Kim Alvefur <zash@zash.se> [Sat, 11 Mar 2023 22:58:47 +0100] rev 5248
mod_http_oauth2: Fix validation of informative URIs
Iterating over wrong table
Kim Alvefur <zash@zash.se> [Sat, 11 Mar 2023 22:46:27 +0100] rev 5247
mod_http_oauth2: Use more compact IDs
UUIDs are nice but so verbose!
The reduction in entropy for the nonce should be fine since the
timestamp is also counts towards this, and it changes every second
(modulo clock shenanigans), so the chances of someone managing to get
the same client_secret by registering with the same information at the
same time as another entity should be negligible.
Kim Alvefur <zash@zash.se> [Sat, 11 Mar 2023 22:31:02 +0100] rev 5246
mod_http_oauth2: Validate that informative URLs match the redirect URIs
It is a bit shady to have the various URIs (URLs really) point to
different hostnames.
This may be quite stricter than required, but can always be relaxed
later.
Kim Alvefur <zash@zash.se> [Sat, 11 Mar 2023 22:25:50 +0100] rev 5245
mod_http_oauth2: Reject insecure redirect URIs
Is this enough, or are they going to be using ftp:// and gopher://?
Kim Alvefur <zash@zash.se> [Sat, 11 Mar 2023 22:25:22 +0100] rev 5244
mod_http_oauth2: Validate that redirect URIs are absolute
Kim Alvefur <zash@zash.se> [Sat, 11 Mar 2023 22:30:58 +0100] rev 5243
mod_http_oauth2: Validate basic URI syntax of redirect URIs
Matthew Wild <mwild1@gmail.com> [Sat, 11 Mar 2023 20:20:37 +0000] rev 5242
mod_spam_report_forwarder: Forward spam/abuse reports to one or more JIDs
Kim Alvefur <zash@zash.se> [Sat, 11 Mar 2023 21:13:00 +0100] rev 5241
mod_http_oauth2: Require URL to client informational page in registration
Since it's used without fallback in the template, seems someone expected
this to always be there, and we might as well.
Kim Alvefur <zash@zash.se> [Sat, 11 Mar 2023 21:11:50 +0100] rev 5240
mod_http_oauth2: Reorder client metadata validation schema
Having 'type' first seems right
Matthew Wild <mwild1@gmail.com> [Sat, 11 Mar 2023 18:41:49 +0000] rev 5239
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID