Mercurial > prosody-modules
annotate mod_muc_block_pm/mod_muc_block_pm.lua @ 5616:59d5fc50f602
mod_http_oauth2: Implement refresh token rotation
Makes refresh tokens one-time-use, handing out a new refresh token with
each access token. Thus if a refresh token is stolen and used by an
attacker, the next time the legitimate client tries to use the previous
refresh token, it will not work and the attack will be noticed. If the
attacker does not use the refresh token, it becomes invalid after the
legitimate client uses it.
This behavior is recommended by draft-ietf-oauth-security-topics
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 23 Jul 2023 02:56:08 +0200 |
| parents | 67f7df9892bb |
| children |
| rev | line source |
|---|---|
|
5591
c7e532ac6bf7
mod_muc_block_pm: Update to 0.12+ API, use roles instead of affiliations
Kim Alvefur <zash@zash.se>
parents:
4027
diff
changeset
|
1 local st = require "util.stanza"; |
|
2588
69d3e0037435
mod_muc_block_pm: Prevent unaffiliated users from sending private messages in MUC
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
|
5610
67f7df9892bb
mod_muc_block_pm: Advertise that Moderators are allowed to send PMs
Kim Alvefur <zash@zash.se>
parents:
5609
diff
changeset
|
3 module:hook("muc-disco#info", function(event) |
|
67f7df9892bb
mod_muc_block_pm: Advertise that Moderators are allowed to send PMs
Kim Alvefur <zash@zash.se>
parents:
5609
diff
changeset
|
4 table.insert(event.form, { name = "muc#roomconfig_allowpm"; value = "moderators" }); |
|
67f7df9892bb
mod_muc_block_pm: Advertise that Moderators are allowed to send PMs
Kim Alvefur <zash@zash.se>
parents:
5609
diff
changeset
|
5 end); |
|
67f7df9892bb
mod_muc_block_pm: Advertise that Moderators are allowed to send PMs
Kim Alvefur <zash@zash.se>
parents:
5609
diff
changeset
|
6 |
|
5591
c7e532ac6bf7
mod_muc_block_pm: Update to 0.12+ API, use roles instead of affiliations
Kim Alvefur <zash@zash.se>
parents:
4027
diff
changeset
|
7 module:hook("muc-private-message", function(event) |
|
c7e532ac6bf7
mod_muc_block_pm: Update to 0.12+ API, use roles instead of affiliations
Kim Alvefur <zash@zash.se>
parents:
4027
diff
changeset
|
8 local stanza, room = event.stanza, event.room; |
|
c7e532ac6bf7
mod_muc_block_pm: Update to 0.12+ API, use roles instead of affiliations
Kim Alvefur <zash@zash.se>
parents:
4027
diff
changeset
|
9 local from_occupant = room:get_occupant_by_nick(stanza.attr.from); |
|
c7e532ac6bf7
mod_muc_block_pm: Update to 0.12+ API, use roles instead of affiliations
Kim Alvefur <zash@zash.se>
parents:
4027
diff
changeset
|
10 |
|
c7e532ac6bf7
mod_muc_block_pm: Update to 0.12+ API, use roles instead of affiliations
Kim Alvefur <zash@zash.se>
parents:
4027
diff
changeset
|
11 if from_occupant and from_occupant.role == "moderator" then |
|
c7e532ac6bf7
mod_muc_block_pm: Update to 0.12+ API, use roles instead of affiliations
Kim Alvefur <zash@zash.se>
parents:
4027
diff
changeset
|
12 return -- moderators may message anyone |
|
3636
afedc2430b0d
mod_muc_block_pm: Add support for Prosody 0.11
JC Brand <jc@opkode.com>
parents:
2588
diff
changeset
|
13 end |
|
2588
69d3e0037435
mod_muc_block_pm: Prevent unaffiliated users from sending private messages in MUC
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
|
5591
c7e532ac6bf7
mod_muc_block_pm: Update to 0.12+ API, use roles instead of affiliations
Kim Alvefur <zash@zash.se>
parents:
4027
diff
changeset
|
15 local to_occupant = room:get_occupant_by_nick(stanza.attr.to) |
|
c7e532ac6bf7
mod_muc_block_pm: Update to 0.12+ API, use roles instead of affiliations
Kim Alvefur <zash@zash.se>
parents:
4027
diff
changeset
|
16 if to_occupant and to_occupant.role == "moderator" then |
|
c7e532ac6bf7
mod_muc_block_pm: Update to 0.12+ API, use roles instead of affiliations
Kim Alvefur <zash@zash.se>
parents:
4027
diff
changeset
|
17 return -- messaging moderators is ok |
|
4027
291a45919988
mod_muc_block_pm: Don't respond to error stanzas
JC Brand <jc@opkode.com>
parents:
3636
diff
changeset
|
18 end |
|
2588
69d3e0037435
mod_muc_block_pm: Prevent unaffiliated users from sending private messages in MUC
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
|
5609
e469642e6a6c
mod_muc_block_pm: Allow private messages to yourself
Kim Alvefur <zash@zash.se>
parents:
5591
diff
changeset
|
20 if to_occupant.bare_jid == from_occupant.bare_jid then |
|
e469642e6a6c
mod_muc_block_pm: Allow private messages to yourself
Kim Alvefur <zash@zash.se>
parents:
5591
diff
changeset
|
21 return -- to yourself is okay, used by some clients to sync read state in public channels |
|
e469642e6a6c
mod_muc_block_pm: Allow private messages to yourself
Kim Alvefur <zash@zash.se>
parents:
5591
diff
changeset
|
22 end |
|
e469642e6a6c
mod_muc_block_pm: Allow private messages to yourself
Kim Alvefur <zash@zash.se>
parents:
5591
diff
changeset
|
23 |
|
5591
c7e532ac6bf7
mod_muc_block_pm: Update to 0.12+ API, use roles instead of affiliations
Kim Alvefur <zash@zash.se>
parents:
4027
diff
changeset
|
24 room:route_to_occupant(from_occupant, st.error_reply(stanza, "cancel", "policy-violation", "Private messages are disabled", room.jid)) |
|
c7e532ac6bf7
mod_muc_block_pm: Update to 0.12+ API, use roles instead of affiliations
Kim Alvefur <zash@zash.se>
parents:
4027
diff
changeset
|
25 return false; |
|
2588
69d3e0037435
mod_muc_block_pm: Prevent unaffiliated users from sending private messages in MUC
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 end, 1); |