prosody-modules: mod_clean_roster/mod_clean

annotate mod_clean_roster/mod_clean_roster.lua @ 5616:59d5fc50f602

mod_http_oauth2: Implement refresh token rotation Makes refresh tokens one-time-use, handing out a new refresh token with each access token. Thus if a refresh token is stolen and used by an attacker, the next time the legitimate client tries to use the previous refresh token, it will not work and the attack will be noticed. If the attacker does not use the refresh token, it becomes invalid after the legitimate client uses it. This behavior is recommended by draft-ietf-oauth-security-topics

author	Kim Alvefur <zash@zash.se>
date	Sun, 23 Jul 2023 02:56:08 +0200
parents	e384b91d0aa7
children

rev	line source
5085 e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	1 local s_find = string.find;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	2
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	3 local pctl = require "util.prosodyctl";
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	4
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	5 local rostermanager = require "core.rostermanager";
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	6 local storagemanager = require "core.storagemanager";
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	7 local usermanager = require "core.usermanager";
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	8
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	9 -- copypaste from util.stanza
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	10 local function valid_xml_cdata(str, attr)
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	11 return not s_find(str, attr and "[^\1\9\10\13\20-~\128-\247]" or "[^\9\10\13\20-~\128-\247]");
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	12 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	13
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	14 function module.command(_arg)
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	15 if select(2, pctl.isrunning()) then
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	16 pctl.show_warning("Stop Prosody before running this command");
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	17 return 1;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	18 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	19
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	20 for hostname, host in pairs(prosody.hosts) do
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	21 if hostname ~= "*" then
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	22 if host.users.name == "null" then
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	23 storagemanager.initialize_host(hostname);
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	24 usermanager.initialize_host(hostname);
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	25 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	26 local fixes = 0;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	27 for username in host.users.users() do
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	28 local roster = rostermanager.load_roster(username, hostname);
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	29 local changed = false;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	30 for contact, item in pairs(roster) do
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	31 if contact ~= false then
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	32 if item.name and not valid_xml_cdata(item.name, false) then
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	33 item.name = item.name:gsub("[^\9\10\13\20-~\128-\247]", "�");
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	34 fixes = fixes + 1;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	35 changed = true;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	36 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	37 local clean_groups = {};
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	38 for group in pairs(item.groups) do
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	39 if valid_xml_cdata(group, false) then
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	40 clean_groups[group] = true;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	41 else
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	42 clean_groups[group:gsub("[^\9\10\13\20-~\128-\247]", "�")] = true;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	43 fixes = fixes + 1;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	44 changed = true;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	45 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	46 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	47 item.groups = clean_groups;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	48 else
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	49 -- pending entries etc
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	50 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	51 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	52 if changed then
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	53 assert(rostermanager.save_roster(username, hostname, roster));
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	54 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	55 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	56 pctl.show_message("Fixed %d items on host %s", fixes, hostname);
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	57 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	58 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	59 return 0;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires Kim Alvefur <zash@zash.se> parents: diff changeset	60 end

Mercurial > prosody-modules

annotate mod_clean_roster/mod_clean_roster.lua @ 5616:59d5fc50f602