mod_client_management: Add shell command to revoke client access
Could be used if an operator detects a compromised client.
--- a/mod_client_management/README.md Thu Jul 13 23:26:02 2023 +0200
+++ b/mod_client_management/README.md Fri Jul 14 13:25:30 2023 +0200
@@ -35,6 +35,12 @@
prosodyctl shell user clients user@example.com
```
+To revoke access from particular client:
+
+```shell
+prosodyctl shell user revoke_client user@example.com grant/xxxxx
+```
+
## Compatibility
Requires Prosody trunk (as of 2023-03-29). Not compatible with Prosody 0.12
--- a/mod_client_management/mod_client_management.lua Thu Jul 13 23:26:02 2023 +0200
+++ b/mod_client_management/mod_client_management.lua Fri Jul 14 13:25:30 2023 +0200
@@ -465,4 +465,18 @@
print(string.rep("-", self.session.width));
return true, ("%d clients"):format(#clients);
end
+
+ function console_env.user:revoke_client(user_jid, selector) -- luacheck: ignore 212/self
+ local username, host = jid.split(user_jid);
+ local mod = prosody.hosts[host] and prosody.hosts[host].modules.client_management;
+ if not mod then
+ return false, ("Host does not exist on this server, or does not have mod_client_management loaded");
+ end
+
+ local revoked, err = revocation_errors.coerce(mod.revoke_client_access(username, selector));
+ if not revoked then
+ return false, err.text or err;
+ end
+ return true, "Client access revoked";
+ end
end);