view mod_auto_answer_disco_info/mod_auto_answer_disco_info.lua @ 5404:1087f697c3f3

mod_http_oauth2: Strip unknown extra fields from client registration We shouldn't sign things we don't understand! RFC 7591 section-2 states: > The authorization server MUST ignore any client metadata sent by the > client that it does not understand (for instance, by silently removing > unknown metadata from the client's registration record during > processing). Prevents grandfathering in of unvalidated data that might become used later, especially since the 'additionalProperties' schema keyword was removed in 698fef74ce53
author Kim Alvefur <zash@zash.se>
date Tue, 02 May 2023 16:23:40 +0200
parents 05c74210c007
children
line wrap: on
line source

module:depends("cache_c2s_caps");

local st = require "util.stanza";

local function disco_handler(event)
	local stanza, origin = event.stanza, event.origin;
	local query = stanza.tags[1];
	local to = stanza.attr.to;
	local node = query.attr.node;

	local target_session = prosody.full_sessions[to];
	if target_session == nil then
		return;
	end

	local disco_info = target_session.caps_cache;
	if disco_info ~= nil and (node == nil or node == disco_info.attr.node) then
		local iq = st.reply(stanza);
		iq:add_child(st.clone(disco_info));
		local log = origin.log or module._log;
		log("debug", "Answering disco#info on the behalf of %s", to);
		module:send(iq);
		return true;
	end
end

module:hook("iq/full", function(event)
	local stanza = event.stanza;
	if stanza.attr.type == "get" then
		if stanza:get_child("query", "http://jabber.org/protocol/disco#info") then
			return disco_handler(event);
		end
	end
end, 1);