Mercurial > prosody-modules
view mod_stanzadebug/mod_stanzadebug.lua @ 5404:1087f697c3f3
mod_http_oauth2: Strip unknown extra fields from client registration
We shouldn't sign things we don't understand!
RFC 7591 section-2 states:
> The authorization server MUST ignore any client metadata sent by the
> client that it does not understand (for instance, by silently removing
> unknown metadata from the client's registration record during
> processing).
Prevents grandfathering in of unvalidated data that might become used
later, especially since the 'additionalProperties' schema keyword was
removed in 698fef74ce53
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 02 May 2023 16:23:40 +0200 |
parents | 590ac12b7671 |
children |
line wrap: on
line source
module:set_global(); local tostring = tostring; local filters = require "util.filters"; local function log_send(t, session) if t and t ~= "" and t ~= " " then session.log("debug", "SEND: %s", tostring(t)); end return t; end local function log_recv(t, session) if t and t ~= "" and t ~= " " then session.log("debug", "RECV: %s", tostring(t)); end return t; end local function init_raw_logging(session) filters.add_filter(session, "stanzas/in", log_recv, -10000); filters.add_filter(session, "stanzas/out", log_send, 10000); end filters.add_filter_hook(init_raw_logging); function module.unload() -- luacheck: ignore filters.remove_filter_hook(init_raw_logging); end