly
Kim Alvefur <zash@zash.se> [Tue, 21 Mar 2023 22:02:38 +0100] rev 5269
mod_http_oauth2: Allow revoking a token without OAuth client credentials
If you have a valid token, and you're not supposed to have it, revoking
it seems the most responsible thing to do with it, so it should be
allowed, while if you are supposed to have it, you should also be
allowed to revoke it.
Kim Alvefur <zash@zash.se> [Tue, 21 Mar 2023 21:57:18 +0100] rev 5268
mod_http_oauth2: Correctly verify OAuth client credentials on revocation
Makes no sense to validate against username and password here, or using
a token to revoke another token, or itself?
In fact, upon further discussion, why do you need credentials to revoke
a token? If you are not supposed to have the token, revoking it seems
the most responsible thing to do with it, so it should be allowed, while
if you are supposed to have it, you should be allowed to revoke it.
Kim Alvefur <zash@zash.se> [Tue, 21 Mar 2023 21:45:02 +0100] rev 5267
mod_http_oauth2: Group metadata section into OAuth and OpenID
Could easily be confusing otherwise if you're reading one spec and see
properties not defined there.
Kim Alvefur <zash@zash.se> [Tue, 21 Mar 2023 21:36:54 +0100] rev 5266
mod_http_oauth2: Rename oauth client credential related functions
To make it more explicit what "secret" these deal with.
Matthew Wild <mwild1@gmail.com> [Tue, 21 Mar 2023 15:26:03 +0000] rev 5265
mod_sasl2: Pull user-agent info into sasl_handler for later reference
It may be of interest to post-auth things. Putting it on the session was
another option considered, but that seemed unnecessary overhead for something
that might be rarely used. sasl_handler is cleared after successful
authentication.
Kim Alvefur <zash@zash.se> [Sun, 19 Mar 2023 22:21:41 +0100] rev 5264
mod_adhoc_oauth2_client: Update to call into mod_http_oauth2
Kim Alvefur <zash@zash.se> [Sun, 19 Mar 2023 22:13:27 +0100] rev 5263
mod_http_oauth2: Refactor to allow reuse of OAuth client creation
Kim Alvefur <zash@zash.se> [Thu, 16 Mar 2023 19:59:32 +0100] rev 5262
mod_http_oauth2: Fix userinfo status code off-by-one
Kim Alvefur <zash@zash.se> [Thu, 16 Mar 2023 19:28:44 +0100] rev 5261
mod_http_oauth2: Implement and return ID Token in authorization code flow
Is this OIDC?
Kim Alvefur <zash@zash.se> [Thu, 16 Mar 2023 17:52:10 +0100] rev 5260
mod_http_oauth2: Reject non-local hosts in more code paths
We're not issuing tokens for users on remote hosts, we can't even
authenticate them since they're remote. Thus the host is always the
local module.host so no need to pass around the host in most cases or
use it for anything but enforcing the same host.
Kim Alvefur <zash@zash.se> [Thu, 16 Mar 2023 17:06:35 +0100] rev 5259
mod_http_oauth2: Add support for the "openid" scope
This "openid" scope is there to signal access to the userinfo endpoint,
which is needed for OIDC support.
We don't actually check this later because the userinfo endpoint only
returns info embedded in the token itself, but in the future we may want
to check this more carefully.