prosody-modules
527c747711f3
mod_block_registrations/mod_block_registrations.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_block_registrations/mod_block_registrations.lua @ 5705:527c747711f3

mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.
author Kim Alvefur <zash@zash.se>
date Sun, 29 Oct 2023 11:30:49 +0100
parent 5065:368bf9b06484
line wrap: on
line source

local st = require "util.stanza";
local nodeprep = require "util.encodings".stringprep.nodeprep;

local block_users = module:get_option_set("block_registrations_users", {
	"abuse", "admin", "administrator", "hostmaster", "info", "news",
	"noc", "operator", "owner", "postmaster", "register", "registration",
	"root", "security", "service", "signup", "support", "sysadmin",
	"sysop", "system", "test", "trouble", "webmaster", "www", "xmpp",
});
local block_patterns = module:get_option_set("block_registrations_matching", {});
local require_pattern = module:get_option_string("block_registrations_require");

function is_blocked(username)
        -- Check if the username is simply blocked
        if block_users:contains(username) then return true; end

        for pattern in block_patterns do
                if username:find(pattern) then
                        return true;
                end
        end
        -- Not blocked, but check that username matches allowed pattern
        if require_pattern and not username:match(require_pattern) then
                return true;
        end
end

module:hook("user-registering", function(event)
        local username = event.username;
        if is_blocked(username) then
                event.allowed = false;
                return true;
        end
end, 10);