Mercurial > prosody-modules
annotate mod_dwd/mod_dwd.lua @ 5170:4d6af8950016
mod_muc_moderation: Derive role from reserved nickname if occupant
When using a different client to moderate than the one used to
participate in the chat, e.g. a command line tool like clix, there's no
occupant and no role to use in the permission check. Previously the
default role based on affiliation was used. Now if you are present in
the room using your reserved nick, the role you have there is used in
the permission check instead of the default affiliation-derived role.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 19 Feb 2023 18:17:37 +0100 |
parents | 4e235e565693 |
children |
rev | line source |
---|---|
928 | 1 local hosts = _G.hosts; |
2 local st = require "util.stanza"; | |
3 local nameprep = require "util.encodings".stringprep.nameprep; | |
4 local cert_verify_identity = require "util.x509".verify_identity; | |
5 | |
6 module:hook("stanza/jabber:server:dialback:result", function(event) | |
7 local origin, stanza = event.origin, event.stanza; | |
8 | |
9 if origin.cert_chain_status == "valid" and origin.type == "s2sin_unauthed" or origin.type == "s2sin" then | |
10 local attr = stanza.attr; | |
11 local to, from = nameprep(attr.to), nameprep(attr.from); | |
12 | |
13 local conn = origin.conn:socket() | |
14 local cert; | |
15 if conn.getpeercertificate then | |
16 cert = conn:getpeercertificate() | |
17 end | |
18 | |
19 if cert and hosts[to] and cert_verify_identity(from, "xmpp-server", cert) then | |
20 | |
21 -- COMPAT: ejabberd, gmail and perhaps others do not always set 'to' and 'from' | |
22 -- on streams. We fill in the session's to/from here instead. | |
23 if not origin.from_host then | |
24 origin.from_host = from; | |
25 end | |
26 if not origin.to_host then | |
27 origin.to_host = to; | |
28 end | |
29 | |
30 module:log("info", "Accepting Dialback without Dialback for %s", from); | |
932
4e235e565693
mod_bidi, mod_dwd, mod_s2s_idle_timeout: Update for recent 0.9 changes (612467e263af)
Matthew Wild <mwild1@gmail.com>
parents:
928
diff
changeset
|
31 module:fire_event("s2s-authenticated", { session = origin, host = from }); |
928 | 32 origin.sends2s( |
33 st.stanza("db:result", { from = attr.to, to = attr.from, id = attr.id, type = "valid" })); | |
34 | |
35 return true; | |
36 end | |
37 end | |
38 end, 100); | |
39 | |
40 |