Mercurial > prosody-modules
annotate mod_s2s_auth_compat/mod_s2s_auth_compat.lua @ 5149:fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Now that we have ACLs by default, it is no longer necessary to be completely
stateless. On 0.12, using storage has benefits over JWT, because it does not
expose client JIDs to the push apps/services. In trunk, PASETO is stateless
and does not expose client JIDs.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sat, 14 Jan 2023 14:31:37 +0000 |
| parents | 21e81fcb8896 |
| children |
| rev | line source |
|---|---|
|
944
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 -- COMPAT for Openfire sending stream headers without to or from. |
|
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
|
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 module:set_global(); |
|
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
|
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 module:hook("s2s-check-certificate", function(event) |
|
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 local session, host = event.session, event.host; |
|
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 if not event.host then |
|
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 (session.log or module._log)("warn", "Invalid stream header, certificate will not be trusted") |
|
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 session.cert_chain_status = "invalid" |
|
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 return true |
|
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 end |
|
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 end, 100); |