Kim Alvefur <zash@zash.se> [Tue, 04 Oct 2022 12:04:43 +0200] rev 12744
mod_authz_internal: Fix warning due to global use
Thanks Menel and Martin
Jonas Schäfer <jonas@wielicki.name> [Mon, 03 Oct 2022 12:55:11 +0200] rev 12743
Backed out changeset 1bc2220cd6ec
The use of the error helpers creates an `<error/>` child element
containing the error condition. This is however not allowed as per
XEP-0198, which specifies that the error condition is to be a direct
child of the `<failed/>` stream management element.
This has triggered a fun reconnect loop in aioxmpp where it was
reported by a user [1].
[1]: https://github.com/horazont/aioxmpp/issues/382
Matthew Wild <mwild1@gmail.com> [Fri, 30 Sep 2022 20:38:31 +0100] rev 12742
util.jwt: More robust ECDSA signature parsing, fail early on unexpected length
Kim Alvefur <zash@zash.se> [Fri, 30 Sep 2022 00:27:10 +0200] rev 12741
util.crypto: Fix tests
Found this number in a hat.
Sleepy time. Good night.
Matthew Wild <mwild1@gmail.com> [Thu, 29 Sep 2022 23:17:42 +0100] rev 12740
util.jwt: Add support for ES512 (+ tests)
Matthew Wild <mwild1@gmail.com> [Thu, 29 Sep 2022 23:15:39 +0100] rev 12739
util.crypto, util.jwt: Generate consistent signature sizes (via padding)
This fixes the signature parsing and building to work correctly. Sometimes
a signature was one or two bytes too short, and needed to be padded. OpenSSL
can do this for us.
Matthew Wild <mwild1@gmail.com> [Thu, 29 Sep 2022 12:57:05 +0100] rev 12738
CHANGES: Update with MUC permission changes
Matthew Wild <mwild1@gmail.com> [Thu, 29 Sep 2022 12:46:02 +0100] rev 12737
mod_authz_internal: Allow specifying default role for public (remote) users
Matthew Wild <mwild1@gmail.com> [Thu, 29 Sep 2022 12:43:09 +0100] rev 12736
Backed out changeset 73a45ba6e3f1 in favour of 427dd01f0864
New behaviour (muc_room_allow_persistent = true, the default):
- Parent host users are not restricted by default (prosody:user)
- Users without roles (by default that is non-admins, non-parent-host users,
and users on other servers) can no longer configure persistence by default.
muc_room_allow_persistent = false will restrict persistence to prosody:admin.
Parent-host users should not be restricted by default, and this can be
configured via the new roles/permissions options.
Matthew Wild <mwild1@gmail.com> [Thu, 29 Sep 2022 12:30:52 +0100] rev 12735
mod_muc: Better map restrict_room_creation to role permissions (behaviour change)
With this change and 427dd01f0864, room creation is now effectively restricted
to parent-host users by default. This is a better default than previous
Prosody versions (where room creation was not restricted).
The "local" option for restrict_room_creation is no longer used (any value
other than true/false won't change the default behaviour).
restrict_room_creation = true will grant prosody:admin the ability to create
rooms.
restrict_room_creation = false disables all permission checks.
Anything between these two can be achieved using custom roles and permissions.