File

mod_admin_probe/mod_admin_probe.lua @ 5404:1087f697c3f3

mod_http_oauth2: Strip unknown extra fields from client registration We shouldn't sign things we don't understand! RFC 7591 section-2 states: > The authorization server MUST ignore any client metadata sent by the > client that it does not understand (for instance, by silently removing > unknown metadata from the client's registration record during > processing). Prevents grandfathering in of unvalidated data that might become used later, especially since the 'additionalProperties' schema keyword was removed in 698fef74ce53
author Kim Alvefur <zash@zash.se>
date Tue, 02 May 2023 16:23:40 +0200
parent 1281:f78661861e98
line wrap: on
line source

-- Prosody IM
-- Copyright (C) 2014 Florian Zeitz
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--

local presence = module:depends("presence");
local send_presence_of_available_resources = presence.send_presence_of_available_resources;

local hosts = prosody.hosts;
local core_post_stanza = prosody.core_post_stanza;

local st = require "util.stanza";
local is_admin = require "core.usermanager".is_admin;
local jid_split = require "util.jid".split;

module:hook("presence/bare", function(data)
	local origin, stanza = data.origin, data.stanza;
	local to, from, type = stanza.attr.to, stanza.attr.from, stanza.attr.type;
	local node, host = jid_split(to);

	if type ~= "probe" then return; end
	if not is_admin(from, module.host) then return; end

	if 0 == send_presence_of_available_resources(node, host, from, origin) then
		core_post_stanza(hosts[host], st.presence({from=to, to=from, type="unavailable"}), true);
	end
	return true;
end, 10);