Mercurial > prosody-modules
annotate mod_dwd/mod_dwd.lua @ 5511:0860497152af
mod_http_oauth2: Record hash of client_id to allow future verification
RFC 6819 section 5.2.2.2 states that refresh tokens MUST be bound to the
client. In order to do that, we must record something that can
definitely tie the client to the grant. Since the full client_id is so
large (why we have this client_subset function), a hash is stored
instead.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 02 Jun 2023 10:14:16 +0200 |
parents | 4e235e565693 |
children |
rev | line source |
---|---|
928 | 1 local hosts = _G.hosts; |
2 local st = require "util.stanza"; | |
3 local nameprep = require "util.encodings".stringprep.nameprep; | |
4 local cert_verify_identity = require "util.x509".verify_identity; | |
5 | |
6 module:hook("stanza/jabber:server:dialback:result", function(event) | |
7 local origin, stanza = event.origin, event.stanza; | |
8 | |
9 if origin.cert_chain_status == "valid" and origin.type == "s2sin_unauthed" or origin.type == "s2sin" then | |
10 local attr = stanza.attr; | |
11 local to, from = nameprep(attr.to), nameprep(attr.from); | |
12 | |
13 local conn = origin.conn:socket() | |
14 local cert; | |
15 if conn.getpeercertificate then | |
16 cert = conn:getpeercertificate() | |
17 end | |
18 | |
19 if cert and hosts[to] and cert_verify_identity(from, "xmpp-server", cert) then | |
20 | |
21 -- COMPAT: ejabberd, gmail and perhaps others do not always set 'to' and 'from' | |
22 -- on streams. We fill in the session's to/from here instead. | |
23 if not origin.from_host then | |
24 origin.from_host = from; | |
25 end | |
26 if not origin.to_host then | |
27 origin.to_host = to; | |
28 end | |
29 | |
30 module:log("info", "Accepting Dialback without Dialback for %s", from); | |
932
4e235e565693
mod_bidi, mod_dwd, mod_s2s_idle_timeout: Update for recent 0.9 changes (612467e263af)
Matthew Wild <mwild1@gmail.com>
parents:
928
diff
changeset
|
31 module:fire_event("s2s-authenticated", { session = origin, host = from }); |
928 | 32 origin.sends2s( |
33 st.stanza("db:result", { from = attr.to, to = attr.from, id = attr.id, type = "valid" })); | |
34 | |
35 return true; | |
36 end | |
37 end | |
38 end, 100); | |
39 | |
40 |