Matthew Wild <mwild1@gmail.com> [Fri, 07 Apr 2023 12:00:31 +0100] rev 5322
mod_audit: Minor style nit
Matthew Wild <mwild1@gmail.com> [Fri, 07 Apr 2023 12:00:06 +0100] rev 5321
mod_audit: Allow caller to specify time of the event
Kim Alvefur <zash@zash.se> [Fri, 07 Apr 2023 11:38:46 +0200] rev 5320
mod_http_oauth2/README: Link to mod_rest
Kim Alvefur <zash@zash.se> [Fri, 07 Apr 2023 11:37:58 +0200] rev 5319
mod_http_oauth2/README: Link to OAuth and OIDC sites
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 19:31:29 +0100] rev 5318
mod_client_management: README: Update docs to detail shell and XMPP interfaces
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 17:24:16 +0100] rev 5317
mod_http_oauth2: README: Updated documentation to reflect module status
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 16:10:27 +0100] rev 5316
mod_client_management: Add list-clients + manage-clients permissions to users
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 16:09:56 +0100] rev 5315
mod_client_management: Add support for revoking client access via XMPP
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 15:24:49 +0100] rev 5314
mod_client_management: Improve representation of authentication methods
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 15:22:10 +0100] rev 5313
mod_client_management: Improve table output
Requires 1f89a2a9f532 and 1023c3faffac from Prosody.
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 15:21:09 +0100] rev 5312
mod_client_management: Fix user:clients() shell command to take a JID
Matthew Wild <mwild1@gmail.com> [Thu, 06 Apr 2023 15:20:25 +0100] rev 5311
mod_client_management: Use grant id from key
This is a minor tweak - it's faster and preserves compatibility with older
data formats (that we don't necessarily want to be compatible with, but some
of us have messy data stores and it pays to be a little more robust).
Matthew Wild <mwild1@gmail.com> [Wed, 05 Apr 2023 19:45:13 +0100] rev 5310
mod_client_management: Fail to revoke clients that have used passwords
Return an error so the caller can take appropriate action, e.g. encouraging
the user to change their password.
Matthew Wild <mwild1@gmail.com> [Wed, 05 Apr 2023 19:42:16 +0100] rev 5309
mod_client_management: Add support for revocation of clients (when possible)
We decided to keep the unified listing of "clients", which includes both SASL2
clients and OAuth grants, etc. To a user, or someone wanting to manage what
can access their account, they are largely equivalent.
To accomplish this technically, we add a prefix to the id to state what type
it really is.
Matthew Wild <mwild1@gmail.com> [Wed, 05 Apr 2023 19:39:53 +0100] rev 5308
mod_client_management: Include client type in XML response listing
Matthew Wild <mwild1@gmail.com> [Wed, 05 Apr 2023 19:38:59 +0100] rev 5307
mod_sasl2_fast: Add API method to revoke FAST tokens for a given client
Matthew Wild <mwild1@gmail.com> [Tue, 04 Apr 2023 18:09:48 +0100] rev 5306
mod_cloud_notify_filters: Fix traceback when invalid JIDs are submitted
Matthew Wild <mwild1@gmail.com> [Sat, 01 Apr 2023 13:56:53 +0100] rev 5305
mod_client_management: Add XMPP and shell interfaces to fetch client list
Matthew Wild <mwild1@gmail.com> [Sat, 01 Apr 2023 13:56:15 +0100] rev 5304
.luacheckrc: Add module.once
Matthew Wild <mwild1@gmail.com> [Sat, 01 Apr 2023 13:22:12 +0100] rev 5303
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com> [Sat, 01 Apr 2023 13:11:53 +0100] rev 5302
mod_audit: Support for adding location (GeoIP) to audit events
This can be more privacy-friendly than logging full IP addresses, and also
more informative to a user - IP addresses don't mean much to the average
person, however if they see activity from outside their expected country, they
can immediately identify suspicious activity.
As with IPs, this field is configurable for deployments that would like to
disable it. Location is also not logged when the geoip library is not
available.
Jonas Schäfer <jonas@wielicki.name> [Sat, 01 Apr 2023 12:10:56 +0200] rev 5301
mod_isolate_host: potentially pedantic optimization
By Zash.
Jonas Schäfer <jonas@wielicki.name> [Sat, 01 Apr 2023 12:03:08 +0200] rev 5300
mod_isolate_host: handle server-generated stanzas
The hook for setting the no_host_isolation is only called for c2s
sessions. This does not work for stanzas generated by the server,
such as PEP notifications or presence probe answers.
To handle that, we do per-stanza checks for the case that the origin
is local.
Jonas Schäfer <jonas@wielicki.name> [Fri, 31 Mar 2023 16:56:42 +0200] rev 5299
mod_authz_delegate: make resistant against startup order issues
There is no guarantee that the target_host gets activated and
initialized before the host this module is loaded on. As
add_default_permission is called during load time by many modules,
we need to be prepared to queue stuff.
Matthew Wild <mwild1@gmail.com> [Thu, 30 Mar 2023 11:32:50 +0100] rev 5298
mod_client_management: New module for users to view/manage permitted clients
This is just the data and API part.
Kim Alvefur <zash@zash.se> [Thu, 30 Mar 2023 12:06:18 +0200] rev 5297
mod_http_admin_api: Add roles to user schema in openapi
Kim Alvefur <zash@zash.se> [Thu, 30 Mar 2023 12:05:05 +0200] rev 5296
mod_http_admin_api: Fix types of numbers in openapi spec
Numbers are just 'number' in both JSON Schema and Lua
Kim Alvefur <zash@zash.se> [Wed, 29 Mar 2023 17:55:29 +0200] rev 5295
Merge accidental extra head
One does not simply rebase public mercurial changesets
Jonas Schäfer <jonas@wielicki.name> [Wed, 29 Mar 2023 17:52:21 +0200] rev 5294
mod_vcard_muc: take roles into account for access check
This allows admins on the MUC component to force-set avatars, even
if they are not owners in a particular MUC, similar to how they
are granted auto-ownership in other contexts.
Jonas Schäfer <jonas@wielicki.name> [Wed, 29 Mar 2023 17:21:45 +0200] rev 5293
mod_authz_delegate: introduce module to "link" authorization of hosts
See the readme :-).
Motivation is allowing Snikket admins to change circle avatars via
the web portal without bypassing Prosody access checks.