Software /
code /
prosody-modules
File
mod_isolate_host/mod_isolate_host.lua @ 4832:bfd4af4caddc
mod_password_policy: Support for additional policies provided by other modules
E.g. check a password contains an uppercase character:
module:provides("password-policy", {
name = "contains_uppercase";
check_password = function (password, policy)
return (policy ~= true) or (not not password:match("%u"));
end;
})
Config:
password_policy = {
contains_uppercase = true;
}
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Wed, 22 Dec 2021 14:48:46 +0000 |
parent | 1792:8e19b943c2cd |
child | 5004:bc75fc9400ae |
line wrap: on
line source
local jid = require "util.jid"; local jid_bare, jid_split = jid.bare, jid.split; local is_admin = require "core.usermanager".is_admin; local set = require "util.set"; local st = require "util.stanza"; local stanza_types = set.new{"message", "presence", "iq"}; local jid_types = set.new{"bare", "full", "host"}; local except_domains = module:get_option_inherited_set("isolate_except_domains", {}); local except_users = module:get_option_inherited_set("isolate_except_users", {}); function check_stanza(event) local origin, stanza = event.origin, event.stanza; if origin.no_host_isolation then return; end local to_user, to_host = jid_split(event.stanza.attr.to); if to_host and to_host ~= origin.host and not except_domains:contains(to_host) then if to_host:match("^[^.]+%.(.+)$") == origin.host then -- Permit subdomains except_domains:add(to_host); return; end module:log("warn", "Forbidding stanza from %s to %s", stanza.attr.from or origin.full_jid, stanza.attr.to); origin.send(st.error_reply(stanza, "auth", "forbidden", "Communication with "..to_host.." is not available")); return true; end end for stanza_type in stanza_types do for jid_type in jid_types do module:hook("pre-"..stanza_type.."/"..jid_type, check_stanza, 1); end end function check_user_isolated(event) local session = event.session; local bare_jid = jid_bare(session.full_jid); if is_admin(bare_jid, module.host) or except_users:contains(bare_jid) then session.no_host_isolation = true; end module:log("debug", "%s is %sisolated", session.full_jid or "[?]", session.no_host_isolation and "" or "not "); end module:hook("resource-bind", check_user_isolated);