Changeset

5601:e9af6abf2b1e

mod_client_management: Add shell command to revoke client access Could be used if an operator detects a compromised client.
author Kim Alvefur <zash@zash.se>
date Fri, 14 Jul 2023 13:25:30 +0200
parents 5600:6d0574bfbf5d
children 5602:eae5599bc0b4
files mod_client_management/README.md mod_client_management/mod_client_management.lua
diffstat 2 files changed, 20 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mod_client_management/README.md	Thu Jul 13 23:26:02 2023 +0200
+++ b/mod_client_management/README.md	Fri Jul 14 13:25:30 2023 +0200
@@ -35,6 +35,12 @@
 prosodyctl shell user clients user@example.com
 ```
 
+To revoke access from particular client:
+
+```shell
+prosodyctl shell user revoke_client user@example.com grant/xxxxx
+```
+
 ## Compatibility
 
 Requires Prosody trunk (as of 2023-03-29). Not compatible with Prosody 0.12
--- a/mod_client_management/mod_client_management.lua	Thu Jul 13 23:26:02 2023 +0200
+++ b/mod_client_management/mod_client_management.lua	Fri Jul 14 13:25:30 2023 +0200
@@ -465,4 +465,18 @@
 		print(string.rep("-", self.session.width));
 		return true, ("%d clients"):format(#clients);
 	end
+
+	function console_env.user:revoke_client(user_jid, selector) -- luacheck: ignore 212/self
+		local username, host = jid.split(user_jid);
+		local mod = prosody.hosts[host] and prosody.hosts[host].modules.client_management;
+		if not mod then
+			return false, ("Host does not exist on this server, or does not have mod_client_management loaded");
+		end
+
+		local revoked, err = revocation_errors.coerce(mod.revoke_client_access(username, selector));
+		if not revoked then
+			return false, err.text or err;
+		end
+		return true, "Client access revoked";
+	end
 end);