Mercurial > prosody-modules
view mod_track_muc_joins/mod_track_muc_joins.lua @ 5682:527c747711f3
mod_http_oauth2: Limit revocation to clients own tokens in strict mode
RFC 7009 section 2.1 states:
> The authorization server first validates the client credentials (in
> case of a confidential client) and then verifies whether the token was
> issued to the client making the revocation request. If this
> validation fails, the request is refused and the client is informed of
> the error by the authorization server as described below.
The first part was already covered (in strict mode). This adds the later
part using the hash of client_id recorded in 0860497152af
It still seems weird to me that revoking a leaked token should not be
allowed whoever might have discovered it, as that seems the responsible
thing to do.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 29 Oct 2023 11:30:49 +0100 |
parents | 443d9dae3216 |
children |
line wrap: on
line source
local jid_bare = require "util.jid".bare; local jid_split = require "util.jid".split; local sessions = prosody.full_sessions; module:hook("presence/full", function (event) local stanza = event.stanza; local session = sessions[stanza.attr.to]; if not session then return end; if not session.directed then return end -- hasn't sent presence yet local log = session.log or module._log; local muc_x = stanza:get_child("x", "http://jabber.org/protocol/muc#user"); if not muc_x then return end -- Not MUC related local from_jid = stanza.attr.from; local room = jid_bare(from_jid); local _,_,nick = jid_split(from_jid); local joined = stanza.attr.type; if joined == nil then joined = nick; elseif joined == "unavailable" then joined = nil; else -- Ignore errors and whatever return; end if joined and not session.directed[from_jid] then return; -- Never sent presence there, can't be a MUC join end -- Check for status code 110, meaning it's their own reflected presence for status in muc_x:childtags("status") do log("debug", "Status code %d", status.attr.code); if status.attr.code == "110" then log("debug", "%s room %s", joined and "Joined" or "Left", room); local rooms = session.rooms_joined; if not rooms then if not joined then return; end session.rooms_joined = { [room] = joined }; else rooms[room] = joined; end return; end end end, 1);