# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1689333930 -7200
# Node ID e9af6abf2b1eebda9249412d15b30b174107f665
# Parent  6d0574bfbf5d676c812c1c59b98d17318619b13d
mod_client_management: Add shell command to revoke client access

Could be used if an operator detects a compromised client.

diff -r 6d0574bfbf5d -r e9af6abf2b1e mod_client_management/README.md
--- a/mod_client_management/README.md	Thu Jul 13 23:26:02 2023 +0200
+++ b/mod_client_management/README.md	Fri Jul 14 13:25:30 2023 +0200
@@ -35,6 +35,12 @@
 prosodyctl shell user clients user@example.com
 ```
 
+To revoke access from particular client:
+
+```shell
+prosodyctl shell user revoke_client user@example.com grant/xxxxx
+```
+
 ## Compatibility
 
 Requires Prosody trunk (as of 2023-03-29). Not compatible with Prosody 0.12
diff -r 6d0574bfbf5d -r e9af6abf2b1e mod_client_management/mod_client_management.lua
--- a/mod_client_management/mod_client_management.lua	Thu Jul 13 23:26:02 2023 +0200
+++ b/mod_client_management/mod_client_management.lua	Fri Jul 14 13:25:30 2023 +0200
@@ -465,4 +465,18 @@
 		print(string.rep("-", self.session.width));
 		return true, ("%d clients"):format(#clients);
 	end
+
+	function console_env.user:revoke_client(user_jid, selector) -- luacheck: ignore 212/self
+		local username, host = jid.split(user_jid);
+		local mod = prosody.hosts[host] and prosody.hosts[host].modules.client_management;
+		if not mod then
+			return false, ("Host does not exist on this server, or does not have mod_client_management loaded");
+		end
+
+		local revoked, err = revocation_errors.coerce(mod.revoke_client_access(username, selector));
+		if not revoked then
+			return false, err.text or err;
+		end
+		return true, "Client access revoked";
+	end
 end);