Kim Alvefur <zash@zash.se> [Fri, 17 Mar 2023 16:29:07 +0100] rev 12958
executables: Invoke loader to allow mixing of old and new import style
Now both require"util.foo" and require"prosody.util.foo" should be
equivalent.
Matthew Wild <mwild1@gmail.com> [Tue, 21 Mar 2023 14:33:29 +0000] rev 12957
mod_tokenauth: Switch to new token format (invalidates existing tokens!)
The new format has the following properties:
- 5 bytes longer than the previous format
- The token now has separate 'id' and 'secret' parts - the token itself is no
longer stored in the DB, and the secret part is hashed
- The only variable length field (JID) has been moved to the end
- The 'secret-token:' prefix (RFC 8959) is now included
Compatibility with the old token format was not maintained, and all previously
issued tokens are invalid after this commit (they will be removed from the DB
if used).
Matthew Wild <mwild1@gmail.com> [Tue, 21 Mar 2023 14:04:39 +0000] rev 12956
mod_tokenauth: Log error when token validation fails
Matthew Wild <mwild1@gmail.com> [Tue, 21 Mar 2023 14:01:03 +0000] rev 12955
util.sasl.oauthbearer: Fix gs2-header parsing
Vitaly Orekhov <vkvo2000@vivaldi.net> [Tue, 21 Mar 2023 01:46:47 +0300] rev 12954
mod_auth_internal_plain: Fix user creation done via mod_admin_shell
Following the new behavior in auth_internal_hashed (c8f59ce7d3cf), the account
will be created and disabled, instead of returning an error telling password
being nil when calling saslprep().
Note that mod_auth_internal_plain does not have full support for
enabled/disabled accounts, but that may be fixed in subsequent commits.
Kim Alvefur <zash@zash.se> [Fri, 17 Mar 2023 15:11:26 +0100] rev 12953
prosody.loader: Ensure already loaded modules are found in old and new namespaces
Prevents modules being initialized twice, ensuring that
require"prosody.util.foo" == require"util.foo"
Kim Alvefur <zash@zash.se> [Fri, 17 Mar 2023 14:36:02 +0100] rev 12952
prosody.loader: Incorporate search path rewrite patch from Debian packages
Nice to drop that patch.
Will allow loading this to do something both when installed under a
prosody directory or from a source checkout.
Kim Alvefur <zash@zash.se> [Fri, 17 Mar 2023 13:51:43 +0100] rev 12951
prosody.loader: Allow loading modules under 'prosody' namespace (#1223)
Actually `hg mv`-ing all the files is disruptive, basically breaking
everything from rebasing all my WIP draft commits to the package
building. So instead, what if we didn't and instead rewrote package
names as they are `require()`-d?
Debian packages produced by the Prosody are already installed into this
structure so much will Just Work if all require calls are updated.
Kim Alvefur <zash@zash.se> [Sat, 18 Mar 2023 16:13:32 +0100] rev 12950
mod_auth_internal_hashed: Shorten call path
Why did it call a function defined in the same module through
usermanager?
Kim Alvefur <zash@zash.se> [Thu, 16 Mar 2023 13:57:30 +0100] rev 12949
util.sasl.{scram,plain}: Pass authzid to SASL profile callback
For potential future use.
Used for logging into a different account than the one used for
authentication.