mod_pubsub_serverinfo: fix syntax error

mod_pubsub_serverinfo: fix bool logic when reading config

mod_report_forward: Some whitespace fixes

mod_report_forward: Fix traceback when reporting a specific message (thanks singpolyma)

mod_muc_restrict_pm: Backport changes from upstream timber patch.

mod_muc_restrict_pm: small rewrite. improves room config options

mod_muc_restrict_pm: fix lua warnings

mod_muc_restrict_pm: fix table in README

mod_muc_restrict_pm: Limit who may send and recieve MUC PMs

mod_http_upload_external: Add link to Rust implementation (Thanks Luna)

Tweaking documentation to clarify that Oauth2 can be used for VirtualHosts and Component installations.

Updating dox for mod_rest. Ideas expressed / clarified: 1) Making clear that mod_rest isn't to be installed under VirtualHosts AND as a component. 2) Understanding some of the implications of this choice: A) Changes to user authentication B) How it affects subdomains 3) More consistent use of domain names for clarity. 4) Using different heading sizes to show scope of section. Essentially, I added all the tidbits I had to clarify in getting this to work in my own example.

mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time This can be triggered by e.g. a distributed brute force attack, or from Monal.

mod_http_muc_log: replace "mam_muc" with "muc_mam" in README.markdown

mod_vcard_muc: fix field type for XEP-0486 field

mod_vcard_muc: use XEP-0486 form field for avatar hashes

mod_mam_archive: remove invalid disco#info feature The feature which was previously added to disco#info was in fact specified to be used for stream features only (see XEP-0136 section 11). Emitting it in disco#info is weird at best and breaks stuff at worst.

mod_invites_tracking: Don't bother storing anything for non-invite IBR

mod_invites_tracking: Fix traceback when not registering via invite (thanks Link Mauve)

various/README: Fix 'labels' metadata, should be a list

mod_rest: Add schema examples Also 'example' -> 'examples'

Merge

Guard for not room

mod_http_admin_api: Support storing free-form text note with invitations

mod_csi_battery_saver: Some more improvements (handling of errors, muc invites, special data)

mod_csi_battery_saver: add xep number to mds comment

mod_csi_battery_saver: MDS headline pushes are important

mod_http_admin_api: Use new API in mod_announce to send announcements

mod_muc_rtbl: Fix blocking of PMs from RTBL matches

mod_sasl2: Log when tls-exporter is NOT supported, as well as when it is

mod_http_admin_api: Return roles for existing invites, if any

mod_http_admin_api: Allow specifying roles for invitations

mod_pubsub_serverinfo: node is a string, not a number

mod_pubsub_serverinfo: Fix for compatibility with 0.12 option getters

mod_pubsub_serverinfo: Don't default to non-local pubsub servers (thanks roughnecks)

mod_http_admin_api: User activity gauges need to be summed (labels by host)

mod_sasl2_fast: Improve handling when SASL profile unexpectedly lacks CB This fixes a traceback reported by riau, but likely does not solve the underlying cause, whatever that is.

mod_muc_restrict_avatars: Allow MUC admin to control restriction Thanks, Strix!

misc/systemd: Add comment with link to our debian resources including systemd service file

misc/systemd: Fix typo Is this worth keeping? We also have a .service file in the debian repo?

mod_client_management: Prevent exception on missing client info > attempt to index a nil value (local 'legacy_info') Unsure how exactly this happens, perhaps by mixing SASL2/BIND2 with legacy equivalents?

mod_sasl2_fast: Update reference to now published XEP-0484 (thanks gooya)

mod_lastlog2: Fix typo from original copy-paste

mod_sasl_ssdp: Add go-sendxmpp to clients supporting XEP-0474.

mod_compat_roles: Fix attempt to index a nil value #1847 permissions[] is not a map with role names as keys since 817bc9873fc2 but instead a level with host names were added. This was likely an oversight. Refactored towards railroad.

mod_privilege: Fix IQ privileges advertising for multiple namespaces Before this fix, the namespaces element were wrongly nested.

mod_pastebin: Back out 040eaa3844f4 Triggered error in Lua with if set over 200 and a 200+ line line message is checked.

mod_conversejs: Allow installation as PWA

mod_firewall: Fix syntax error (thanks mirux)

mod_pubsub_serverinfo: update reference to XEP.

mod_rest: Fix incorrect 'type' in mapping schema for XEP-0100

mod_firewall: REPORT TO: Include id in reports

mod_firewall: Support util.id.* as dependencies

mod_firewall: 'REPORT TO': fix default reason fallback if none is provided

mod_report_forward: Include id on report submissions

mod_measure_active_users: Switch to mod_cron for scheduling

mod_http_admin_api: Include active user counts in metrics response

mod_auth_oauth_external: Fix typo

mod_report_forward: fix address detection when there are multiple field values

mod_anti_spam: New module for spam filtering (pre-alpha)

mod_http_oauth2: Reflect changes to defaults etc - Resource owner password grant was disabled by default - Tokens now include a hash of client_id making it possible to be reasonable sure that they were issued to a particular client

mod_report_forward: Fixes for abuse contact address lookup in origin reporting

mod_report_forward: Depend on mod_spam_reporting for auto-loading

mod_report_forward: Open archive store correctly (thanks Menel)

mod_spam_report_forwarder: Rename to mod_report_forward This module is not only about spam reports.

mod_log_ringbuffer: Detach event handlers on logging reload (thanks Menel) Otherwise the global event handlers accumulate, one added each time logging is reoladed, and each invocation of the signal or event triggers one dump of each created ringbuffer.

mod_log_ringbuffer: Hook POSIX signals via event only

mod_traceback: Hook signal via event instead of directly Safer this way, see Prosody trunk rev 69faf3552d52

mod_debug_traceback: Remove direct POSIX signal handling, require Prosody 0.12+ Hooking an event is safer than directly hooking signals For context see Prosody trunk rev 69faf3552d52

mod_muc_moderation: Remove Poezio, feature request gone in migration

mod_muc_moderation: Fix example

mod_spam_report_forwarder: Only forward to xmpp: URIs, and exclude MUCs

mod_muc_adhoc_bots: Fix bug preventing multiple commands from showing

mod_push2: empty table instead of nil when not present

mod_spam_report_forwarder: Support for reporting messages, and reporting to origin server

mod_pubsub_serverinfo: Update to use mod_server_info (fixes #1841) ...but only for Prosody trunk users, because 0.12 mod_server_contact_info does not use the new API in mod_server_info.

mod_server_info: Rewrite/backport from Prosody 1ce18cb3e6cc

mod_pubsub_serverinfo: Update README to link to known issues

mod_audit_status: Expose 'crashed' flag

mod_http_upload_external: Fix typo in access documentation.

mod_firewall: Fix REPORT TO action name in documentation

mod_blocking: Drop mention of mod_privacy

mod_blocking: Deprecate

mod_privacy_lists: Deprecate

mod_firewall: Fix to find scripts when installed with plugin installer Extra resources are stored in a different path by luarocks, not alongside the code as this code assumed. Thanks eTaurus

mod_pubsub_mqtt: Update to MQTT 3.1.1

mod_pubsub_mqtt: Fix syntax error

mod_pubsub_mqtt: Add TLS port (default 8883) for MQTT connections

mod_http_oauth2: Reuse JWT issuance time as substitute for auth time Makes the token shorter. Since iat and auth_time are generated at about the same time they would only differ by a few microseconds anyway.

mod_poke_strangers: Fix incorrect log method calls

mod_http_muc_log: Remove compat for very old MUC API room:get_public() first appeared in 0.10.0

mod_http_admin_api: metrics: Filter out a value that is commonly nan at startup The upload bytes count is typically nan at startup, which cannot legally be encoded in JSON. I haven't assessed whether any other metrics might emit nan under other circumstances, but this fixes the most visible issue right now.

mod_groups_muc_bookmarks: Don't add deleted MUCs to user bookmarks

mod_groups_internal: Add flag to indicate when a linked MUC has been deleted In theory this shouldn't happen, but it could (and apparently does).

mod_groups_internal: Also remove MUCs that still exist, but have been destroyed Tombstones could previously fool us into thinking the MUC was still there.

mod_groups_muc_bookmarks: Sync bookmarks when user is added/removed to/from multi-MUC group This was overlooked when multi-MUC support was first implemented.

mod_groups_internal: Sync MUC affiliations for multi-MUC groups This was overlooked when multi-MUC support was added.

mod_groups_internal: Save MUC room after creation to commit it to storage Without this, the MUC could be lost on an unclean shutdown.

mod_groups_internal: Fix traceback when room doesn't exist I'm not sure if it should even be included if it doesn't exist, but I'm not currently sure how this situation occurs, so I'm implementing the lightest possible fix for now.

mod_sasl_ssdp: Fix event name so legacy SASL works correctly (thanks Martin!)

mod_password_policy: Change error type from 'cancel' to 'modify' This makes more sense, as the problem relates to the data that has been entered, and therefore the request could be retried with different data.

mod_pubsub_serverinfo: Treat public providers as public The opt-in mechanism is to prevent leaking domain names or relationships between small private servers. These are not considerations relevant to public servers. We use the providers.xmpp.net API to fetch a list of known public provider domains.

mod_pubsub_serverinfo: Allow configuration of node persistence/deletion

mod_pubsub_serverinfo: Add explicit xmlns to all pubsub tags This helps when routing between hosts on the same server, where the namespace normalization is not handled by default.

mod_pubsub_serverinfo: Remove unused variable declaration

mod_pubsub_serverinfo: Some logging improvements

mod_pubsub_serverinfo: Refresh cache entries if they will expire before next run

mod_pubsub_serverinfo: Add node on compatibility

mod_pubsub_serverinfo: Warm-up opt-in cache By warming up the cache that contains the opt-in data, the first publication has a better chance of including domain names for remote domains that opt-in. Without this change, those domains are named only after the _second_ publication, which can take a while. New users are likely thrown off by that.

mod_pubsub_serverinfo: Fix namespace parsing issue with disco/info Prosody's API works based on attribute definitions, without using namespace scopes.

mod_pubsub_serverinfo: Consider sibling vhosts 'connected' Prosody does not have s2s connections between vhosts. Multiple domains will therefor not show up as each-other 'remote domains'. With this commit, the module considers vhosts permanently s2s-connected. Additional debug logging has been added.

mod_pubsub_serverinfo: Update documentation Removed a 'feature yet to be implemented' that now has been implemented.

mod_pubsub_serverinfo: Added 'Known Issues' section

mod_pubsub_serverinfo: Disco/info cache TTL should be configurable This module caches the disco/info results of remote domains. This commit introduces a new configuration option that allows an admin to configure the cache expiry duration.

mod_pubsub_serverinfo: Detect existence of pub/sub node Instead of blindly trying to create the pub/sub node to publish items to, a service discovery query is performed to check if node creation is required. Added various bits of warn and debug logging, to give a user better feedback if and why something is failing.

mod_pubsub_serverinfo: implemented all basic features This commit replaces the earlier proof-of-concept to a solution that: - reports on remotely-connected domains - uses disco/info to detect if those domains opt-in - publishes domain names for remote domains that do so - caches the disco/info response

mod_csi_battery_saver: mark some presences as important

mod_pubsub_serverinfo: New module that uses pub/sub to make accessible server info This first implemetnation is laughably simple: it only adds a disco#info feature. This flags 'opt-in' for inclusion of local domain names in the data exposed by other domains (per the domain), which will allow servers to be listed in the XMPP Network Graph at https://xmppnetwork.goodbytes.im Hopefully, this bare-boned implementation acts as a stepping stone for future improvements.

mod_groups_internal: Set group names as roster groups

mod_http_oauth2: Reduce log level for error delivery via redirect This is supposed to be normal in OAuth2, not really deserving a warning log message.

mod_http_oauth2: Tweak fallback error text Since the oauth error is more like the error condition, a symbolic error code, not the most human-friendly. Many error cases do have human-readable error descriptions that should be fine on their own, or changed to be. As a fallback, capitalize the error name.

mod_http_oauth2: Improve registration schema documentation parts

mod_http_oauth2: Do not enforce PKCE on Device and OOB flows PKCE does not appear to be used with the Device flow. I have found no mention of any interaction between those standards. Since no data is delivered via redirects in these cases, PKCE may not serve any purpose. This is mostly a problem because we reuse the authorization code to implement the Device and OOB flows.

mod_groups_internal: Return group name instead of MUC name if MUC has no name

mod_server_info: New module to add custom service extension forms to disco

mod_firewall: TO/FROM ROLE: Handle JIDs with no role (thanks Zash)

mod_firewall: Fix TO/FROM ROLE These conditions did not match because get_jid_role() returns a role object. We want to compare based on the name.

mod_measure_active_users: Fix inverted logic (thanks mirux)

mod_http_oauth2: Use color-scheme to get nice dark mode defaults

mod_isolate_host: Fix inverted logic in log message

mod_s2s_status: Add missing return (thanks Zash)

mod_c2s_conn_throttle: Reduce log level from error->info Our general policy is that "error" should never be triggerable by remote entities, and that it is always about something that requires admin intervention. This satisfies neither condition. The "warn" level can be used for unexpected events/behaviour triggered by remote entities, and this could qualify. However I don't think failed auth attempts are unexpected enough. I selected "info" because it is what is also used for other notable session lifecycle events.

mod_http_admin_api: Abort request if no valid username

mod_http_admin_api: Fix some luacheck warnings and code style issues

mod_http_admin_api: Support PATCH for user enabled status

mod_http_admin_api: Support for setting user account enabled status

mod_http_admin_api: Only include user deletion_request if account is disabled

mod_http_admin_api: Return avatar metadata from get_user_info()

mod_audit_auth: Improve user-agent building (fixes traceback)

mod_http_admin_api: Include information about pending deletion request, if any

mod_measure_active_users: Use the new mod_lastlog2 API

mod_measure_active_users: Exclude disabled user accounts from counts ...if usermanager exposes that API (it's in trunk, not 0.12).

mod_lastlog2: Fix to interpret stored data structure correctly

mod_http_admin_api: Include user account status and activity in get_user_info

mod_lastlog2: Expose API to query the last active time of a user

mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection

mod_log_sasl_mech: Handle auth event from other than mod_saslauth E.g. mod_http_oauth2

mod_http_oauth2: Add logger to "session" for auth event So many assumptions in so many other modules about auth-success/fail

mod_http_oauth2: Move some code earlier

mod_restrict_xmpp: Allow all XEP-0199 pings to self No permission to send a ping without a 'to' attribute?

mod_restrict_xmpp/README: Fix definition list rendering Pandoc wants a blank line between items.

mod_http_oauth2: Reject unparsable URLs This used to be caught by luaPattern=https:// in the schema but that's been removed for some reason

mod_http_oauth2: Return validation output added in trunk rev 72d7830505f0 It's not fun at all to try to register a client and only get back "failed schema validation", this should help with that.

mod_s2s_smacks_timeout: Add note about being merged in trunk mod_s2s

mod_http_oauth2: Handle login_hint without @hostpart Makes life easier for the client when it does not know the full JID, which might not have the same hostpart as the authorization server URL.

mod_audit: Fix querying for both user and global events Forgot to fix this before I pushed

mod_storage_s3: Fix mapping archive query limit to ?max-keys=

mod_audit: Fix error due to sub-second precision timestamps os.date() does not handle them

mod_storage_s3: Remove wrapper and original timestamp from payload (BC) Unpacking the wrapper was already removed in 66986f5271c3 so it was broken already. Just rely on the Last-Modified date instead, it's not going to be accurate if a different timestamp is passed, e.g. with migrations, but that will have to be a future problem. Perhaps the X-Amz-Meta-* can be used?

mod_storage_s3: Fix sorting items by correct field

mod_storage_s3: Fix passing of prefixes, should not be urlencoded

mod_audit: Update command to handle storing JIDs instead of only usernames

mod_client_management: Include session in the other new-client event too

luacheckrc: Replace deprecated module:once with :on_ready So that :once is warned about properly. module:once was only added in trunk so it shouldn't have gotten very far yet.

mod_restrict_xmpp: Add vcard4 PEP node to profile permission

mod_client_management: Include session in new-client event Needed by mod_audit_auth

mod_http_oauth2: Fire authentication events on login form For e.g. mod_audit_auth to use. A bit hacky because upon review many modules don't seem to handle the lack of an XMPP session in the event payload.

mod_http_oauth2: Comment on authorization code storage

mod_audit_tokens: Record events fired by mod_tokenauth in audit log

mod_audit_auth: Add audit record when a client connects that has not been seen before

mod_audit_auth: Ignore FAST authentication events by default FAST is more like a cookie that allows linking new connections to a previous (e.g. password) authentication. Since we assume that FAST tokens are secure (not user generated) and not shareable, it reduces a lot of noise by filtering out uninteresting authentication events.

mod_restrict_xmpp: Fix remaining hard-coded role name

mod_audit: Update README with new name of mod_audit_register

mod_audit_user_accounts: Renamed from mod_audit_register

mod_audit_register: Support for deregister and enable/disable events

mod_audit_status: Support writing heartbeat with async storage drivers

mod_storage_xmlarchive: Support using requested archive-id However diverging from the date-prefixed format means it will need to look through the whole archive to find a particular ID.

mod_storage_xmlarchive: Pass hostname to converter for converting all users

mod_storage_xmlarchive: Migrate all users/rooms if no JID argument given

misc: Add a basic grafterm dashboard For those of us who would rather have less JavaScript

misc: Add a Grafana dashboard

mod_storage_s3: Sort archive items by LastModified Otherwise they would get sorted by who knows what, probably the path. Also not sure if the timestamp comparisons were correct before.

mod_storage_s3: Reorder path components (BC: invalidates any existing data) keyvalue: /bucket/hostname/username/store archive: /bucket/hostname/username/store/yyyy-mm-dd/with/key

mod_storage_s3: Fix querying for basic MAM parameters I guess I was planning to hash the 'with' part but changed my mind half way through implementing and also never tested this.

luacheck: Add new module API methods from trunk See * trunk rev 4d4f9e42bcf8 * trunk rev 65fb0d7a2312 * trunk rev c9ef35fab0b1

mod_storage_s3: Implement search for set of IDs This together with the full id range query enables support for urn:xmpp:mam:2#extended in mod_mam

mod_storage_s3: Advertise full id range archive query capability

mod_audit: Use new module API for period/time ranges It was added around the same time as the parse_duration function

mod_auth_oauth_external: Fix typo

mod_storage_xmlarchive: Fix "user" iteration API Fixes use in prosody-migrator. Otherwise this particular API is not used much, or this would have been noticed before. Usually it is a different store like 'accounts' that is responsible for providing the authoritative list of users. Thanks Ge0rG for testing

mod_storage_s3: Fix storing archives for host itself (e.g. mod_audit) Fixes error due to path constructor trying to do string.gsub(nil) with missing username or with fields.

mod_register_redirect: docs: Fix typo in example (thanks melvo)

mod_sasl2_sm: Remove duplicate advertisement of stream management (thanks singpolyma)

mod_invites_page: Add support for Haiku and mobile Linux

mod_invites_page: Also remove jQuery usage in client page

mod_invites_page: Stop displaying the QRCode to mobile devices

mod_register_apps: Remove intrinsic size from SVGs, to always display them at their full size

mod_invites_page: Typo in preventing the default event when clicking on show all

mod_http_avatar: Fix displaying the fallback on Firefox

mod_invites_page: Move the JS script to its own file

mod_invites_page: Replace jQuery with vanilla.js in the HTML

mod_register_apps: Add Renga to the list of supported clients

mod_http_oauth2: Make defaults more secure This should be fine since we don't have a lot of clients to be backwards-compatible with.

mod_http_oauth2: Skip consent screen if requested by client and same scopes already granted This follows the intent behind the OpenID Connect 'prompt' parameter when it does not include the 'consent' keyword, that is the client wishes to skip the consent screen. If the user has already granted the exact same scopes to the exact same client in the past, then one can assume that they may grant it again.

mod_audit: Replace argument parsing debug print() with debug logging prosodyctl -v to view

mod_audit_register: Include hostpart with audit events here too mod_audit seems to expect this to be JIDs, not bare usernames.

mod_audit_auth: Include hostpart with audit events mod_audit seems to expect this to be JIDs, not bare usernames.

mod_audit: Fix storing IP prefixes Was essentially calling new_ip(new_ip())

mod_audit: Fix showing session details in module command The namespaced session element was not accounted for.

mod_audit: Also record human-readable name of country Nicer to show in graphs but less machine-usable Throw in continent in case that turns out to be useful one day

mod_audit: Fix recording location info The method :query_by_addr only works for IPv4, even if you open the IPv6 database, which is an odd API. It also returns a table, not a string.

mod_audit: Parse IP into util.ip object once and reuse Mostly for my own sanity

mod_audit: Pass IP address in string form Passing an util.ip object to :text_tag() would be an error.

mod_audit: Fix use of util.ip Yes, weirdly named 'new' function

mod_firewall: Add FROM COUNTRY condition based on GeoIP DB

mod_firewall: Tweak page outline Having 'Sender/recipient matching' under 'Stanza matching' makes more sense to me than the former being a top level item.

mod_aws_profile: Fix use of timer API

mod_auth_oauth_external: Enable experimental http connection pooling Connection pooling may provide a performance boost since it does a few requests per authentication.

mod_storage_s3: Enable connection pooling added in latest trunk Speed boost, something like a 30% improvement with http://localhost Small risk of failed requests due to limits on number of requests per connection or timeouts.

mod_storage_s3: Fix logging Seems request and response loggers is only a thing on http requests and responses from net.http.server, not net.http requests.

mod_storage_s3: Sort imports For pedantic reasons

mod_storage_s3: Implement archive store deletion Not the most efficient way but should work.

mod_storage_s3: Skip archive items matching on date but not full datetime Since it only encodes dates in paths, it would have returned items from outside the specified start..end range if they were from earlier or later in the same (UTC) day.

mod_storage_s3: Move request signing into a net.http hook

mod_client_management: Report on longest lived token when grant does not expire E.g. for mod_http_oauth2 where by default the grant itself is unlimited, while refresh tokens are issued with one week lifetime, but are renewed with each use.

mod_muc_members_json: Fix typo in example and set correct syntax highlighter

mod_muc_members_json: Expand example config and docs for clarity

mod_storage_appendmap: Include timestamps when appending data Meant to give some sense of when each piece of data was added, to aid in debugging changes or manual rollbacks.

mod_storage_appendmap: Implement item/user iteration methods

mod_http_health: Copypaste IP access control code

mod_dnsupdate: Support advertising explicit non-existence of service

mod_http_admin_api: Support for adding/removing group MUCs

mod_groups_muc_bookmarks: Update bookmarks when a group MUC is added/removed

mod_groups_internal: Update to support multiple MUCs per group This was a feature request for Snikket.

mod_storage_ejabberdsql_readonly: Don't use MySQL-specific syntax util.sql should take care of transformation when MySQL is in use.

mod_client_management: Bail out retrieving tokens for user Fixes core/usermanager.lua:118: attempt to index a nil value (field '?')

mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.

mod_http_oauth2: Restrict introspection to clients own tokens The introspection code was added before the client hash was added in 0860497152af which allows connecting tokens to clients.

mod_http_oauth2: Implement introspection endpoint "Tell me about this token"

mod_http_status: Add IP allowlisting capabilities Based on mod_http_openmetrics