view mod_compat_vcard/mod_compat_vcard.lua @ 5447:aa4828f040c5

mod_http_oauth2: Enforce client scope restrictions in authorization When registering a client, a scope field can be included as a promise to only ever use those. Here we enforce that promise, if given, ensuring a client can't request or be granted a scope it didn't provide in its registration. While currently there is no restrictions at registration time, this could be changed in the future in various ways.
author Kim Alvefur <zash@zash.se>
date Thu, 11 May 2023 19:33:44 +0200
parents 3df303543765
children
line wrap: on
line source

-- Compatibility with clients and servers (i.e. ejabberd) that send vcard
-- requests to the full JID
--
-- https://support.process-one.net/browse/EJAB-1045

local jid_bare = require "util.jid".bare;
local st = require "util.stanza";
local core_process_stanza = prosody.core_process_stanza;

module:hook("iq/full", function(event)
	local stanza = event.stanza;
	local payload = stanza.tags[1];
	if payload and stanza.attr.type == "get" and payload.name == "vCard" and payload.attr.xmlns == "vcard-temp" then
		local fixed_stanza = st.clone(event.stanza);
		fixed_stanza.attr.to = jid_bare(stanza.attr.to);
		core_process_stanza(event.origin, fixed_stanza);
		return true;
	end
end, 1);