prosody-modules
f2363e6d9a64
mod_block_registrations/README.markdown

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_block_registrations/README.markdown @ 5390:f2363e6d9a64

mod_http_oauth2: Advertise the currently supported id_token signing algorithm This field is REQUIRED. The algorithm RS256 MUST be included, but isn't because we don't implement it, as that would require implementing a pile of additional cryptography and JWT stuff. Instead the id_token is signed using the client secret, which allows verification by the client, since it's a shared secret per OpenID Connect Core 1.0 § 10.1 under Symmetric Signatures. OpenID Connect Discovery 1.0 has a lot of REQUIRED and MUST clauses that are not supported here, but that's okay because this is served from the RFC 8414 OAuth 2.0 Authorization Server Metadata .well-known endpoint!
author Kim Alvefur <zash@zash.se>
date Sun, 30 Apr 2023 16:13:40 +0200
parent 2715:9b43b7fc3558
child 5421:a58ba20b3a71
line wrap: on
line source

Introduction
============

On a server with public registration it is usually desirable to prevent
registration of certain "reserved" accounts, such as "admin".

This plugin allows you to reserve individual usernames, or those
matching certain patterns. It also allows you to ensure that usernames
conform to a certain pattern.

Configuration
=============

Enable the module as any other:

    modules_enabled = {
      "block_registrations";
    }

You can then set some options to configure your desired policy:

  Option                           Default         Description
  -------------------------------- --------------- -------------------------------------------------------------------------------------------------------------------------------------------------
  block\_registrations\_users      `{ "admin" }`   A list of reserved usernames
  block\_registrations\_matching   `{ }`           A list of [Lua patterns](http://www.lua.org/manual/5.1/manual.html#5.4.1) matching reserved usernames (slower than block\_registrations\_users)
  block\_registrations\_require    `nil`           A pattern that registered user accounts MUST match to be allowed

Some examples:

    block_registrations_users = { "admin", "root", "xmpp" }
    block_registrations_matching = {
      "master$" -- matches anything ending with master: postmaster, hostmaster, webmaster, etc.
    }
    block_registrations_require = "^[a-zA-Z0-9_.-]+$" -- Allow only simple ASCII characters in usernames

Compatibility
=============

  ----- -------------
  0.9   Works
  0.8   Should work
  ----- -------------