mod_http_oauth2: Use color-scheme to get nice dark mode defaults

mod_isolate_host: Fix inverted logic in log message

mod_s2s_status: Add missing return (thanks Zash)

mod_c2s_conn_throttle: Reduce log level from error->info Our general policy is that "error" should never be triggerable by remote entities, and that it is always about something that requires admin intervention. This satisfies neither condition. The "warn" level can be used for unexpected events/behaviour triggered by remote entities, and this could qualify. However I don't think failed auth attempts are unexpected enough. I selected "info" because it is what is also used for other notable session lifecycle events.

mod_http_admin_api: Abort request if no valid username

mod_http_admin_api: Fix some luacheck warnings and code style issues

mod_http_admin_api: Support PATCH for user enabled status

mod_http_admin_api: Support for setting user account enabled status

mod_http_admin_api: Only include user deletion_request if account is disabled

mod_http_admin_api: Return avatar metadata from get_user_info()

mod_audit_auth: Improve user-agent building (fixes traceback)

mod_http_admin_api: Include information about pending deletion request, if any

mod_measure_active_users: Use the new mod_lastlog2 API

mod_measure_active_users: Exclude disabled user accounts from counts ...if usermanager exposes that API (it's in trunk, not 0.12).

mod_lastlog2: Fix to interpret stored data structure correctly

mod_http_admin_api: Include user account status and activity in get_user_info

mod_lastlog2: Expose API to query the last active time of a user

mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection

mod_log_sasl_mech: Handle auth event from other than mod_saslauth E.g. mod_http_oauth2

mod_http_oauth2: Add logger to "session" for auth event So many assumptions in so many other modules about auth-success/fail

mod_http_oauth2: Move some code earlier

mod_restrict_xmpp: Allow all XEP-0199 pings to self No permission to send a ping without a 'to' attribute?

mod_restrict_xmpp/README: Fix definition list rendering Pandoc wants a blank line between items.

mod_http_oauth2: Reject unparsable URLs This used to be caught by luaPattern=https:// in the schema but that's been removed for some reason

mod_http_oauth2: Return validation output added in trunk rev 72d7830505f0 It's not fun at all to try to register a client and only get back "failed schema validation", this should help with that.

mod_s2s_smacks_timeout: Add note about being merged in trunk mod_s2s

mod_http_oauth2: Handle login_hint without @hostpart Makes life easier for the client when it does not know the full JID, which might not have the same hostpart as the authorization server URL.

mod_audit: Fix querying for both user and global events Forgot to fix this before I pushed

mod_storage_s3: Fix mapping archive query limit to ?max-keys=

mod_audit: Fix error due to sub-second precision timestamps os.date() does not handle them

mod_storage_s3: Remove wrapper and original timestamp from payload (BC) Unpacking the wrapper was already removed in 66986f5271c3 so it was broken already. Just rely on the Last-Modified date instead, it's not going to be accurate if a different timestamp is passed, e.g. with migrations, but that will have to be a future problem. Perhaps the X-Amz-Meta-* can be used?

mod_storage_s3: Fix sorting items by correct field

mod_storage_s3: Fix passing of prefixes, should not be urlencoded

mod_audit: Update command to handle storing JIDs instead of only usernames

mod_client_management: Include session in the other new-client event too

luacheckrc: Replace deprecated module:once with :on_ready So that :once is warned about properly. module:once was only added in trunk so it shouldn't have gotten very far yet.

mod_restrict_xmpp: Add vcard4 PEP node to profile permission

mod_client_management: Include session in new-client event Needed by mod_audit_auth

mod_http_oauth2: Fire authentication events on login form For e.g. mod_audit_auth to use. A bit hacky because upon review many modules don't seem to handle the lack of an XMPP session in the event payload.

mod_http_oauth2: Comment on authorization code storage

mod_audit_tokens: Record events fired by mod_tokenauth in audit log

mod_audit_auth: Add audit record when a client connects that has not been seen before

mod_audit_auth: Ignore FAST authentication events by default FAST is more like a cookie that allows linking new connections to a previous (e.g. password) authentication. Since we assume that FAST tokens are secure (not user generated) and not shareable, it reduces a lot of noise by filtering out uninteresting authentication events.

mod_restrict_xmpp: Fix remaining hard-coded role name

mod_audit: Update README with new name of mod_audit_register

mod_audit_user_accounts: Renamed from mod_audit_register

mod_audit_register: Support for deregister and enable/disable events

mod_audit_status: Support writing heartbeat with async storage drivers

mod_storage_xmlarchive: Support using requested archive-id However diverging from the date-prefixed format means it will need to look through the whole archive to find a particular ID.

mod_storage_xmlarchive: Pass hostname to converter for converting all users

mod_storage_xmlarchive: Migrate all users/rooms if no JID argument given

misc: Add a basic grafterm dashboard For those of us who would rather have less JavaScript

misc: Add a Grafana dashboard

mod_storage_s3: Sort archive items by LastModified Otherwise they would get sorted by who knows what, probably the path. Also not sure if the timestamp comparisons were correct before.

mod_storage_s3: Reorder path components (BC: invalidates any existing data) keyvalue: /bucket/hostname/username/store archive: /bucket/hostname/username/store/yyyy-mm-dd/with/key

mod_storage_s3: Fix querying for basic MAM parameters I guess I was planning to hash the 'with' part but changed my mind half way through implementing and also never tested this.

luacheck: Add new module API methods from trunk See * trunk rev 4d4f9e42bcf8 * trunk rev 65fb0d7a2312 * trunk rev c9ef35fab0b1

mod_storage_s3: Implement search for set of IDs This together with the full id range query enables support for urn:xmpp:mam:2#extended in mod_mam

mod_storage_s3: Advertise full id range archive query capability

mod_audit: Use new module API for period/time ranges It was added around the same time as the parse_duration function