# HG changeset patch # User Kim Alvefur # Date 1689333930 -7200 # Node ID e9af6abf2b1eebda9249412d15b30b174107f665 # Parent 6d0574bfbf5d676c812c1c59b98d17318619b13d mod_client_management: Add shell command to revoke client access Could be used if an operator detects a compromised client. diff -r 6d0574bfbf5d -r e9af6abf2b1e mod_client_management/README.md --- a/mod_client_management/README.md Thu Jul 13 23:26:02 2023 +0200 +++ b/mod_client_management/README.md Fri Jul 14 13:25:30 2023 +0200 @@ -35,6 +35,12 @@ prosodyctl shell user clients user@example.com ``` +To revoke access from particular client: + +```shell +prosodyctl shell user revoke_client user@example.com grant/xxxxx +``` + ## Compatibility Requires Prosody trunk (as of 2023-03-29). Not compatible with Prosody 0.12 diff -r 6d0574bfbf5d -r e9af6abf2b1e mod_client_management/mod_client_management.lua --- a/mod_client_management/mod_client_management.lua Thu Jul 13 23:26:02 2023 +0200 +++ b/mod_client_management/mod_client_management.lua Fri Jul 14 13:25:30 2023 +0200 @@ -465,4 +465,18 @@ print(string.rep("-", self.session.width)); return true, ("%d clients"):format(#clients); end + + function console_env.user:revoke_client(user_jid, selector) -- luacheck: ignore 212/self + local username, host = jid.split(user_jid); + local mod = prosody.hosts[host] and prosody.hosts[host].modules.client_management; + if not mod then + return false, ("Host does not exist on this server, or does not have mod_client_management loaded"); + end + + local revoked, err = revocation_errors.coerce(mod.revoke_client_access(username, selector)); + if not revoked then + return false, err.text or err; + end + return true, "Client access revoked"; + end end);