Mercurial > prosody-modules
annotate mod_block_registrations/README.markdown @ 5616:59d5fc50f602
mod_http_oauth2: Implement refresh token rotation
Makes refresh tokens one-time-use, handing out a new refresh token with
each access token. Thus if a refresh token is stolen and used by an
attacker, the next time the legitimate client tries to use the previous
refresh token, it will not work and the attack will be noticed. If the
attacker does not use the refresh token, it becomes invalid after the
legitimate client uses it.
This behavior is recommended by draft-ietf-oauth-security-topics
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 23 Jul 2023 02:56:08 +0200 |
| parents | 72f23107beb4 |
| children |
| rev | line source |
|---|---|
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
1 Introduction |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
2 ============ |
| 1782 | 3 |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
4 On a server with public registration it is usually desirable to prevent |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
5 registration of certain "reserved" accounts, such as "admin". |
| 1782 | 6 |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
7 This plugin allows you to reserve individual usernames, or those |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
8 matching certain patterns. It also allows you to ensure that usernames |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
9 conform to a certain pattern. |
| 1782 | 10 |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
11 Configuration |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
12 ============= |
| 1782 | 13 |
| 14 Enable the module as any other: | |
| 15 | |
| 16 modules_enabled = { | |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
17 "block_registrations"; |
| 1782 | 18 } |
| 19 | |
| 20 You can then set some options to configure your desired policy: | |
| 21 | |
|
5421
a58ba20b3a71
mod_block_registrations: Update description expansion of default list
Kim Alvefur <zash@zash.se>
parents:
2715
diff
changeset
|
22 Option Default Description |
|
a58ba20b3a71
mod_block_registrations: Update description expansion of default list
Kim Alvefur <zash@zash.se>
parents:
2715
diff
changeset
|
23 ------------------------------ ------------------- ----------------------------------------------------------------------------------------------------------------------------------------------- |
|
a58ba20b3a71
mod_block_registrations: Update description expansion of default list
Kim Alvefur <zash@zash.se>
parents:
2715
diff
changeset
|
24 block_registrations_users *See source code* A list of reserved usernames |
|
a58ba20b3a71
mod_block_registrations: Update description expansion of default list
Kim Alvefur <zash@zash.se>
parents:
2715
diff
changeset
|
25 block_registrations_matching `{ }` A list of [Lua patterns](http://www.lua.org/manual/5.1/manual.html#5.4.1) matching reserved usernames (slower than block_registrations_users) |
|
a58ba20b3a71
mod_block_registrations: Update description expansion of default list
Kim Alvefur <zash@zash.se>
parents:
2715
diff
changeset
|
26 block_registrations_require `nil` A pattern that registered user accounts MUST match to be allowed |
| 1782 | 27 |
| 28 Some examples: | |
| 29 | |
| 30 block_registrations_users = { "admin", "root", "xmpp" } | |
| 31 block_registrations_matching = { | |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
32 "master$" -- matches anything ending with master: postmaster, hostmaster, webmaster, etc. |
| 1782 | 33 } |
|
2715
9b43b7fc3558
mod_block_registrations: fix example regex
tmolitor <thilo@eightysoft.de>
parents:
2272
diff
changeset
|
34 block_registrations_require = "^[a-zA-Z0-9_.-]+$" -- Allow only simple ASCII characters in usernames |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
35 |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
36 Compatibility |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
37 ============= |
| 1782 | 38 |
|
5422
72f23107beb4
mod_block_registrations: Refresh Compatibility section
Kim Alvefur <zash@zash.se>
parents:
5421
diff
changeset
|
39 ------ ------- |
|
72f23107beb4
mod_block_registrations: Refresh Compatibility section
Kim Alvefur <zash@zash.se>
parents:
5421
diff
changeset
|
40 0.12 Works |
|
72f23107beb4
mod_block_registrations: Refresh Compatibility section
Kim Alvefur <zash@zash.se>
parents:
5421
diff
changeset
|
41 0.11 Work |
|
72f23107beb4
mod_block_registrations: Refresh Compatibility section
Kim Alvefur <zash@zash.se>
parents:
5421
diff
changeset
|
42 ------ ------- |