# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1535220160 -7200
# Node ID 3eee4029ac6ca49ef283d954b590622b07b4b8d5
# Parent  f0e19a77f81ec12c41d3cb82235cd9543aa98879
mod_s2s_auth_posh: Follow reference

https://tools.ietf.org/html/rfc7711#section-3.2

diff -r f0e19a77f81e -r 3eee4029ac6c mod_s2s_auth_posh/mod_s2s_auth_posh.lua
--- a/mod_s2s_auth_posh/mod_s2s_auth_posh.lua	Sat Aug 25 20:00:45 2018 +0200
+++ b/mod_s2s_auth_posh/mod_s2s_auth_posh.lua	Sat Aug 25 20:02:40 2018 +0200
@@ -46,7 +46,8 @@
 	local url = build_url { scheme = "https", host = target_host, path = "/.well-known/posh/xmpp-server.json" };
 
 	log("debug", "Request POSH information for %s", tostring(target_host));
-	http.request(url, nil, function (response, code)
+	local redirect_followed = false;
+	local function cb (response, code)
 		if code ~= 200 then
 			log("debug", "No or invalid POSH response received");
 			resume();
@@ -59,12 +60,24 @@
 			resume();
 			return;
 		end
+		if type(jwk.url) == "string" then
+			if redirect_followed then
+				redirect_followed = true;
+				http.request(jwk.url, nil, cb);
+			else
+				log("error", "POSH had invalid redirect:\n%s", tostring(response));
+				resume();
+				return;
+			end
+		end
+
 		host_session.posh = { orig = response };
 		jwk.expires = os.time() + tonumber(jwk.expires) or 3600;
 		host_session.posh.jwk = jwk;
 		cache:set(target_host, jwk);
 		resume();
-	end)
+	end
+	http.request(url, nil, cb);
 	return true;
 end