view mod_audit_register/mod_audit_register.lua @ 5447:aa4828f040c5

mod_http_oauth2: Enforce client scope restrictions in authorization When registering a client, a scope field can be included as a promise to only ever use those. Here we enforce that promise, if given, ensuring a client can't request or be granted a scope it didn't provide in its registration. While currently there is no restrictions at registration time, this could be changed in the future in various ways.
author Kim Alvefur <zash@zash.se>
date Thu, 11 May 2023 19:33:44 +0200
parents 08dea42a302a
children dde83f6043e6
line wrap: on
line source

module:depends("audit");
-- luacheck: read globals module.audit

local st = require "util.stanza";

module:hook("user-registered", function(event)
	local session = event.session;
	local custom = {};
	local invite = event.validated_invite or (event.session and event.session.validated_invite);
	if invite then
		table.insert(custom, st.stanza(
			"invite-used",
			{
				xmlns = "xmpp:prosody.im/audit",
				token = invite.token,
			}
		))
	end
	module:audit(event.username, "user-registered", {
		session = session,
		custom = custom,
	});
end);