Kim Alvefur <zash@zash.se> [Fri, 26 Aug 2022 18:53:00 +0200] rev 12683
mod_s2s: Fix firing buffer drain events
Fixes the same kind of issue as in 65563530375b but once and for all,
while improving similarity between incoming and outgoing connections.
Matthew Wild <mwild1@gmail.com> [Fri, 26 Aug 2022 17:28:06 +0100] rev 12682
mod_smacks: Don't close resuming session when failed due to overflow
Matthew Wild <mwild1@gmail.com> [Fri, 26 Aug 2022 17:04:15 +0100] rev 12681
mod_smacks: Long overdue cleanup of resumption code, fixes some old TODOs
Kim Alvefur <zash@zash.se> [Thu, 25 Aug 2022 22:42:41 +0200] rev 12680
mod_admin_shell: Rename variable to avoid confusion with global function
For luacheck, but it doesn't actually complain about this right now
Kim Alvefur <zash@zash.se> [Thu, 25 Aug 2022 22:40:41 +0200] rev 12679
mod_admin_shell: Fix output from user:roles()
It used _G.print instead of the shell session print, which would
silently write to stdout
Matthew Wild <mwild1@gmail.com> [Mon, 22 Aug 2022 13:53:35 +0100] rev 12678
Merge role-auth->trunk
Matthew Wild <mwild1@gmail.com> [Mon, 22 Aug 2022 13:03:10 +0100] rev 12677
CHANGES: Add role auth
Kim Alvefur <zash@zash.se> [Thu, 18 Aug 2022 19:00:01 +0200] rev 12676
mod_admin_shell: Ensure account has role before it is usable
By creating the account first without a password it can't be used until
the role has set. This is most important for restricted accounts, as a
failure to set the role would lead to the account having more privileges
than indented.
Kim Alvefur <zash@zash.se> [Thu, 18 Aug 2022 18:10:44 +0200] rev 12675
mod_auth_insecure: Store creation and update timestamps on account
This ensures that the store is not empty in case no password is
provided, so the underlying data storage won't consider the store empty.
Kim Alvefur <zash@zash.se> [Thu, 18 Aug 2022 18:10:18 +0200] rev 12674
mod_admin_shell: Update help for user:create to reflect singular role argument
Kim Alvefur <zash@zash.se> [Thu, 18 Aug 2022 17:50:56 +0200] rev 12673
mod_auth_internal_hashed: Allow creating disabled account without password
Otherwise, create_user(username, nil) leads to the account being
deleted.
Matthew Wild <mwild1@gmail.com> [Thu, 18 Aug 2022 16:46:07 +0100] rev 12672
mod_admin_shell: Update with new role management commands and help text
Kim Alvefur <zash@zash.se> [Thu, 18 Aug 2022 15:42:07 +0200] rev 12671
core.usermanager: Update argument name in authz fallback method
It's not plural
Kim Alvefur <zash@zash.se> [Thu, 18 Aug 2022 15:38:18 +0200] rev 12670
core.usermanager: Remove obsolete authz fallback method
Kim Alvefur <zash@zash.se> [Thu, 18 Aug 2022 14:10:21 +0200] rev 12669
core.usermanager: Add missing methods to fallback authz provider
Kim Alvefur <zash@zash.se> [Thu, 18 Aug 2022 14:07:54 +0200] rev 12668
core.usermanager: Add scoped luacheck ignore rule to reduce clutter
Matthew Wild <mwild1@gmail.com> [Thu, 18 Aug 2022 10:37:59 +0100] rev 12667
mod_authz_internal: Expose convenience method to test if user can assume role
Matthew Wild <mwild1@gmail.com> [Wed, 17 Aug 2022 16:38:53 +0100] rev 12666
mod_authz_internal, and more: New iteration of role API
These changes to the API (hopefully the last) introduce a cleaner separation
between the user's primary (default) role, and their secondary (optional)
roles.
To keep the code sane and reduce complexity, a data migration is needed for
people using stored roles in 0.12. This can be performed with
prosodyctl mod_authz_internal migrate <host>
Kim Alvefur <zash@zash.se> [Fri, 12 Aug 2022 22:09:09 +0200] rev 12665
util.roles: Add Teal interface declaration
Kim Alvefur <zash@zash.se> [Mon, 15 Aug 2022 16:36:00 +0200] rev 12664
mod_admin_shell: Show session role in c2s:show
Matthew Wild <mwild1@gmail.com> [Mon, 15 Aug 2022 15:25:07 +0100] rev 12663
usermanager: Add back temporary is_admin to warn about deprecated API usage
Goal: Introduce role-auth with minimal disruption
is_admin() is unsafe in a system with per-session permissions, so it has been
deprecated.
Roll-out approach:
1) First, log a warning when is_admin() is used. It should continue to
function normally, backed by the new role API. Nothing is really using
per-session authz yet, so there is minimal security concern.
The 'strict_deprecate_is_admin' global setting can be set to 'true' to
force a hard failure of is_admin() attempts (it will log an error and
always return false).
2) In some time (at least 1 week), but possibly longer depending on the number
of affected deployments: switch 'strict_deprecate_is_admin' to 'true' by
default. It can still be disabled for systems that need it.
3) Further in the future, before the next release, the option will be removed
and is_admin() will be permanently disabled.
Matthew Wild <mwild1@gmail.com> [Fri, 12 Aug 2022 16:21:57 +0100] rev 12662
usermanager: Remove concept of global authz provider
Rationale:
- Removes a bunch of code!
- We don't have many cases where an actor is not bound to one of our hosts
- A notable exception is the admin shell, but if we ever attempt to lock those
sessions down, there is a load of other work that also has to be done. And
it's not clear if we would need a global authz provider for that anyway.
- Removes an extra edge case from the necessary mental model for operators
- Sessions that aren't bound to a host generally are anonymous or have an
alternative auth model (such as by IP addres).
- With the encapsulation now provided by util.roles, ad-hoc "detached roles"
can still be created anyway by code that needs them.
Matthew Wild <mwild1@gmail.com> [Fri, 12 Aug 2022 11:58:25 +0100] rev 12661
usermanager: Fix method name of global authz provider (thanks Zash)
Matthew Wild <mwild1@gmail.com> [Thu, 11 Aug 2022 16:56:59 +0100] rev 12660
usermanager: Remove obsolete function from global authz provider
Matthew Wild <mwild1@gmail.com> [Thu, 11 Aug 2022 16:47:09 +0100] rev 12659
features: Add "permissions" feature for role-auth
Matthew Wild <mwild1@gmail.com> [Mon, 01 Aug 2022 20:26:00 +0100] rev 12658
usermanager: Handle local JIDs being passed to get/set_jid_role()
There is no reasonable fallback for set_jid_role() because users may have
multiple roles, so that's an error.
Kim Alvefur <zash@zash.se> [Wed, 20 Jul 2022 13:10:47 +0200] rev 12657
core.usermanager: Add missing stub authz methods to global authz provider
Except, should we have a global authz provider at all?
Kim Alvefur <zash@zash.se> [Wed, 20 Jul 2022 13:08:07 +0200] rev 12656
moduleapi: Stricter type check for actor in permission check
Non-table but truthy values would trigger "attempt to index a foo value"
on the next line otherwise
Kim Alvefur <zash@zash.se> [Wed, 20 Jul 2022 13:07:04 +0200] rev 12655
moduleapi: Remove redundant expansion of ':' prefix in permission names
Kim Alvefur <zash@zash.se> [Wed, 20 Jul 2022 13:05:35 +0200] rev 12654
moduleapi: Distribute permissions set from global modules to all hosts
Roles and permissions will always happen in the context of a host.
Prevents error upon indexing since `hosts["*"] == nil`
Matthew Wild <mwild1@gmail.com> [Wed, 20 Jul 2022 10:52:17 +0100] rev 12653
mod_tokenauth: New API that better fits how modules are using token auth
This also updates the module to the new role API, and improves support for
scope/role selection (currently treated as the same thing, which they almost
are).
Matthew Wild <mwild1@gmail.com> [Tue, 19 Jul 2022 18:02:02 +0100] rev 12652
mod_authz_internal: Use util.roles, some API changes and config support
This commit was too awkward to split (hg record didn't like it), so:
- Switch to the new util.roles lib to provide a consistent representation of
a role object.
- Change API method from get_role_info() to get_role_by_name() (touches
sessionmanager and usermanager)
- Change get_roles() to get_user_roles(), take a username instead of a JID
This is more consistent with all other usermanager API methods.
- Support configuration of custom roles and permissions via the config file
(to be documented).
Matthew Wild <mwild1@gmail.com> [Tue, 19 Jul 2022 17:44:26 +0100] rev 12651
util.roles: Add new utility module to consolidate role objects and methods
Matthew Wild <mwild1@gmail.com> [Tue, 12 Jul 2022 13:14:47 +0100] rev 12650
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
This is useful for a number of things. For example, listing users that need to
rotate their passwords after some event. It also provides a safer way for code
to determine that a user password has changed without needing to set a handler
for the password change event (which is a more fragile approach).
Kim Alvefur <zash@zash.se> [Wed, 15 Jun 2022 23:04:17 +0200] rev 12649
core.moduleapi: Expand permission name ':' prefix earlier
Ensures it applies to the context as string case
Somehow this fixes everything
Kim Alvefur <zash@zash.se> [Wed, 15 Jun 2022 23:03:15 +0200] rev 12648
core.moduleapi: Fixup method name
`get_user_role()` did not exist anywhere else.
MattJ said `get_user_default_role()` was indented
Matthew Wild <mwild1@gmail.com> [Wed, 15 Jun 2022 14:22:26 +0100] rev 12647
teal-src: update module.d.tl with new access control methods
Matthew Wild <mwild1@gmail.com> [Wed, 15 Jun 2022 12:15:01 +0100] rev 12646
Switch to a new role-based authorization framework, removing is_admin()
We began moving away from simple "is this user an admin?" permission checks
before 0.12, with the introduction of mod_authz_internal and the ability to
dynamically change the roles of individual users.
The approach in 0.12 still had various limitations however, and apart from
the introduction of roles other than "admin" and the ability to pull that info
from storage, not much actually changed.
This new framework shakes things up a lot, though aims to maintain the same
functionality and behaviour on the surface for a default Prosody
configuration. That is, if you don't take advantage of any of the new
features, you shouldn't notice any change.
The biggest change visible to developers is that usermanager.is_admin() (and
the auth provider is_admin() method) have been removed. Gone. Completely.
Permission checks should now be performed using a new module API method:
module:may(action_name, context)
This method accepts an action name, followed by either a JID (string) or
(preferably) a table containing 'origin'/'session' and 'stanza' fields (e.g.
the standard object passed to most events). It will return true if the action
should be permitted, or false/nil otherwise.
Modules should no longer perform permission checks based on the role name.
E.g. a lot of code previously checked if the user's role was prosody:admin
before permitting some action. Since many roles might now exist with similar
permissions, and the permissions of prosody:admin may be redefined
dynamically, it is no longer suitable to use this method for permission
checks. Use module:may().
If you start an action name with ':' (recommended) then the current module's
name will automatically be used as a prefix.
To define a new permission, use the new module API:
module:default_permission(role_name, action_name)
module:default_permissions(role_name, { action_name[, action_name...] })
This grants the specified role permission to execute the named action(s) by
default. This may be overridden via other mechanisms external to your module.
The built-in roles that developers should use are:
- prosody:user (normal user)
- prosody:admin (host admin)
- prosody:operator (global admin)
The new prosody:operator role is intended for server-wide actions (such as
shutting down Prosody).
Finally, all usage of is_admin() in modules has been fixed by this commit.
Some of these changes were trickier than others, but no change is expected to
break existing deployments.
EXCEPT: mod_auth_ldap no longer supports the ldap_admin_filter option. It's
very possible nobody is using this, but if someone is then we can later update
it to pull roles from LDAP somehow.
Matthew Wild <mwild1@gmail.com> [Wed, 15 Jun 2022 11:47:39 +0100] rev 12645
mod_saslauth: Rename field from 'scope'->'role'
The 'scope' term derives from OAuth, and represents a bundle of permissions.
We're now setting on the term 'role' for a bundle of permissions.
This change does not affect any public modules I'm aware of.
Matthew Wild <mwild1@gmail.com> [Wed, 15 Jun 2022 11:37:09 +0100] rev 12644
util.session: Add role management methods
Kim Alvefur <zash@zash.se> [Fri, 19 Aug 2022 14:24:31 +0200] rev 12643
net.connect: Clear TODO for Happy Eyeballs / RFC 8305, close #1246
Gotta have the DOAP references!
Matthew Wild <mwild1@gmail.com> [Thu, 18 Aug 2022 15:43:16 +0100] rev 12642
Merge 0.12->trunk
Kim Alvefur <zash@zash.se> [Mon, 15 Aug 2022 18:56:22 +0200] rev 12641
mod_admin_shell: Switch names for user role management commands
user:roles() does not convey that this is the mutating command, it
should have been called setroles from the start but wasn't due to lack
of foresight. This has to accidentally removing roles when wanting to
show them.
Kim Alvefur <zash@zash.se> [Wed, 17 Aug 2022 19:04:30 +0200] rev 12640
util.stanza: Add method for extracting a single attribute value
Sometimes you only care about a single attribute, but the child tag
itself may be optional, leading to needing `tag and tag.attr.foo` or
`stanza:find("tag@foo")`.
The `:find()` method is fairly complex, so avoiding it for this kind of
simpler use case is a win.
Kim Alvefur <zash@zash.se> [Mon, 15 Aug 2022 16:35:14 +0200] rev 12639
mod_time: Remove obsolete XEP-0090 support
Deprecated even before Prosody even started, obsolete for over a decade.
Kim Alvefur <zash@zash.se> [Wed, 17 Aug 2022 18:41:35 +0200] rev 12638
util.datetime: Update Teal interface description
Integers were required before, now any number should work.
Kim Alvefur <zash@zash.se> [Wed, 17 Aug 2022 18:07:31 +0200] rev 12637
util.datetime: Remove a line
No idea why the locals were declared on a line by itself. Perhaps line
length considerations? But saving 6 characters in width by adding a
whole line with 47 characters seems excessive.
This is still within the 150 character limit set by .luacheckrc
Kim Alvefur <zash@zash.se> [Sun, 14 Aug 2022 17:47:13 +0200] rev 12636
mod_time: Return sub-second precision timestamps
Because why not? Who even has this module enabled?
Kim Alvefur <zash@zash.se> [Sun, 14 Aug 2022 17:29:39 +0200] rev 12635
mod_storage_sql: Drop archive timestamp precision pending schema update
The "when" column is an INTEGER which will probably be unhappy about
storing higher precision timestamps, so we keep the older behavior for
now.
Kim Alvefur <zash@zash.se> [Sun, 14 Aug 2022 17:28:31 +0200] rev 12634
mod_mam: Store archives with sub-second precision timestamps
Changes sub-second part of example timestamp to .5 in order to avoid
floating point issues.
Some clients use timestamps when ordering messages which can lead to
messages having the same timestamp ending up in the wrong order.
It would be better to preserve the order messages are sent in, which is
the order they were stored in.
Kim Alvefur <zash@zash.se> [Sun, 14 Aug 2022 16:57:31 +0200] rev 12633
util.datetime: Add support for sub-second precision timestamps
Lua since 5.3 raises a fuss when time functions are handed a number with
a fractional part and the underlying C functions are all based on
integer seconds without support for more precision.
Kim Alvefur <zash@zash.se> [Sun, 14 Aug 2022 16:51:10 +0200] rev 12632
util.datetime: Fix argument order in tests
The expected value goes first.
Kim Alvefur <zash@zash.se> [Wed, 10 Aug 2022 15:12:00 +0200] rev 12631
util.signal: Fix name conflict in Teal interface declaration
Kim Alvefur <zash@zash.se> [Wed, 10 Aug 2022 15:10:50 +0200] rev 12630
util.error: Use avoid name conflict in Teal interface declaration
Naming things ... Thing or thing_t?
Kim Alvefur <zash@zash.se> [Wed, 10 Aug 2022 15:10:14 +0200] rev 12629
util.uuid: Fix syntax of Teal interface declaration file
Kim Alvefur <zash@zash.se> [Sun, 24 Jul 2022 21:39:51 +0200] rev 12628
util.timer: Add Teal interface description
Kim Alvefur <zash@zash.se> [Sun, 24 Jul 2022 21:39:46 +0200] rev 12627
util.termcolours: Add Teal interface description
Kim Alvefur <zash@zash.se> [Sun, 24 Jul 2022 21:39:32 +0200] rev 12626
util.queue: Add Teal interface description
Kim Alvefur <zash@zash.se> [Sun, 24 Jul 2022 21:39:07 +0200] rev 12625
util.logger: Add Teal interface description
Kim Alvefur <zash@zash.se> [Thu, 30 Jun 2022 15:39:03 +0200] rev 12624
util.bitcompat: Add Teal type specification
Kim Alvefur <zash@zash.se> [Wed, 15 Jun 2022 15:51:57 +0200] rev 12623
util.struct: Add Teal interface description file
Kim Alvefur <zash@zash.se> [Wed, 15 Jun 2022 15:40:03 +0200] rev 12622
util.table: Add move() to Teal interface description file
Kim Alvefur <zash@zash.se> [Wed, 16 Feb 2022 16:42:22 +0100] rev 12621
util.set: Add teal type declaration file
Kim Alvefur <zash@zash.se> [Wed, 01 Dec 2021 15:05:06 +0100] rev 12620
util.serialization: Add Teal type specification
Kim Alvefur <zash@zash.se> [Mon, 15 Nov 2021 17:15:22 +0100] rev 12619
util.dataforms: Add missing :data() to Teal definition
Kim Alvefur <zash@zash.se> [Mon, 15 Nov 2021 17:07:23 +0100] rev 12618
util.dataforms: Restructure Teal definition file
The PR has been merged and there's no reason not to have nested records
and other definitions.
Kim Alvefur <zash@zash.se> [Wed, 10 Nov 2021 15:12:03 +0100] rev 12617
util.human.io: Add Teal interface definition
Kim Alvefur <zash@zash.se> [Sun, 24 Jul 2022 21:25:41 +0200] rev 12616
util.promise: Add Teal interface specification file
Kim Alvefur <zash@zash.se> [Sun, 24 Jul 2022 21:25:31 +0200] rev 12615
teal: add stub util.array teal defs
Kim Alvefur <zash@zash.se> [Sun, 24 Jul 2022 21:25:17 +0200] rev 12614
net.server: Add teal description file
Kim Alvefur <zash@zash.se> [Sun, 24 Jul 2022 21:25:03 +0200] rev 12613
net.http: Add teal description files
Kim Alvefur <zash@zash.se> [Mon, 05 Jul 2021 13:18:14 +0200] rev 12612
util.human.units: Specify enum argument to format()
Kim Alvefur <zash@zash.se> [Wed, 24 Mar 2021 20:23:38 +0100] rev 12611
core.storagemanager: Convert old Typed Lua description file into Teal
Still only a type definition.
Typed Lua is no longer maintained.
Teal is currently an active project.
Kim Alvefur <zash@zash.se> [Wed, 10 Aug 2022 13:45:43 +0200] rev 12610
util.hex: Update Teal spec for function rename in a0ff5c438e9d
Kim Alvefur <zash@zash.se> [Mon, 08 Aug 2022 20:33:44 +0200] rev 12609
doap: Update XEP versions for which no code changes appear needed
XEP-0004: Partial forms are handled
XEP-0045: We're already strict with GC 1.0
XEP-0060: Change in semantics wrt 'pubsub#type', but not in code
XEP-0115: No protocol change
XEP-0138: Specification moved to Obsolete
XEP-0163: Editorial only change
XEP-0215: Minor schema change
XEP-0280: Editorial change
XEP-0297: Had the wrong version number
XEP-0106: Note missing piece for version 1.1
XEP-0313: Editorial change
XEP-0363: Editorial clarification, no code change required
XEP-0380: Registry additions, no code change needed
XEP-0384: Not directly supported, only here because people will ask otherwise
XEP-0445: Broken out of XEP-0401
Kim Alvefur <zash@zash.se> [Fri, 05 Aug 2022 16:54:15 +0200] rev 12608
various: Update IETF RFC URLs for tools.ietf.org transition
See https://www.ietf.org/blog/finalizing-ietf-tools-transition/
Already done in various other places.
Kim Alvefur <zash@zash.se> [Fri, 05 Aug 2022 14:41:13 +0200] rev 12607
mod_admin_shell: Remove obsolete module:load() argument from 0.8 time
This 'config' argument was removed without explanation in d8dbf569766c
Kim Alvefur <zash@zash.se> [Tue, 02 Aug 2022 19:26:26 +0200] rev 12606
mod_tls: Record STARTTLS state so it can be shown in Shell
This field can be viewed using s2s:show(nil, "... starttls") even
without any special support in mod_admin_shell, which can be added later
to make it nicer. One can then assume that a TLS connection with an
empty / nil starttls field means Direct TLS.
Kim Alvefur <zash@zash.se> [Tue, 02 Aug 2022 16:08:43 +0200] rev 12605
net.resolvers.basic: Add opt-out argument for DNSSEC security status
This makes explicit which lookups can accept an unsigned response.
Insecure (unsigned, as before DNSSEC) A and AAAA records can be used as
security would come from TLS, but an insecure TLSA record is worthless.
Kim Alvefur <zash@zash.se> [Fri, 29 Jul 2022 17:10:31 +0200] rev 12604
Merge 0.12->trunk
Kim Alvefur <zash@zash.se> [Fri, 22 Jul 2022 19:09:50 +0200] rev 12603
mod_storage_sql: Fix summary API with Postgres (fixes #1766)
The ORDER BY and LIMIT clauses are not needed and don't even make much
sense. This part was most likely a leftover from the :find method.
Tested with sqlite and postgres 14
Kim Alvefur <zash@zash.se> [Fri, 22 Jul 2022 18:32:45 +0200] rev 12602
storage tests: Add test for the archive:summary API
Passes with memory, internal, sqlite
Fails with postgres as in #1766
Kim Alvefur <zash@zash.se> [Sun, 17 Jul 2022 17:05:28 +0200] rev 12601
mod_http_files: Log warning about legacy modules using mod_http_files
It is time. Most community modules should have been adjusted to work
with the new (net.http.files) way.
At some point this usage should be prevented.
Related to #1765
Kim Alvefur <zash@zash.se> [Wed, 27 Jul 2022 00:32:04 +0200] rev 12600
util.sasl.scram: Add 'tls-exporter' as recognised channel binding method
The last missing piece of #1760, otherwise SCRAM-SHA-*-PLUS is not
actually advertised.
Kim Alvefur <zash@zash.se> [Wed, 27 Jul 2022 00:10:08 +0200] rev 12599
Merge 0.12->trunk
Kim Alvefur <zash@zash.se> [Wed, 01 Jun 2022 15:06:59 +0200] rev 12598
mod_saslauth: Implement RFC 9266 'tls-exporter' channel binding (#1760)
Brings back SCRAM-SHA-*-PLUS from its hiatus brought on by the earlier
channel binding method being undefined for TLS 1.3, and the increasing
deployment of TLS 1.3.
See 1bfd238e05ad and #1542
Requires future version of LuaSec, once support for this key material
export method is merged.
See https://github.com/brunoos/luasec/pull/187
Kim Alvefur <zash@zash.se> [Tue, 26 Jul 2022 23:44:33 +0200] rev 12597
mod_bookmarks: Reduce error about not having bookmarks to debug (thanks tom)
This is happens if the account is new and doesn't have any bookmarks
yet, which is not a problem.
Rarely seen since most clients currently use the older version of
XEP-0084 stored in XEP-0049 rather than in PEP, but at least one
(Converse.js )does.
One scenario in which this would show up often is with Converse.js as a
guest chat using anonymous authentication, where all "accounts" would
always be new and not have any bookmarks. This scenario probably does
not need to have mod_bookmarks at all, but if enabled globally it would
likely become loaded onto the VirtualHost unless explicitly disabled.
Kim Alvefur <zash@zash.se> [Tue, 26 Jul 2022 00:39:16 +0200] rev 12596
mod_storage_sql: Fix bypass of load procedure under prosodyctl
There's no 'prosody.prosodyctl' property other than this one, introduced
in 6216743c188c in 2015.
Guessing that the intent was to skip this when running as a prosodyctl
command. The module.command code does its own version of this
initialization, so this seems likely.
Thanks raja for noticing
Kim Alvefur <zash@zash.se> [Mon, 11 Jul 2022 20:02:10 +0200] rev 12595
util.table: Fix inaccurate comment
Probably a duplicate of the comment next to Lmove, recorded by mistake
Lpack can probably be removed at some point in the near future once we
are confident it is not used anywhere.
Kim Alvefur <zash@zash.se> [Mon, 11 Jul 2022 19:15:24 +0200] rev 12594
compat: Use table.pack (there since Lua 5.2) over our util.table
Added in d278a770eddc avoid having to deal with its absence in Lua 5.1.
No longer needed when Lua 5.1 support is dropped.
Kim Alvefur <zash@zash.se> [Mon, 11 Jul 2022 19:07:38 +0200] rev 12593
compat: Remove handling of Lua 5.1 location of 'unpack' function
Kim Alvefur <zash@zash.se> [Mon, 11 Jul 2022 17:32:13 +0200] rev 12592
Merge 0.12->trunk
Kim Alvefur <zash@zash.se> [Sun, 10 Jul 2022 16:10:29 +0200] rev 12591
luacheck: Set expected globals to Lua 5.4 + compat
Requires luacheck 0.25.0
Kim Alvefur <zash@zash.se> [Mon, 27 Jun 2022 01:22:36 +0200] rev 12590
core.s2smanager: Don't remove unrelated session on close of bidi session
Normally with bidi, any outgoing connection should be the same as the
incoming, hence when closing a bidi connection it should be removed as a
route to the remote server. However it is not guaranteed, a remote bidi-capable server
might have decided to open a new connection for some reason. This can
lead to a situation where there are two bidi connections, and the s2sout
route is a locally initiated s2sout connection. In this case, such a
s2sout connection should be kept.
Noticed in a rare case where bidi has just been enabled on a running
server, and something establishes new connections immediately when a
connection is closed.
Kim Alvefur <zash@zash.se> [Fri, 08 Jul 2022 19:56:29 +0200] rev 12589
Merge 0.12->trunk
Kim Alvefur <zash@zash.se> [Mon, 30 May 2022 17:34:58 +0200] rev 12588
luacheck: Shut up (backports 3caff1f93520, ignores module deleted in trunk)
Kim Alvefur <zash@zash.se> [Fri, 08 Jul 2022 19:43:47 +0200] rev 12587
Merge 0.12->trunk
Kim Alvefur <zash@zash.se> [Fri, 08 Jul 2022 19:42:48 +0200] rev 12586
Backport 875f73ead4e8 8e4033213c62 to deal with luacheck 0.26
Kim Alvefur <zash@zash.se> [Fri, 08 Jul 2022 19:36:07 +0200] rev 12585
Merge 0.12->trunk
Kim Alvefur <zash@zash.se> [Fri, 08 Jul 2022 17:32:48 +0200] rev 12584
util.datamapper: Improve handling of schemas with non-obvious "type"
The JSON Schema specification says that schemas are objects or booleans,
and that the 'type' property is optional and can be an array.
This module previously allowed bare type names as schemas and did not
really handle booleans.
It now handles missing 'type' properties and boolean 'true' as a schema.
Objects and arrays are guessed based on the presence of 'properties' or
'items' field.
Kim Alvefur <zash@zash.se> [Fri, 08 Jul 2022 14:38:23 +0200] rev 12583
util.jsonschema: Fix validation to not assume presence of "type" field
MattJ reported a curious issue where validation did not work as
expected. Primarily that the "type" field was expected to be mandatory,
and thus leaving it out would result in no checks being performed.
This was likely caused by misreading during initial development.
Spent some time testing against
https://github.com/json-schema-org/JSON-Schema-Test-Suite.git and
discovered a multitude of issues, far too many to bother splitting into
separate commits.
More than half of them fail. Many because of features not implemented,
which have been marked NYI. For example, some require deep comparisons
e.g. when objects or arrays are present in enums fields.
Some because of quirks with how Lua differs from JavaScript, e.g. no
distinct array or object types. Tests involving fractional floating
point numbers. We're definitely not going to follow references to remote
resources. Or deal with UTF-16 sillyness. One test asserted that 1.0 is
an integer, where Lua 5.3+ will disagree.
Kim Alvefur <zash@zash.se> [Sat, 02 Jul 2022 17:27:39 +0200] rev 12582
executables: Reject Lua 5.1 early
Prevents attempting to load libraries that may no longer be found and
crashing with a traceback.
Platforms like Debian where multiple Lua versions can be installed at
the same time and 'lua' pointing to one of the installed interpreters
via symlinks, there's the possibility that prosody/prosodyctl may be
invoked with Lua 5.1, which will no longer have any of the rest of
Prosody libraries available to be require(), and thus would immediately
fail with an unfriendly traceback.
Checking and aborting early with a friendlier message and reference to
more information is better.
Part of #1600
Kim Alvefur <zash@zash.se> [Tue, 05 Jul 2022 14:59:47 +0200] rev 12581
CHANGES: Lua 5.1 support removed (closes #1600)
Kim Alvefur <zash@zash.se> [Tue, 05 Jul 2022 14:18:32 +0200] rev 12580
util.envload: Remove Lua 5.1 method
Part of #1600
Is this module even needed anymore?
Kim Alvefur <zash@zash.se> [Fri, 01 Jul 2022 21:21:21 +0200] rev 12579
util-src: Remove Lua 5.1 compat macros
Part of #1600
Kim Alvefur <zash@zash.se> [Sat, 02 Jul 2022 17:30:06 +0200] rev 12578
mod_storage_sql: Remove Lua 5.1 compatibility hack
Part of #1600
Kim Alvefur <zash@zash.se> [Sat, 02 Jul 2022 17:31:14 +0200] rev 12577
util: Remove various Lua 5.1 compatibility hacks
Part of #1600
Kim Alvefur <zash@zash.se> [Sat, 02 Jul 2022 17:30:34 +0200] rev 12576
util.dependencies: Reject Lua 5.1, Lua 5.2 or later is now required (see #1600)
Kim Alvefur <zash@zash.se> [Sat, 02 Jul 2022 17:29:03 +0200] rev 12575
tests: Remove special-casing of Lua 5.1
Part of #1600
Kim Alvefur <zash@zash.se> [Thu, 30 Jun 2022 17:00:35 +0200] rev 12574
configure: No longer accept Lua 5.1
Kim Alvefur <zash@zash.se> [Thu, 30 Jun 2022 17:03:50 +0200] rev 12573
util.dependencies: Deprecate support for Lua 5.1, this is your final warning
Kim Alvefur <zash@zash.se> [Fri, 24 Jun 2022 16:59:54 +0200] rev 12572
util.hashes: Revert to HMAC() convenience function
Reverts some of 1e41dd0f8353
Seems HMAC() isn't deprecated after all? Must have been at some point
according to #1589
Twice as fast for some reason.
Kim Alvefur <zash@zash.se> [Fri, 24 Jun 2022 16:49:03 +0200] rev 12571
util.hashes: Remove unused constants
Kim Alvefur <zash@zash.se> [Fri, 24 Jun 2022 16:12:11 +0200] rev 12570
util.hashes: Remove unused struct
Unused since 9f1c5ae8d70b
Kim Alvefur <zash@zash.se> [Fri, 24 Jun 2022 15:33:04 +0200] rev 12569
util.hashes: Return OpenSSL error messages on failure
With luck, might contain more details than just "failed"
Kim Alvefur <zash@zash.se> [Thu, 10 Sep 2020 21:58:24 +0200] rev 12568
util.hashes: Add SHA3 bindings
Kim Alvefur <zash@zash.se> [Thu, 10 Sep 2020 21:58:24 +0200] rev 12567
util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se> [Thu, 10 Sep 2020 21:58:25 +0200] rev 12566
util.hashes: Refactor PBKDF2 to deduplicate code
Kim Alvefur <zash@zash.se> [Sun, 29 Nov 2020 17:58:45 +0100] rev 12565
util.hashes: Expose sha224 and sha384 HMAC functions
For completeness and consistency with set of plain hash functions
Kim Alvefur <zash@zash.se> [Sun, 29 Nov 2020 17:58:30 +0100] rev 12564
util.hashes: Refactor HMAC bindings (fixes #1589)
HMAC() is deprecated
As with the regular hash functions, macros like this make it awkward to
apply static analysis and code formatting.