prosody-modules
94399ad6b5ab
misc/lnav/prosody.json
Software / code / prosody-modules
File
misc/lnav/prosody.json @ 6191:94399ad6b5ab
mod_invites_register_api: Use set_password() for password resets
Previously the code relied on the (weird) behaviour of create_user(), which
would update the password for a user account if it already existed. This has
several issues, and we plan to deprecate this behaviour of create_user().
The larger issue is that this route does not trigger the user-password-changed
event, which can be a security problem. For example, it did not disconnect
existing user sessions (this occurs in mod_c2s in response to the event).
Switching to set_password() is the right thing to do.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 06 Feb 2025 10:13:39 +0000 |
| parent | 5994:1bb8b559f441 |
line wrap: on
line source
{ "$schema" : "https://lnav.org/schemas/format-v1.schema.json", "prosody_log" : { "body-field" : "message", "description" : "The Prosody IM server log format", "level" : { "debug" : "^debug$", "error" : "^error$", "info" : "^info$", "warning" : "^warn$" }, "level-field" : "loglevel", "multiline" : false, "ordered-by-time" : true, "regex" : { "standard" : { "pattern" : "^(?<timestamp>\\w{3} \\d{2} \\d{2}:\\d{2}:\\d{2}\\s+)(?<loggername>\\S+)\\s+(?<loglevel>debug|info|warn|error)\\s+(?<message>.+)$" } }, "sample" : [ { "line" : "Jan 31 11:07:34 c2s565063fff480\tinfo\tClient connected" } ], "timestamp-field" : "timestamp", "timestamp-format" : [ "%b %d %H:%M:%S " ], "title" : "Prosody log", "url" : "https://prosody.im/doc/logging", "value" : { "loggername" : { "identifier" : true, "kind" : "string" }, "message" : { "kind" : "xml" } } } }
