Mercurial > prosody-modules
annotate mod_dwd/mod_dwd.lua @ 5255:001c8fdc91a4
mod_http_oauth2: Add support for the "openid" scope
This "openid" scope is there to signal access to the userinfo endpoint,
which is needed for OIDC support.
We don't actually check this later because the userinfo endpoint only
returns info embedded in the token itself, but in the future we may want
to check this more carefully.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 16 Mar 2023 17:06:35 +0100 |
| parents | 4e235e565693 |
| children |
| rev | line source |
|---|---|
| 928 | 1 local hosts = _G.hosts; |
| 2 local st = require "util.stanza"; | |
| 3 local nameprep = require "util.encodings".stringprep.nameprep; | |
| 4 local cert_verify_identity = require "util.x509".verify_identity; | |
| 5 | |
| 6 module:hook("stanza/jabber:server:dialback:result", function(event) | |
| 7 local origin, stanza = event.origin, event.stanza; | |
| 8 | |
| 9 if origin.cert_chain_status == "valid" and origin.type == "s2sin_unauthed" or origin.type == "s2sin" then | |
| 10 local attr = stanza.attr; | |
| 11 local to, from = nameprep(attr.to), nameprep(attr.from); | |
| 12 | |
| 13 local conn = origin.conn:socket() | |
| 14 local cert; | |
| 15 if conn.getpeercertificate then | |
| 16 cert = conn:getpeercertificate() | |
| 17 end | |
| 18 | |
| 19 if cert and hosts[to] and cert_verify_identity(from, "xmpp-server", cert) then | |
| 20 | |
| 21 -- COMPAT: ejabberd, gmail and perhaps others do not always set 'to' and 'from' | |
| 22 -- on streams. We fill in the session's to/from here instead. | |
| 23 if not origin.from_host then | |
| 24 origin.from_host = from; | |
| 25 end | |
| 26 if not origin.to_host then | |
| 27 origin.to_host = to; | |
| 28 end | |
| 29 | |
| 30 module:log("info", "Accepting Dialback without Dialback for %s", from); | |
|
932
4e235e565693
mod_bidi, mod_dwd, mod_s2s_idle_timeout: Update for recent 0.9 changes (612467e263af)
Matthew Wild <mwild1@gmail.com>
parents:
928
diff
changeset
|
31 module:fire_event("s2s-authenticated", { session = origin, host = from }); |
| 928 | 32 origin.sends2s( |
| 33 st.stanza("db:result", { from = attr.to, to = attr.from, id = attr.id, type = "valid" })); | |
| 34 | |
| 35 return true; | |
| 36 end | |
| 37 end | |
| 38 end, 100); | |
| 39 | |
| 40 |