prosody-modules: mod_compliance_2021/mod_compliance

annotate mod_compliance_2021/mod_compliance_2021.lua @ 5193:2bb29ece216b

mod_http_oauth2: Implement stateless dynamic client registration Replaces previous explicit registration that required either the additional module mod_adhoc_oauth2_client or manually editing the database. That method was enough to have something to test with, but would not probably not scale easily. Dynamic client registration allows creating clients on the fly, which may be even easier in theory. In order to not allow basically unauthenticated writes to the database, we implement a stateless model here. per_host_key := HMAC(config -> oauth2_registration_key, hostname) client_id := JWT { client metadata } signed with per_host_key client_secret := HMAC(per_host_key, client_id) This should ensure everything we need to know is part of the client_id, allowing redirects etc to be validated, and the client_secret can be validated with only the client_id and the per_host_key. A nonce injected into the client_id JWT should ensure nobody can submit the same client metadata and retrieve the same client_secret

author	Kim Alvefur <zash@zash.se>
date	Fri, 03 Mar 2023 21:14:19 +0100
parents	3a42789d7235
children

rev	line source
4411 c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	1 -- Copyright (c) 2021 Kim Alvefur
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	2 --
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	3 -- This module is MIT licensed.
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	4
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	5 local hostmanager = require "core.hostmanager";
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	6
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	7 local array = require "util.array";
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	8 local set = require "util.set";
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	9
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	10 local modules_enabled = module:get_option_inherited_set("modules_enabled");
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	11
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	12 for host in pairs(hostmanager.get_children(module.host)) do
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	13 local component = module:context(host):get_option_string("component_module");
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	14 if component then
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	15 modules_enabled:add(component);
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	16 modules_enabled:include(module:context(host):get_option_set("modules_enabled", {}));
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	17 end
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	18 end
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	19
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	20 local function check(suggested, alternate, ...)
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	21 if set.intersection(modules_enabled, set.new({suggested; alternate; ...})):empty() then return suggested; end
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	22 return false;
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	23 end
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	24
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	25 local compliance = {
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	26 array {"Core Server"; check("tls"); check("disco")};
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	27
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	28 array {"Advanced Server"; check("pep", "pep_simple")};
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	29
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	30 array {"Core Web"; check("bosh"); check("websocket")};
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	31
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	32 -- No Server requirements for Advanced Web
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	33
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	34 array {"Core IM"; check("vcard_legacy", "vcard"); check("carbons"); check("http_file_share", "http_upload")};
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	35
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	36 array {
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	37 "Advanced IM";
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	38 check("vcard_legacy", "vcard");
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	39 check("blocklist");
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	40 check("muc");
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	41 check("private");
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	42 check("smacks");
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	43 check("mam");
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	44 check("bookmarks");
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	45 };
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	46
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	47 array {"Core Mobile"; check("smacks"); check("csi_simple", "csi_battery_saver")};
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	48
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	49 array {"Advanced Mobile"; check("cloud_notify")};
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	50
4603 3a42789d7235 mod_compliance_2021: Add mod_turn_external as satisfying A/V category Kim Alvefur <zash@zash.se> parents: 4411 diff changeset	51 array {"Core A/V Calling"; check("turn_external", "external_services", "turncredentials", "extdisco")};
4411 c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	52
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	53 };
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	54
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	55 function check_compliance()
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	56 local compliant = true;
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	57 for _, suite in ipairs(compliance) do
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	58 local section = suite:pop(1);
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	59 if module:get_option_boolean("compliance_" .. section:lower():gsub("%A", "_"), true) then
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	60 local missing = set.new(suite:filter(function(m) return type(m) == "string" end):map(function(m) return "mod_" .. m end));
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	61 if suite[1] then
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	62 if compliant then
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	63 compliant = false;
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	64 module:log("warn", "Missing some modules for XMPP Compliance 2021");
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	65 end
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	66 module:log("info", "%s Compliance: %s", section, missing);
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	67 end
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	68 end
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	69 end
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	70
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	71 if compliant then module:log("info", "XMPP Compliance 2021: Compliant ✔️"); end
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	72 end
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	73
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	74 if prosody.start_time then
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	75 check_compliance()
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	76 else
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	77 module:hook_global("server-started", check_compliance);
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	78 end
c3d21182ebf3 mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test Kim Alvefur <zash@zash.se> parents: diff changeset	79

Mercurial > prosody-modules

annotate mod_compliance_2021/mod_compliance_2021.lua @ 5193:2bb29ece216b