executables: Invoke loader to allow mixing of old and new import style Now both require"util.foo" and require"prosody.util.foo" should be equivalent.

mod_tokenauth: Switch to new token format (invalidates existing tokens!) The new format has the following properties: - 5 bytes longer than the previous format - The token now has separate 'id' and 'secret' parts - the token itself is no longer stored in the DB, and the secret part is hashed - The only variable length field (JID) has been moved to the end - The 'secret-token:' prefix (RFC 8959) is now included Compatibility with the old token format was not maintained, and all previously issued tokens are invalid after this commit (they will be removed from the DB if used).

mod_tokenauth: Log error when token validation fails

util.sasl.oauthbearer: Fix gs2-header parsing

mod_auth_internal_plain: Fix user creation done via mod_admin_shell Following the new behavior in auth_internal_hashed (c8f59ce7d3cf), the account will be created and disabled, instead of returning an error telling password being nil when calling saslprep(). Note that mod_auth_internal_plain does not have full support for enabled/disabled accounts, but that may be fixed in subsequent commits.

prosody.loader: Ensure already loaded modules are found in old and new namespaces Prevents modules being initialized twice, ensuring that require"prosody.util.foo" == require"util.foo"

prosody.loader: Incorporate search path rewrite patch from Debian packages Nice to drop that patch. Will allow loading this to do something both when installed under a prosody directory or from a source checkout.

prosody.loader: Allow loading modules under 'prosody' namespace (#1223) Actually `hg mv`-ing all the files is disruptive, basically breaking everything from rebasing all my WIP draft commits to the package building. So instead, what if we didn't and instead rewrote package names as they are `require()`-d? Debian packages produced by the Prosody are already installed into this structure so much will Just Work if all require calls are updated.

mod_auth_internal_hashed: Shorten call path Why did it call a function defined in the same module through usermanager?

util.sasl.{scram,plain}: Pass authzid to SASL profile callback For potential future use. Used for logging into a different account than the one used for authentication.