Mercurial > prosody-modules

view mod_extdisco/mod_extdisco.lua @ 5682:527c747711f3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.
author Kim Alvefur <zash@zash.se>
date Sun, 29 Oct 2023 11:30:49 +0100
parents 7811ba467525
children
line wrap: on
line source

local st = require "util.stanza";

local services = module:get_option("external_services");

local xmlns_extdisco_1 = "urn:xmpp:extdisco:1";
local xmlns_extdisco_2 = "urn:xmpp:extdisco:2";

module:add_feature(xmlns_extdisco_1);
module:add_feature(xmlns_extdisco_2);

local function handle_services(event)
	local origin, stanza = event.origin, event.stanza;
	local service = stanza.tags[1];
	local service_type = service.attr.type;
	local reply = st.reply(stanza):tag("services", { xmlns = service.attr.xmlns });
	for host, service_info in pairs(services) do
		if not(service_type) or service_info.type == service_type then
			reply:tag("service", {
				host = host;
				port = service_info.port;
				transport = service_info.transport;
				type = service_info.type;
				username = service_info.username;
				password = service_info.password;
			}):up();
		end
	end
	origin.send(reply);
	return true;
end
module:hook("iq-get/host/"..xmlns_extdisco_1..":services", handle_services);
module:hook("iq-get/host/"..xmlns_extdisco_2..":services", handle_services);

local function handle_credentials(event)
	local origin, stanza = event.origin, event.stanza;
	local credentials = stanza.tags[1];
	local host = credentials.attr.host;
	if not host then
		origin.send(st.error_reply(stanza, "cancel", "bad-request", "No host specified"));
		return true;
	end
	local service_info = services[host];
	if not service_info then
		origin.send(st.error_reply(stanza, "cancel", "item-not-found", "No such service known"));
		return true;
	end
	local reply = st.reply(stanza)
		:tag("credentials", { xmlns = credentials.attr.xmlns })
			:tag("service", {
				host = host;
				username = service_info.username;
				password = service_info.password;
			}):up();
	origin.send(reply);
	return true;
end
module:hook("iq-get/host/"..xmlns_extdisco_1..":credentials", handle_credentials);
module:hook("iq-get/host/"..xmlns_extdisco_2..":credentials", handle_credentials);