# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1661179142 -3600
# Node ID bd63feda3704cc3acaceda7215c4138c856b1935
# Parent  cce12a660b9899aa581a03ae5cfccdd9cecc7d83# Parent  34fb3d239ac1669b96e3c5a05187916371023e8c
Merge role-auth

diff -r 34fb3d239ac1 -r bd63feda3704 mod_http_muc_log/mod_http_muc_log.lua
--- a/mod_http_muc_log/mod_http_muc_log.lua	Mon Aug 22 13:28:01 2022 +0100
+++ b/mod_http_muc_log/mod_http_muc_log.lua	Mon Aug 22 15:39:02 2022 +0100
@@ -305,13 +305,16 @@
 	end
 
 	local first, last;
-	for key, item, when in iter do
+	for archive_id, item, when in iter do
 		local body_tag = item:get_child("body");
 		local body = body_tag and body_tag:get_text();
 		local subject = item:get_child_text("subject");
 		local verb = nil;
 		local lang = body_tag and body_tag.attr["xml:lang"] or item.attr["xml:lang"];
 
+		-- XEP-0359: Unique and Stable Stanza IDs
+		local message_id = item:find("{urn:xmpp:sid:0}origin-id@id") or item.attr.id;
+
 		if subject then
 			verb, body = "set the topic to", subject;
 		elseif body and body:sub(1,4) == "/me " then
@@ -323,6 +326,7 @@
 		end
 
 		local nick = select(3, jid_split(item.attr.from));
+		local occupant_id = item:find("{urn:xmpp:occupant-id:0}occupant-id@id") or nick;
 
 		-- XEP-0066: Out of Band Data
 		local oob = use_oob and item:get_child("x", "jabber:x:oob");
@@ -348,12 +352,10 @@
 		if edit then
 			local found = false;
 			for n = i-1, 1, -1 do
-				if not logs[n] then
-					break; -- Probably reached logs[0]
-				elseif logs[n].id == edit and nick == logs[n].nick then
+				if logs[n].message_id == edit and occupant_id == logs[n].occupant_id then
 					found = true;
-					logs[n].edited = key;
-					edit = logs[n].key;
+					logs[n].edited = archive_id;
+					edit = logs[n].archive_id;
 					break;
 				end
 			end
@@ -369,9 +371,7 @@
 			-- COMPAT Movim uses an @to attribute instead of the correct @id
 			local target_id = reactions.attr.id or reactions.attr.to;
 			for n = i - 1, 1, -1 do
-				if not logs[n] then
-					break -- Probably reached logs[0]
-				elseif logs[n].key == target_id then
+				if logs[n].archive_id == target_id then
 					local react_map = logs[n].reactions; -- { string : integer }
 					if not react_map then
 						react_map = {};
@@ -389,12 +389,13 @@
 		end
 
 		-- XEP-0461: Message Replies
-		local reply = item:get_child("reply", "urn:xmpp:reply:0");
+		local reply = item:find("{urn:xmpp:reply:0}reply@id");
 
 		if body or verb or oob then
 			local line = {
-				id = item.attr.id,
-				key = key;
+				message_id = message_id;
+				archive_id = archive_id;
+				occupant_id = occupant_id;
 				datetime = datetime.datetime(when);
 				time = datetime.time(when);
 				verb = verb;
@@ -404,7 +405,9 @@
 				st_name = item.name;
 				st_type = item.attr.type;
 				edit = edit;
-				reply = reply and reply.attr.id;
+				reply = reply;
+				-- COMPAT
+				key = archive_id;
 			};
 			if oob then
 				line.oob = {
@@ -415,8 +418,8 @@
 			logs[i], i = line, i + 1;
 		end
 
-		first = first or key;
-		last = key;
+		first = first or archive_id;
+		last = archive_id;
 	end
 	if i == 1 and not lazy then return end -- No items
 
diff -r 34fb3d239ac1 -r bd63feda3704 mod_http_muc_log/res/http_muc_log.html
--- a/mod_http_muc_log/res/http_muc_log.html	Mon Aug 22 13:28:01 2022 +0100
+++ b/mod_http_muc_log/res/http_muc_log.html	Mon Aug 22 15:39:02 2022 +0100
@@ -110,8 +110,8 @@
 </div>
 
 <ol class="chat-logs">{lines#
-<li {item.lang&lang="{item.lang}"} class="{item.st_name} {item.st_type?} {item.edited&edited}" id="{item.key}">
-<a class="time" href="#{item.key}"><time id="{item.time}" datetime="{item.datetime}">{item.time}</time></a>
+<li {item.lang&lang="{item.lang}"} class="{item.st_name} {item.st_type?} {item.edited&edited}" id="{item.archive_id}">
+<a class="time" href="#{item.archive_id}"><time id="{item.time}" datetime="{item.datetime}">{item.time}</time></a>
 <b class="nick">{item.nick}</b>
 <em class="verb">{item.verb?}</em>
 <q class="body">{item.edited&<del>}{item.body?}{item.edited&</del> <a href="#{item.edited}" title="jump to corrected version">&#9998;</a>}{item.edit& <a href="#{item.edit}" title="jump to previous version">&#9999;</a>}{item.reply& <a href="#{item.reply}" title="jump to message responded to">&#8634;</a>}</q>
diff -r 34fb3d239ac1 -r bd63feda3704 mod_privilege/mod_privilege.lua
--- a/mod_privilege/mod_privilege.lua	Mon Aug 22 13:28:01 2022 +0100
+++ b/mod_privilege/mod_privilege.lua	Mon Aug 22 15:39:02 2022 +0100
@@ -393,11 +393,17 @@
             and privilege_elt.tags[1].attr.xmlns==_FORWARDED_NS then
             local message_elt = privilege_elt.tags[1]:get_child('message', 'jabber:client')
             if message_elt ~= nil then
-                local _, from_host, from_resource = jid.split(message_elt.attr.from)
+                local username, from_host, from_resource = jid.split(message_elt.attr.from)
                 if from_resource == nil and hosts[from_host] then -- we only accept bare jids from one of the server hosts
                     clean_xmlns(message_elt);  -- needed do to proper routing
+                    local session = {
+                        username = username;
+                        host = from_host;
+                        type = "c2s";
+                        log = module._log;
+                    }
                     -- at this point everything should be alright, we can send the message
-                    prosody.core_route_stanza(nil, message_elt)
+                    prosody.core_post_stanza(session, message_elt, true)
                 else -- trying to send a message from a forbidden entity
                     module:log("warn", "Entity "..tostring(session.full_jid).." try to send a message from "..tostring(message_elt.attr.from))
                     session.send(st.error_reply(stanza, 'auth', 'forbidden'))
@@ -618,17 +624,6 @@
 
     wrapped_iq.attr.from = stanza.attr.to
 
-    if wrapped_iq.attr.to == nil then
-        session.send(
-            st.error_reply(
-                stanza,
-                "auth",
-                "forbidden",
-                'wrapped <IQ> "to" attribute is missing'
-            )
-        )
-        return true
-    end
 
     if wrapped_iq.attr.type ~= iq_type then
         session.send(
@@ -655,8 +650,16 @@
     end
 
     -- at this point, wrapped_iq is considered valid, and privileged entity is allowed to send it
+    local username, from_host, _ = jid.split(wrapped_iq.attr.from)
+    local newsession = {
+        username = username;
+        host = from_host;
+	    full_jid = stanza.attr.to;
+        type = "c2s";
+        log = module._log;
+    }
 
-    module:send_iq(wrapped_iq)
+    module:send_iq(wrapped_iq,newsession)
         :next(function (response)
             local reply = st.reply(stanza);
             response.stanza.attr.xmlns = 'jabber:client'