prosody-modules
e977174082ee
mod_http_debug/mod_http_debug.lua
Software / code / prosody-modules
File
mod_http_debug/mod_http_debug.lua @ 6193:e977174082ee
mod_invites_register_api: Use set_password() for password resets
Previously the code relied on the (weird) behaviour of create_user(), which
would update the password for a user account if it already existed. This has
several issues, and we plan to deprecate this behaviour of create_user().
The larger issue is that this route does not trigger the user-password-changed
event, which can be a security problem. For example, it did not disconnect
existing user sessions (this occurs in mod_c2s in response to the event).
Switching to set_password() is the right thing to do
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 06 Feb 2025 10:24:30 +0000 |
| parent | 5492:b6af4d1ff8c1 |
line wrap: on
line source
local json = require "util.json" module:depends("http") local function handle_request(event) local request = event.request; (request.log or module._log)("debug", "%s -- %s %q HTTP/%s -- %q -- %s", request.ip, request.method, request.url, request.httpversion, request.headers, request.body); return { status_code = 200; headers = { content_type = "application/json" }; host = module.host; body = json.encode { body = request.body; headers = request.headers; httpversion = request.httpversion; id = request.id; ip = request.ip; method = request.method; path = request.path; secure = request.secure; url = request.url; }; } end local methods = module:get_option_set("http_debug_methods", { "GET"; "HEAD"; "DELETE"; "OPTIONS"; "PATCH"; "POST"; "PUT" }); local route = {}; for method in methods do route[method] = handle_request; route[method .. " /*"] = handle_request; end module:provides("http", { route = route; })
