annotate mod_groups_muc_bookmarks/mod_groups_muc_bookmarks.lua @ 5616:59d5fc50f602

mod_http_oauth2: Implement refresh token rotation Makes refresh tokens one-time-use, handing out a new refresh token with each access token. Thus if a refresh token is stolen and used by an attacker, the next time the legitimate client tries to use the previous refresh token, it will not work and the attack will be noticed. If the attacker does not use the refresh token, it becomes invalid after the legitimate client uses it. This behavior is recommended by draft-ietf-oauth-security-topics
author Kim Alvefur <zash@zash.se>
date Sun, 23 Jul 2023 02:56:08 +0200
parents fdf50c4d23a3
children d5ff386dc97f
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4425
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
1 local jid_split = require "util.jid".split;
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
2
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
3 local st = require "util.stanza";
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
4
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
5 local mod_groups = module:depends("groups_internal")
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
6 local mod_pep = module:depends("pep")
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
7
4861
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
8 local XMLNS_BM2 = "urn:xmpp:bookmarks:1";
4425
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
9 local XMLNS_XEP0060 = "http://jabber.org/protocol/pubsub";
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
10
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
11 local default_options = {
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
12 ["persist_items"] = true;
4861
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
13 ["max_items"] = "max";
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
14 ["send_last_published_item"] = "never";
4425
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
15 ["access_model"] = "whitelist";
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
16 };
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
17
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
18 local function get_current_bookmarks(jid, service)
4861
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
19 local ok, items = service:get_items(XMLNS_BM2, jid)
4863
fdf50c4d23a3 mod_groups_muc_bookmarks: restore bookmark injection on empty store
Jonas Schäfer <jonas@wielicki.name>
parents: 4862
diff changeset
20 if not ok then
fdf50c4d23a3 mod_groups_muc_bookmarks: restore bookmark injection on empty store
Jonas Schäfer <jonas@wielicki.name>
parents: 4862
diff changeset
21 if items == "item-not-found" then
fdf50c4d23a3 mod_groups_muc_bookmarks: restore bookmark injection on empty store
Jonas Schäfer <jonas@wielicki.name>
parents: 4862
diff changeset
22 return {}, nil;
fdf50c4d23a3 mod_groups_muc_bookmarks: restore bookmark injection on empty store
Jonas Schäfer <jonas@wielicki.name>
parents: 4862
diff changeset
23 else
fdf50c4d23a3 mod_groups_muc_bookmarks: restore bookmark injection on empty store
Jonas Schäfer <jonas@wielicki.name>
parents: 4862
diff changeset
24 return nil, items;
fdf50c4d23a3 mod_groups_muc_bookmarks: restore bookmark injection on empty store
Jonas Schäfer <jonas@wielicki.name>
parents: 4862
diff changeset
25 end
fdf50c4d23a3 mod_groups_muc_bookmarks: restore bookmark injection on empty store
Jonas Schäfer <jonas@wielicki.name>
parents: 4862
diff changeset
26 end
4861
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
27 return items or {};
4425
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
28 end
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
29
4861
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
30 local function update_bookmark(jid, service, room, bookmark)
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
31 local ok, err = service:publish(XMLNS_BM2, jid, room, bookmark, default_options);
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
32 if ok then
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
33 module:log("debug", "found existing matching bookmark, updated")
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
34 else
4425
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
35 module:log("error", "failed to update bookmarks: %s", err)
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
36 end
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
37 end
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
38
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
39 local function find_matching_bookmark(storage, room)
4861
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
40 return storage[room];
4425
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
41 end
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
42
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
43 local function inject_bookmark(jid, room, autojoin, name)
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
44 local pep_service = mod_pep.get_pep_service(jid_split(jid))
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
45
4861
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
46 local current, err = get_current_bookmarks(jid, pep_service);
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
47 if err then
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
48 module:log("error", "Could not retrieve existing bookmarks for %s: %s", jid, err);
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
49 return;
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
50 end
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
51 local found = find_matching_bookmark(current, room)
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
52 if found then
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
53 local existing = found:get_child("conference", XMLNS_BM2);
4425
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
54 if autojoin ~= nil then
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
55 existing.attr.autojoin = autojoin and "true" or "false"
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
56 end
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
57 if name ~= nil then
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
58 -- do not change already configured names
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
59 if not existing.attr.name then
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
60 existing.attr.name = name
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
61 end
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
62 end
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
63 else
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
64 module:log("debug", "no existing bookmark found, adding new")
4861
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
65 found = st.stanza("item", { xmlns = XMLNS_XEP0060; id = room })
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
66 :tag("conference", { xmlns = XMLNS_BM2; name = name; autojoin = autojoin and "true" or "false"; })
4425
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
67 end
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
68
4862
9a8a43d0faed mod_groups_muc_bookmarks: fix typo/leftover from refactor
Jonas Schäfer <jonas@wielicki.name>
parents: 4861
diff changeset
69 update_bookmark(jid, pep_service, room, found)
4425
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
70 end
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
71
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
72 local function remove_bookmark(jid, room, autojoin, name)
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
73 local pep_service = mod_pep.get_pep_service(jid_split(jid))
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
74
4861
5fadb991003d mod_groups_muc_bookmarks: Switch to XEP-0402
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
75 return pep_service:retract(XMLNS_BM2, jid, room, st.stanza("retract", { id = room }));
4425
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
76 end
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
77
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
78 local function handle_user_added(event)
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
79 if not event.group_info.muc_jid then
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
80 module:log("debug", "ignoring user added event on group %s because it has no MUC", event.id)
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
81 return
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
82 end
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
83 local jid = event.user .. "@" .. event.host
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
84 inject_bookmark(jid, event.group_info.muc_jid, true, event.group_info.name)
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
85 end
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
86
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
87 local function handle_user_removed(event)
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
88 if not event.group_info.muc_jid then
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
89 module:log("debug", "ignoring user removed event on group %s because it has no MUC", event.id)
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
90 return
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
91 end
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
92 -- Removing the bookmark is fine as the user just lost any privilege to
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
93 -- be in the MUC (as group MUCs are members-only).
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
94 local jid = event.user .. "@" .. event.host
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
95 remove_bookmark(jid, event.group_info.muc_jid, true, event.group_info.name)
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
96 end
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
97
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
98 module:hook("group-user-added", handle_user_added)
b3e0295e14a3 mod_groups_muc_bookmarks: manage PEP (XEP-0048) bookmarks of group members
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
99 module:hook("group-user-removed", handle_user_removed)