prosody-modules
e977174082ee
mod_dwd/mod_dwd.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_dwd/mod_dwd.lua @ 6193:e977174082ee

mod_invites_register_api: Use set_password() for password resets Previously the code relied on the (weird) behaviour of create_user(), which would update the password for a user account if it already existed. This has several issues, and we plan to deprecate this behaviour of create_user(). The larger issue is that this route does not trigger the user-password-changed event, which can be a security problem. For example, it did not disconnect existing user sessions (this occurs in mod_c2s in response to the event). Switching to set_password() is the right thing to do
author Matthew Wild <mwild1@gmail.com>
date Thu, 06 Feb 2025 10:24:30 +0000
parent 932:4e235e565693
line wrap: on
line source

local hosts = _G.hosts;
local st = require "util.stanza";
local nameprep = require "util.encodings".stringprep.nameprep;
local cert_verify_identity = require "util.x509".verify_identity;

module:hook("stanza/jabber:server:dialback:result", function(event)
	local origin, stanza = event.origin, event.stanza;

	if origin.cert_chain_status == "valid" and origin.type == "s2sin_unauthed" or origin.type == "s2sin" then
		local attr = stanza.attr;
		local to, from = nameprep(attr.to), nameprep(attr.from);

		local conn = origin.conn:socket()
		local cert;
		if conn.getpeercertificate then
			cert = conn:getpeercertificate()
		end

		if cert and hosts[to] and cert_verify_identity(from, "xmpp-server", cert) then

			-- COMPAT: ejabberd, gmail and perhaps others do not always set 'to' and 'from'
			-- on streams. We fill in the session's to/from here instead.
			if not origin.from_host then
				origin.from_host = from;
			end
			if not origin.to_host then
				origin.to_host = to;
			end

			module:log("info", "Accepting Dialback without Dialback for %s", from);
			module:fire_event("s2s-authenticated", { session = origin, host = from });
			origin.sends2s(
				st.stanza("db:result", { from = attr.to, to = attr.from, id = attr.id, type = "valid" }));

			return true;
		end
	end
end, 100);