prosody-modules
94399ad6b5ab
mod_report_tracker/README.markdown

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_report_tracker/README.markdown @ 6191:94399ad6b5ab

mod_invites_register_api: Use set_password() for password resets Previously the code relied on the (weird) behaviour of create_user(), which would update the password for a user account if it already existed. This has several issues, and we plan to deprecate this behaviour of create_user(). The larger issue is that this route does not trigger the user-password-changed event, which can be a security problem. For example, it did not disconnect existing user sessions (this occurs in mod_c2s in response to the event). Switching to set_password() is the right thing to do.
author Matthew Wild <mwild1@gmail.com>
date Thu, 06 Feb 2025 10:13:39 +0000
parent 6063:b04518fa0987
line wrap: on
line source

---
labels:
- 'Stage-Alpha'
summary: 'Track abuse/spam reports from remote servers'
---

This module tracks reports received from remote servers about local user
accounts. The count of reports and the servers they came from is stored for
inspection by the admin or for use by other modules which might take action
against the reported accounts.

## Configuration

### Trusted reporters

You can configure which servers the module will trust reports from:

```
trusted_reporters = { "example.com", "example.net" }
```

Reports from non-domain JIDs are currently always ignored (even if listed).

Reports from domain JIDs which are not listed here are logged so the admin
can decide whether to add them to the configured list.

## Compatibility

Should work with 0.12, but has not been tested.

Tested with trunk (2024-11-22).