Matthew Wild <mwild1@gmail.com> [Thu, 29 Sep 2022 23:17:42 +0100] rev 12740
util.jwt: Add support for ES512 (+ tests)
Matthew Wild <mwild1@gmail.com> [Thu, 29 Sep 2022 23:15:39 +0100] rev 12739
util.crypto, util.jwt: Generate consistent signature sizes (via padding)
This fixes the signature parsing and building to work correctly. Sometimes
a signature was one or two bytes too short, and needed to be padded. OpenSSL
can do this for us.
Matthew Wild <mwild1@gmail.com> [Thu, 29 Sep 2022 12:57:05 +0100] rev 12738
CHANGES: Update with MUC permission changes
Matthew Wild <mwild1@gmail.com> [Thu, 29 Sep 2022 12:46:02 +0100] rev 12737
mod_authz_internal: Allow specifying default role for public (remote) users
Matthew Wild <mwild1@gmail.com> [Thu, 29 Sep 2022 12:43:09 +0100] rev 12736
Backed out changeset 73a45ba6e3f1 in favour of 427dd01f0864
New behaviour (muc_room_allow_persistent = true, the default):
- Parent host users are not restricted by default (prosody:user)
- Users without roles (by default that is non-admins, non-parent-host users,
and users on other servers) can no longer configure persistence by default.
muc_room_allow_persistent = false will restrict persistence to prosody:admin.
Parent-host users should not be restricted by default, and this can be
configured via the new roles/permissions options.
Matthew Wild <mwild1@gmail.com> [Thu, 29 Sep 2022 12:30:52 +0100] rev 12735
mod_muc: Better map restrict_room_creation to role permissions (behaviour change)
With this change and 427dd01f0864, room creation is now effectively restricted
to parent-host users by default. This is a better default than previous
Prosody versions (where room creation was not restricted).
The "local" option for restrict_room_creation is no longer used (any value
other than true/false won't change the default behaviour).
restrict_room_creation = true will grant prosody:admin the ability to create
rooms.
restrict_room_creation = false disables all permission checks.
Anything between these two can be achieved using custom roles and permissions.
Matthew Wild <mwild1@gmail.com> [Thu, 29 Sep 2022 12:10:14 +0100] rev 12734
mod_authz_internal: Allow configuring role of local-server/parent-host users
'host_user_role' is the default role of users who have JIDs on the "parent"
host (i.e. jabber.org users on conference.jabber.org). Defaults to
'prosody:user'.
'server_user_roles' is the default role of users who have JIDs on any active
host on the current Prosody instance. Default to nil (no role).
This finally allows better permissions splitting between host and server
users, which has previously been done (e.g. in MUC) with options like
'restrict_room_creation' and 'muc_room_allow_persistent'. Using roles makes
these permissions a lot more flexible, and easier for developers to integrate.
Matthew Wild <mwild1@gmail.com> [Wed, 28 Sep 2022 17:47:00 +0100] rev 12733
muc: Re-allow non-admins to configure persistence (thanks Meaz)
Non-admins don't have a role on MUC services by default. Not even
prosody:user. This meant they had no :create-persistent-room permission, even
if muc_room_allow_persistent was true (the default).
Now we only check the role permissions if persistent room creation is
restricted, otherwise we skip any permission checks, just like previous
versions.
Matthew Wild <mwild1@gmail.com> [Mon, 26 Sep 2022 15:47:15 +0100] rev 12732
doap: Latest XEP-0440 supported since 9f100ab9ffdf
Kim Alvefur <zash@zash.se> [Fri, 23 Sep 2022 11:58:15 +0200] rev 12731
mod_admin_shell: Fix display of session without role (thanks Link Mauve)
This can happen to sessions before they are assigned a role