Mercurial > prosody-modules

view mod_muc_require_tos/mod_muc_require_tos.lua @ 5616:59d5fc50f602

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Implement refresh token rotation Makes refresh tokens one-time-use, handing out a new refresh token with each access token. Thus if a refresh token is stolen and used by an attacker, the next time the legitimate client tries to use the previous refresh token, it will not work and the attack will be noticed. If the attacker does not use the refresh token, it becomes invalid after the legitimate client uses it. This behavior is recommended by draft-ietf-oauth-security-topics
author Kim Alvefur <zash@zash.se>
date Sun, 23 Jul 2023 02:56:08 +0200
parents 59f53cf66573
children
line wrap: on
line source

local jid = require "util.jid";
local id = require "util.id";
local st = require "util.stanza";

local quick_response_ns = "urn:xmpp:tmp:quick-response";
local welcome_message = module:get_option_string("tos_welcome_message");
local yes_message = module:get_option_string("tos_yes_message");
local no_message = module:get_option_string("tos_no_message");

module:hook("muc-occupant-session-new", function(event)
	local origin = event.origin;
	local room = event.room;
	local occupant = event.occupant;
	local nick = occupant.nick;
	module:log("debug", "%s joined %s (%s)", nick, room, origin);
	if occupant.role == "visitor" then
		local message = st.message({
			type = "groupchat",
			to = occupant.nick,
			from = room.jid,
			id = id.medium(),
			["xml:lang"] = "en",
		}, welcome_message)
			:tag("response", { xmlns = quick_response_ns, value = "yes", label = "I accept." }):up()
			:tag("response", { xmlns = quick_response_ns, value = "no", label = "I decline." }):up();
		origin.send(message);
	end
end, 19);

module:hook("muc-occupant-groupchat", function(event)
	local occupant = event.occupant;
	if occupant == nil or occupant.role ~= "visitor" then
		return;
	end
	local origin = event.origin;
	local room = event.room;
	local stanza = event.stanza;
	-- Namespace must be nil instead of "jabber:client" here.
	local body = stanza:get_child_text("body", nil);
	module:log("debug", "%s replied %s", occupant.nick, body);
	if body == "yes" then
		room:set_affiliation(true, occupant.bare_jid, "member", "Agreed to the TOS.");
		origin.send(st.reply(stanza):body(yes_message, { ["xml:lang"] = "en" }));
	elseif body == "no" then
		origin.send(st.reply(stanza):body(no_message, { ["xml:lang"] = "en" }));
		room:set_role(true, occupant.nick, "none", "Declined the TOS.");
	end
end, 51); -- Priority must be > 50, <forbidden/> is sent at this priority.