mod_audit: Minor style nit

mod_audit: Allow caller to specify time of the event

mod_http_oauth2/README: Link to mod_rest

mod_http_oauth2/README: Link to OAuth and OIDC sites

mod_client_management: README: Update docs to detail shell and XMPP interfaces

mod_http_oauth2: README: Updated documentation to reflect module status

mod_client_management: Add list-clients + manage-clients permissions to users

mod_client_management: Add support for revoking client access via XMPP

mod_client_management: Improve representation of authentication methods

mod_client_management: Improve table output Requires 1f89a2a9f532 and 1023c3faffac from Prosody.

mod_client_management: Fix user:clients() shell command to take a JID

mod_client_management: Use grant id from key This is a minor tweak - it's faster and preserves compatibility with older data formats (that we don't necessarily want to be compatible with, but some of us have messy data stores and it pays to be a little more robust).

mod_client_management: Fail to revoke clients that have used passwords Return an error so the caller can take appropriate action, e.g. encouraging the user to change their password.

mod_client_management: Add support for revocation of clients (when possible) We decided to keep the unified listing of "clients", which includes both SASL2 clients and OAuth grants, etc. To a user, or someone wanting to manage what can access their account, they are largely equivalent. To accomplish this technically, we add a prefix to the id to state what type it really is.

mod_client_management: Include client type in XML response listing

mod_sasl2_fast: Add API method to revoke FAST tokens for a given client

mod_cloud_notify_filters: Fix traceback when invalid JIDs are submitted

mod_client_management: Add XMPP and shell interfaces to fetch client list

.luacheckrc: Add module.once

mod_audit: Add a command to print the audit log on the command-line

mod_audit: Support for adding location (GeoIP) to audit events This can be more privacy-friendly than logging full IP addresses, and also more informative to a user - IP addresses don't mean much to the average person, however if they see activity from outside their expected country, they can immediately identify suspicious activity. As with IPs, this field is configurable for deployments that would like to disable it. Location is also not logged when the geoip library is not available.

mod_isolate_host: potentially pedantic optimization By Zash.

mod_isolate_host: handle server-generated stanzas The hook for setting the no_host_isolation is only called for c2s sessions. This does not work for stanzas generated by the server, such as PEP notifications or presence probe answers. To handle that, we do per-stanza checks for the case that the origin is local.

mod_authz_delegate: make resistant against startup order issues There is no guarantee that the target_host gets activated and initialized before the host this module is loaded on. As add_default_permission is called during load time by many modules, we need to be prepared to queue stuff.

mod_client_management: New module for users to view/manage permitted clients This is just the data and API part.

mod_http_admin_api: Add roles to user schema in openapi

mod_http_admin_api: Fix types of numbers in openapi spec Numbers are just 'number' in both JSON Schema and Lua

Merge accidental extra head One does not simply rebase public mercurial changesets

mod_vcard_muc: take roles into account for access check This allows admins on the MUC component to force-set avatars, even if they are not owners in a particular MUC, similar to how they are granted auto-ownership in other contexts.

mod_authz_delegate: introduce module to "link" authorization of hosts See the readme :-). Motivation is allowing Snikket admins to change circle avatars via the web portal without bypassing Prosody access checks.