Tweaking documentation to clarify that Oauth2 can be used for VirtualHosts and Component installations.

Updating dox for mod_rest. Ideas expressed / clarified: 1) Making clear that mod_rest isn't to be installed under VirtualHosts AND as a component. 2) Understanding some of the implications of this choice: A) Changes to user authentication B) How it affects subdomains 3) More consistent use of domain names for clarity. 4) Using different heading sizes to show scope of section. Essentially, I added all the tidbits I had to clarify in getting this to work in my own example.

mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time This can be triggered by e.g. a distributed brute force attack, or from Monal.

mod_http_muc_log: replace "mam_muc" with "muc_mam" in README.markdown

mod_vcard_muc: fix field type for XEP-0486 field

mod_vcard_muc: use XEP-0486 form field for avatar hashes

mod_mam_archive: remove invalid disco#info feature The feature which was previously added to disco#info was in fact specified to be used for stream features only (see XEP-0136 section 11). Emitting it in disco#info is weird at best and breaks stuff at worst.

mod_invites_tracking: Don't bother storing anything for non-invite IBR

mod_invites_tracking: Fix traceback when not registering via invite (thanks Link Mauve)

various/README: Fix 'labels' metadata, should be a list

mod_rest: Add schema examples Also 'example' -> 'examples'

Merge

Guard for not room

mod_http_admin_api: Support storing free-form text note with invitations

mod_csi_battery_saver: Some more improvements (handling of errors, muc invites, special data)

mod_csi_battery_saver: add xep number to mds comment

mod_csi_battery_saver: MDS headline pushes are important

mod_http_admin_api: Use new API in mod_announce to send announcements

mod_muc_rtbl: Fix blocking of PMs from RTBL matches

mod_sasl2: Log when tls-exporter is NOT supported, as well as when it is

mod_http_admin_api: Return roles for existing invites, if any

mod_http_admin_api: Allow specifying roles for invitations

mod_pubsub_serverinfo: node is a string, not a number

mod_pubsub_serverinfo: Fix for compatibility with 0.12 option getters

mod_pubsub_serverinfo: Don't default to non-local pubsub servers (thanks roughnecks)

mod_http_admin_api: User activity gauges need to be summed (labels by host)

mod_sasl2_fast: Improve handling when SASL profile unexpectedly lacks CB This fixes a traceback reported by riau, but likely does not solve the underlying cause, whatever that is.

mod_muc_restrict_avatars: Allow MUC admin to control restriction Thanks, Strix!

misc/systemd: Add comment with link to our debian resources including systemd service file

misc/systemd: Fix typo Is this worth keeping? We also have a .service file in the debian repo?

mod_client_management: Prevent exception on missing client info > attempt to index a nil value (local 'legacy_info') Unsure how exactly this happens, perhaps by mixing SASL2/BIND2 with legacy equivalents?

mod_sasl2_fast: Update reference to now published XEP-0484 (thanks gooya)

mod_lastlog2: Fix typo from original copy-paste

mod_sasl_ssdp: Add go-sendxmpp to clients supporting XEP-0474.

mod_compat_roles: Fix attempt to index a nil value #1847 permissions[] is not a map with role names as keys since 817bc9873fc2 but instead a level with host names were added. This was likely an oversight. Refactored towards railroad.

mod_privilege: Fix IQ privileges advertising for multiple namespaces Before this fix, the namespaces element were wrongly nested.

mod_pastebin: Back out 040eaa3844f4 Triggered error in Lua with if set over 200 and a 200+ line line message is checked.

mod_conversejs: Allow installation as PWA

mod_firewall: Fix syntax error (thanks mirux)

mod_pubsub_serverinfo: update reference to XEP.

mod_rest: Fix incorrect 'type' in mapping schema for XEP-0100

mod_firewall: REPORT TO: Include id in reports

mod_firewall: Support util.id.* as dependencies

mod_firewall: 'REPORT TO': fix default reason fallback if none is provided

mod_report_forward: Include id on report submissions

mod_measure_active_users: Switch to mod_cron for scheduling

mod_http_admin_api: Include active user counts in metrics response

mod_auth_oauth_external: Fix typo

mod_report_forward: fix address detection when there are multiple field values

mod_anti_spam: New module for spam filtering (pre-alpha)

mod_http_oauth2: Reflect changes to defaults etc - Resource owner password grant was disabled by default - Tokens now include a hash of client_id making it possible to be reasonable sure that they were issued to a particular client

mod_report_forward: Fixes for abuse contact address lookup in origin reporting

mod_report_forward: Depend on mod_spam_reporting for auto-loading

mod_report_forward: Open archive store correctly (thanks Menel)

mod_spam_report_forwarder: Rename to mod_report_forward This module is not only about spam reports.

mod_log_ringbuffer: Detach event handlers on logging reload (thanks Menel) Otherwise the global event handlers accumulate, one added each time logging is reoladed, and each invocation of the signal or event triggers one dump of each created ringbuffer.

mod_log_ringbuffer: Hook POSIX signals via event only

mod_traceback: Hook signal via event instead of directly Safer this way, see Prosody trunk rev 69faf3552d52

mod_debug_traceback: Remove direct POSIX signal handling, require Prosody 0.12+ Hooking an event is safer than directly hooking signals For context see Prosody trunk rev 69faf3552d52

mod_muc_moderation: Remove Poezio, feature request gone in migration

mod_muc_moderation: Fix example

mod_spam_report_forwarder: Only forward to xmpp: URIs, and exclude MUCs

mod_muc_adhoc_bots: Fix bug preventing multiple commands from showing

mod_push2: empty table instead of nil when not present

mod_spam_report_forwarder: Support for reporting messages, and reporting to origin server

mod_pubsub_serverinfo: Update to use mod_server_info (fixes #1841) ...but only for Prosody trunk users, because 0.12 mod_server_contact_info does not use the new API in mod_server_info.

mod_server_info: Rewrite/backport from Prosody 1ce18cb3e6cc

mod_pubsub_serverinfo: Update README to link to known issues

mod_audit_status: Expose 'crashed' flag

mod_http_upload_external: Fix typo in access documentation.

mod_firewall: Fix REPORT TO action name in documentation

mod_blocking: Drop mention of mod_privacy

mod_blocking: Deprecate

mod_privacy_lists: Deprecate

mod_firewall: Fix to find scripts when installed with plugin installer Extra resources are stored in a different path by luarocks, not alongside the code as this code assumed. Thanks eTaurus

mod_pubsub_mqtt: Update to MQTT 3.1.1

mod_pubsub_mqtt: Fix syntax error

mod_pubsub_mqtt: Add TLS port (default 8883) for MQTT connections

mod_http_oauth2: Reuse JWT issuance time as substitute for auth time Makes the token shorter. Since iat and auth_time are generated at about the same time they would only differ by a few microseconds anyway.

mod_poke_strangers: Fix incorrect log method calls

mod_http_muc_log: Remove compat for very old MUC API room:get_public() first appeared in 0.10.0

mod_http_admin_api: metrics: Filter out a value that is commonly nan at startup The upload bytes count is typically nan at startup, which cannot legally be encoded in JSON. I haven't assessed whether any other metrics might emit nan under other circumstances, but this fixes the most visible issue right now.

mod_groups_muc_bookmarks: Don't add deleted MUCs to user bookmarks

mod_groups_internal: Add flag to indicate when a linked MUC has been deleted In theory this shouldn't happen, but it could (and apparently does).

mod_groups_internal: Also remove MUCs that still exist, but have been destroyed Tombstones could previously fool us into thinking the MUC was still there.

mod_groups_muc_bookmarks: Sync bookmarks when user is added/removed to/from multi-MUC group This was overlooked when multi-MUC support was first implemented.

mod_groups_internal: Sync MUC affiliations for multi-MUC groups This was overlooked when multi-MUC support was added.

mod_groups_internal: Save MUC room after creation to commit it to storage Without this, the MUC could be lost on an unclean shutdown.

mod_groups_internal: Fix traceback when room doesn't exist I'm not sure if it should even be included if it doesn't exist, but I'm not currently sure how this situation occurs, so I'm implementing the lightest possible fix for now.

mod_sasl_ssdp: Fix event name so legacy SASL works correctly (thanks Martin!)

mod_password_policy: Change error type from 'cancel' to 'modify' This makes more sense, as the problem relates to the data that has been entered, and therefore the request could be retried with different data.

mod_pubsub_serverinfo: Treat public providers as public The opt-in mechanism is to prevent leaking domain names or relationships between small private servers. These are not considerations relevant to public servers. We use the providers.xmpp.net API to fetch a list of known public provider domains.

mod_pubsub_serverinfo: Allow configuration of node persistence/deletion

mod_pubsub_serverinfo: Add explicit xmlns to all pubsub tags This helps when routing between hosts on the same server, where the namespace normalization is not handled by default.

mod_pubsub_serverinfo: Remove unused variable declaration

mod_pubsub_serverinfo: Some logging improvements

mod_pubsub_serverinfo: Refresh cache entries if they will expire before next run

mod_pubsub_serverinfo: Add node on compatibility

mod_pubsub_serverinfo: Warm-up opt-in cache By warming up the cache that contains the opt-in data, the first publication has a better chance of including domain names for remote domains that opt-in. Without this change, those domains are named only after the _second_ publication, which can take a while. New users are likely thrown off by that.

mod_pubsub_serverinfo: Fix namespace parsing issue with disco/info Prosody's API works based on attribute definitions, without using namespace scopes.

mod_pubsub_serverinfo: Consider sibling vhosts 'connected' Prosody does not have s2s connections between vhosts. Multiple domains will therefor not show up as each-other 'remote domains'. With this commit, the module considers vhosts permanently s2s-connected. Additional debug logging has been added.

mod_pubsub_serverinfo: Update documentation Removed a 'feature yet to be implemented' that now has been implemented.

mod_pubsub_serverinfo: Added 'Known Issues' section

mod_pubsub_serverinfo: Disco/info cache TTL should be configurable This module caches the disco/info results of remote domains. This commit introduces a new configuration option that allows an admin to configure the cache expiry duration.

mod_pubsub_serverinfo: Detect existence of pub/sub node Instead of blindly trying to create the pub/sub node to publish items to, a service discovery query is performed to check if node creation is required. Added various bits of warn and debug logging, to give a user better feedback if and why something is failing.

mod_pubsub_serverinfo: implemented all basic features This commit replaces the earlier proof-of-concept to a solution that: - reports on remotely-connected domains - uses disco/info to detect if those domains opt-in - publishes domain names for remote domains that do so - caches the disco/info response

mod_csi_battery_saver: mark some presences as important

mod_pubsub_serverinfo: New module that uses pub/sub to make accessible server info This first implemetnation is laughably simple: it only adds a disco#info feature. This flags 'opt-in' for inclusion of local domain names in the data exposed by other domains (per the domain), which will allow servers to be listed in the XMPP Network Graph at https://xmppnetwork.goodbytes.im Hopefully, this bare-boned implementation acts as a stepping stone for future improvements.

mod_groups_internal: Set group names as roster groups

mod_http_oauth2: Reduce log level for error delivery via redirect This is supposed to be normal in OAuth2, not really deserving a warning log message.

mod_http_oauth2: Tweak fallback error text Since the oauth error is more like the error condition, a symbolic error code, not the most human-friendly. Many error cases do have human-readable error descriptions that should be fine on their own, or changed to be. As a fallback, capitalize the error name.

mod_http_oauth2: Improve registration schema documentation parts

mod_http_oauth2: Do not enforce PKCE on Device and OOB flows PKCE does not appear to be used with the Device flow. I have found no mention of any interaction between those standards. Since no data is delivered via redirects in these cases, PKCE may not serve any purpose. This is mostly a problem because we reuse the authorization code to implement the Device and OOB flows.

mod_groups_internal: Return group name instead of MUC name if MUC has no name

mod_server_info: New module to add custom service extension forms to disco

mod_firewall: TO/FROM ROLE: Handle JIDs with no role (thanks Zash)

mod_firewall: Fix TO/FROM ROLE These conditions did not match because get_jid_role() returns a role object. We want to compare based on the name.

mod_measure_active_users: Fix inverted logic (thanks mirux)

mod_http_oauth2: Use color-scheme to get nice dark mode defaults

mod_isolate_host: Fix inverted logic in log message