Mercurial > prosody-modules
annotate mod_block_registrations/README.markdown @ 5461:06640647d193
mod_http_oauth2: Fix use of arbitrary ports in loopback redirect URIs
Per draft-ietf-oauth-v2-1-08#section-8.4.2
> The authorization server MUST allow any port to be specified at the
> time of the request for loopback IP redirect URIs, to accommodate
> clients that obtain an available ephemeral port from the operating
> system at the time of the request.
Uncertain if it should normalize the host part, but it also seems
harmless to treat IPv6 and IPv4 the same here.
One thing is that "localhost" is NOT RECOMMENDED because it can
sometimes be pointed to non-loopback interfaces via DNS or hosts file.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 17 May 2023 13:51:30 +0200 |
| parents | 72f23107beb4 |
| children |
| rev | line source |
|---|---|
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
1 Introduction |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
2 ============ |
| 1782 | 3 |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
4 On a server with public registration it is usually desirable to prevent |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
5 registration of certain "reserved" accounts, such as "admin". |
| 1782 | 6 |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
7 This plugin allows you to reserve individual usernames, or those |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
8 matching certain patterns. It also allows you to ensure that usernames |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
9 conform to a certain pattern. |
| 1782 | 10 |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
11 Configuration |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
12 ============= |
| 1782 | 13 |
| 14 Enable the module as any other: | |
| 15 | |
| 16 modules_enabled = { | |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
17 "block_registrations"; |
| 1782 | 18 } |
| 19 | |
| 20 You can then set some options to configure your desired policy: | |
| 21 | |
|
5421
a58ba20b3a71
mod_block_registrations: Update description expansion of default list
Kim Alvefur <zash@zash.se>
parents:
2715
diff
changeset
|
22 Option Default Description |
|
a58ba20b3a71
mod_block_registrations: Update description expansion of default list
Kim Alvefur <zash@zash.se>
parents:
2715
diff
changeset
|
23 ------------------------------ ------------------- ----------------------------------------------------------------------------------------------------------------------------------------------- |
|
a58ba20b3a71
mod_block_registrations: Update description expansion of default list
Kim Alvefur <zash@zash.se>
parents:
2715
diff
changeset
|
24 block_registrations_users *See source code* A list of reserved usernames |
|
a58ba20b3a71
mod_block_registrations: Update description expansion of default list
Kim Alvefur <zash@zash.se>
parents:
2715
diff
changeset
|
25 block_registrations_matching `{ }` A list of [Lua patterns](http://www.lua.org/manual/5.1/manual.html#5.4.1) matching reserved usernames (slower than block_registrations_users) |
|
a58ba20b3a71
mod_block_registrations: Update description expansion of default list
Kim Alvefur <zash@zash.se>
parents:
2715
diff
changeset
|
26 block_registrations_require `nil` A pattern that registered user accounts MUST match to be allowed |
| 1782 | 27 |
| 28 Some examples: | |
| 29 | |
| 30 block_registrations_users = { "admin", "root", "xmpp" } | |
| 31 block_registrations_matching = { | |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
32 "master$" -- matches anything ending with master: postmaster, hostmaster, webmaster, etc. |
| 1782 | 33 } |
|
2715
9b43b7fc3558
mod_block_registrations: fix example regex
tmolitor <thilo@eightysoft.de>
parents:
2272
diff
changeset
|
34 block_registrations_require = "^[a-zA-Z0-9_.-]+$" -- Allow only simple ASCII characters in usernames |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
35 |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
36 Compatibility |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
37 ============= |
| 1782 | 38 |
|
5422
72f23107beb4
mod_block_registrations: Refresh Compatibility section
Kim Alvefur <zash@zash.se>
parents:
5421
diff
changeset
|
39 ------ ------- |
|
72f23107beb4
mod_block_registrations: Refresh Compatibility section
Kim Alvefur <zash@zash.se>
parents:
5421
diff
changeset
|
40 0.12 Works |
|
72f23107beb4
mod_block_registrations: Refresh Compatibility section
Kim Alvefur <zash@zash.se>
parents:
5421
diff
changeset
|
41 0.11 Work |
|
72f23107beb4
mod_block_registrations: Refresh Compatibility section
Kim Alvefur <zash@zash.se>
parents:
5421
diff
changeset
|
42 ------ ------- |