prosody-modules
e977174082ee
mod_auto_answer_disco_info/mod_auto_answer_disco_info.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_auto_answer_disco_info/mod_auto_answer_disco_info.lua @ 6193:e977174082ee

mod_invites_register_api: Use set_password() for password resets Previously the code relied on the (weird) behaviour of create_user(), which would update the password for a user account if it already existed. This has several issues, and we plan to deprecate this behaviour of create_user(). The larger issue is that this route does not trigger the user-password-changed event, which can be a security problem. For example, it did not disconnect existing user sessions (this occurs in mod_c2s in response to the event). Switching to set_password() is the right thing to do
author Matthew Wild <mwild1@gmail.com>
date Thu, 06 Feb 2025 10:24:30 +0000
parent 4585:05c74210c007
line wrap: on
line source

module:depends("cache_c2s_caps");

local st = require "util.stanza";

local function disco_handler(event)
	local stanza, origin = event.stanza, event.origin;
	local query = stanza.tags[1];
	local to = stanza.attr.to;
	local node = query.attr.node;

	local target_session = prosody.full_sessions[to];
	if target_session == nil then
		return;
	end

	local disco_info = target_session.caps_cache;
	if disco_info ~= nil and (node == nil or node == disco_info.attr.node) then
		local iq = st.reply(stanza);
		iq:add_child(st.clone(disco_info));
		local log = origin.log or module._log;
		log("debug", "Answering disco#info on the behalf of %s", to);
		module:send(iq);
		return true;
	end
end

module:hook("iq/full", function(event)
	local stanza = event.stanza;
	if stanza.attr.type == "get" then
		if stanza:get_child("query", "http://jabber.org/protocol/disco#info") then
			return disco_handler(event);
		end
	end
end, 1);