Mercurial > prosody-modules
annotate mod_omemo_all_access/mod_omemo_all_access.lua @ 5549:01a0b67a9afd
mod_http_oauth2: Add TODO about disabling password grant
Per recommendation in draft-ietf-oauth-security-topics-23 it should at
the very least be disabled by default.
However since this is used by the Snikket web portal some care needs to
be taken not to break this, unless it's already broken by other changes
to this module.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 16 Jun 2023 00:06:53 +0200 |
parents | 9505282ad24f |
children |
rev | line source |
---|---|
2856
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
1 -- OMEMO all access module |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
2 -- Copyright (c) 2017 Daniel Gultsch |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
3 -- |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
4 -- This module is MIT/X11 licensed |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
5 -- |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
6 |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
7 local jid_bare = require "util.jid".bare; |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
8 local st = require "util.stanza" |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
9 local white_listed_namespace = "eu.siacs.conversations.axolotl." |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
10 local disco_feature_namespace = white_listed_namespace .. "whitelisted" |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
11 |
3210
9505282ad24f
mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents:
3209
diff
changeset
|
12 local mm = require "core.modulemanager"; |
9505282ad24f
mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents:
3209
diff
changeset
|
13 |
9505282ad24f
mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents:
3209
diff
changeset
|
14 |
9505282ad24f
mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents:
3209
diff
changeset
|
15 -- COMPAT w/trunk |
9505282ad24f
mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents:
3209
diff
changeset
|
16 local pep_module_name = "pep"; |
9505282ad24f
mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents:
3209
diff
changeset
|
17 if mm.get_modules_for_host then |
9505282ad24f
mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents:
3209
diff
changeset
|
18 if mm.get_modules_for_host(module.host):contains("pep_simple") then |
9505282ad24f
mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents:
3209
diff
changeset
|
19 pep_module_name = "pep_simple"; |
9505282ad24f
mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents:
3209
diff
changeset
|
20 end |
9505282ad24f
mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents:
3209
diff
changeset
|
21 end |
9505282ad24f
mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents:
3209
diff
changeset
|
22 |
9505282ad24f
mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents:
3209
diff
changeset
|
23 local mod_pep = module:depends(pep_module_name); |
2856
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
24 local pep_data = mod_pep.module.save().data; |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
25 |
3209
5b02241a254e
mod_omemo_all_access: Log error when used with incompatible mod_pep
Matthew Wild <mwild1@gmail.com>
parents:
2858
diff
changeset
|
26 if not pep_data then |
5b02241a254e
mod_omemo_all_access: Log error when used with incompatible mod_pep
Matthew Wild <mwild1@gmail.com>
parents:
2858
diff
changeset
|
27 module:log("error", "This module is not compatible with your version of mod_pep"); |
3210
9505282ad24f
mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents:
3209
diff
changeset
|
28 if mm.get_modules_for_host then |
9505282ad24f
mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents:
3209
diff
changeset
|
29 module:log("error", "Please use mod_pep_simple instead of mod_pep to continue using this module"); |
9505282ad24f
mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents:
3209
diff
changeset
|
30 end |
3209
5b02241a254e
mod_omemo_all_access: Log error when used with incompatible mod_pep
Matthew Wild <mwild1@gmail.com>
parents:
2858
diff
changeset
|
31 return false; |
5b02241a254e
mod_omemo_all_access: Log error when used with incompatible mod_pep
Matthew Wild <mwild1@gmail.com>
parents:
2858
diff
changeset
|
32 end |
5b02241a254e
mod_omemo_all_access: Log error when used with incompatible mod_pep
Matthew Wild <mwild1@gmail.com>
parents:
2858
diff
changeset
|
33 |
2856
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
34 local function on_account_disco_info(event) |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
35 (event.reply or event.stanza):tag("feature", {var=disco_feature_namespace}):up(); |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
36 end |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
37 |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
38 local function on_pep_request(event) |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
39 local session, stanza = event.origin, event.stanza |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
40 local payload = stanza.tags[1]; |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
41 if stanza.attr.type == 'get' then |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
42 local node, requested_id; |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
43 payload = payload.tags[1] |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
44 if payload and payload.name == 'items' then |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
45 node = payload.attr.node |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
46 local item = payload.tags[1]; |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
47 if item and item.name == 'item' then |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
48 requested_id = item.attr.id; |
2858
150a7bd59043
mod_omemo_all_access: fixed some linter warnings
Daniel Gultsch <daniel@gultsch.de>
parents:
2856
diff
changeset
|
49 end |
2856
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
50 end |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
51 if node and string.sub(node,1,string.len(white_listed_namespace)) == white_listed_namespace then |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
52 local user = stanza.attr.to and jid_bare(stanza.attr.to) or session.username..'@'..session.host; |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
53 local user_data = pep_data[user]; |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
54 if user_data and user_data[node] then |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
55 local id, item = unpack(user_data[node]); |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
56 if not requested_id or id == requested_id then |
2858
150a7bd59043
mod_omemo_all_access: fixed some linter warnings
Daniel Gultsch <daniel@gultsch.de>
parents:
2856
diff
changeset
|
57 local reply_stanza = st.reply(stanza) |
2856
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
58 :tag('pubsub', {xmlns='http://jabber.org/protocol/pubsub'}) |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
59 :tag('items', {node=node}) |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
60 :add_child(item) |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
61 :up() |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
62 :up(); |
2858
150a7bd59043
mod_omemo_all_access: fixed some linter warnings
Daniel Gultsch <daniel@gultsch.de>
parents:
2856
diff
changeset
|
63 session.send(reply_stanza); |
2856
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
64 module:log("debug","provided access to omemo node",node) |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
65 return true; |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
66 end |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
67 end |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
68 module:log("debug","requested node was white listed", node) |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
69 end |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
70 end |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
71 end |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
72 |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
73 module:hook("iq/bare/http://jabber.org/protocol/pubsub:pubsub", on_pep_request, 10); |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
74 module:hook("account-disco-info", on_account_disco_info); |