File

mod_support_room/mod_support_room.lua @ 5404:1087f697c3f3

mod_http_oauth2: Strip unknown extra fields from client registration We shouldn't sign things we don't understand! RFC 7591 section-2 states: > The authorization server MUST ignore any client metadata sent by the > client that it does not understand (for instance, by silently removing > unknown metadata from the client's registration record during > processing). Prevents grandfathering in of unvalidated data that might become used later, especially since the 'additionalProperties' schema keyword was removed in 698fef74ce53
author Kim Alvefur <zash@zash.se>
date Tue, 02 May 2023 16:23:40 +0200
parent 3426:f72aa8840042
line wrap: on
line source

local mm = require "core.modulemanager";
local st = require "util.stanza";
local jid_host, jid_prep = import("util.jid", "host", "prep");

local invite_to_room = assert(jid_prep(module:get_option_string(module.name)),
	"The option " .. module.name .. " must be set");
local inviter = module:get_option_string(module.name .. "_inviter", module.host);
local invite_reason = module:get_option_string(module.name .. "_reason");

module:hook("user-registered", function (event)
	local user_jid = event.username .. "@" .. event.host;
	local muc = mm.get_module(jid_host(invite_to_room), "muc");
	if not muc then
		module:log("error", "There is no MUC service '%s'", jid_host(invite_to_room));
		return;
	end
	local room = muc.get_room_from_jid(invite_to_room);
	if room then
		room:set_affiliation(true, user_jid, "member", invite_reason, { reserved_nickname = event.username });
		-- Invite them to the room too
		module:send(st.message({ from = inviter, to = user_jid })
			:tag("x", { xmlns = "jabber:x:conference", jid = invite_to_room, reason = invite_reason }):up());
	else
		module:log("error", "The room %s does not exist, can't invite newly registered user", invite_to_room);
	end
end);