Diff

plugins/muc/muc.lib.lua @ 6144:cb08bba0443a

Merge with daurnimator
author Matthew Wild <mwild1@gmail.com>
date Thu, 17 Apr 2014 09:01:32 +0100
parent 6054:7a5ddbaf758d
parent 6143:82b3a2155a55
child 6178:e12b13a46878
child 6232:d7dc71d9171d
line wrap: on
line diff
--- a/plugins/muc/muc.lib.lua	Wed Apr 02 17:42:22 2014 +0100
+++ b/plugins/muc/muc.lib.lua	Thu Apr 17 09:01:32 2014 +0100
@@ -1,6 +1,7 @@
 -- Prosody IM
 -- Copyright (C) 2008-2010 Matthew Wild
 -- Copyright (C) 2008-2010 Waqas Hussain
+-- Copyright (C) 2014 Daurnimator
 --
 -- This project is MIT/X11 licensed. Please see the
 -- COPYING file in the source package for more information.
@@ -9,6 +10,7 @@
 local select = select;
 local pairs, ipairs = pairs, ipairs;
 
+local gettime = os.time;
 local datetime = require "util.datetime";
 
 local dataform = require "util.dataforms";
@@ -23,44 +25,42 @@
 local base64 = require "util.encodings".base64;
 local md5 = require "util.hashes".md5;
 
-local muc_domain = nil; --module:get_host();
 local default_history_length, max_history_length = 20, math.huge;
 
-------------
-local presence_filters = {["http://jabber.org/protocol/muc"]=true;["http://jabber.org/protocol/muc#user"]=true};
-local function presence_filter(tag)
-	if presence_filters[tag.attr.xmlns] then
-		return nil;
+local get_filtered_presence do
+	local presence_filters = {
+		["http://jabber.org/protocol/muc"] = true;
+		["http://jabber.org/protocol/muc#user"] = true;
+	}
+	local function presence_filter(tag)
+		if presence_filters[tag.attr.xmlns] then
+			return nil;
+		end
+		return tag;
 	end
-	return tag;
+	function get_filtered_presence(stanza)
+		return st.clone(stanza):maptags(presence_filter);
+	end
 end
 
-local function get_filtered_presence(stanza)
-	return st.clone(stanza):maptags(presence_filter);
+local is_kickable_error do
+	local kickable_error_conditions = {
+		["gone"] = true;
+		["internal-server-error"] = true;
+		["item-not-found"] = true;
+		["jid-malformed"] = true;
+		["recipient-unavailable"] = true;
+		["redirect"] = true;
+		["remote-server-not-found"] = true;
+		["remote-server-timeout"] = true;
+		["service-unavailable"] = true;
+		["malformed error"] = true;
+	};
+	function is_kickable_error(stanza)
+		local cond = select(2, stanza:get_error()) or "malformed error";
+		return kickable_error_conditions[cond];
+	end
 end
-local kickable_error_conditions = {
-	["gone"] = true;
-	["internal-server-error"] = true;
-	["item-not-found"] = true;
-	["jid-malformed"] = true;
-	["recipient-unavailable"] = true;
-	["redirect"] = true;
-	["remote-server-not-found"] = true;
-	["remote-server-timeout"] = true;
-	["service-unavailable"] = true;
-	["malformed error"] = true;
-};
-
-local function get_error_condition(stanza)
-	local _, condition = stanza:get_error();
-	return condition or "malformed error";
-end
-
-local function is_kickable_error(stanza)
-	local cond = get_error_condition(stanza);
-	return kickable_error_conditions[cond] and cond;
-end
------------
 
 local room_mt = {};
 room_mt.__index = room_mt;
@@ -69,6 +69,10 @@
 	return "MUC room ("..self.jid..")";
 end
 
+function room_mt:get_occupant_jid(real_jid)
+	return self._jid_nick[real_jid]
+end
+
 function room_mt:get_default_role(affiliation)
 	if affiliation == "owner" or affiliation == "admin" then
 		return "moderator";
@@ -81,6 +85,26 @@
 	end
 end
 
+function room_mt:lock()
+	self.locked = true
+end
+function room_mt:unlock()
+	module:fire_event("muc-room-unlocked", { room = self });
+	self.locked = nil
+end
+function room_mt:is_locked()
+	return not not self.locked
+end
+
+function room_mt:route_to_occupant(o_data, stanza)
+	local to = stanza.attr.to;
+	for jid in pairs(o_data.sessions) do
+		stanza.attr.to = jid;
+		self:_route_stanza(stanza);
+	end
+	stanza.attr.to = to;
+end
+
 function room_mt:broadcast_presence(stanza, sid, code, nick)
 	stanza = get_filtered_presence(stanza);
 	local occupant = self._occupants[stanza.attr.from];
@@ -90,51 +114,49 @@
 		stanza:tag("status", {code=code}):up();
 	end
 	self:broadcast_except_nick(stanza, stanza.attr.from);
-	local me = self._occupants[stanza.attr.from];
-	if me then
-		stanza:tag("status", {code='110'}):up();
-		stanza.attr.to = sid;
-		self:_route_stanza(stanza);
-	end
+	stanza:tag("status", {code='110'}):up();
+	stanza.attr.to = sid;
+	self:_route_stanza(stanza);
 end
 function room_mt:broadcast_message(stanza, historic)
-	local to = stanza.attr.to;
-	for occupant, o_data in pairs(self._occupants) do
-		for jid in pairs(o_data.sessions) do
-			stanza.attr.to = jid;
-			self:_route_stanza(stanza);
-		end
-	end
-	stanza.attr.to = to;
-	if historic then -- add to history
-		return self:save_to_history(stanza)
-	end
+	module:fire_event("muc-broadcast-message", {room = self, stanza = stanza, historic = historic});
+	self:broadcast(stanza);
 end
-function room_mt:save_to_history(stanza)
-	local history = self._data['history'];
-	if not history then history = {}; self._data['history'] = history; end
-	stanza = st.clone(stanza);
-	stanza.attr.to = "";
-	local stamp = datetime.datetime();
-	stanza:tag("delay", {xmlns = "urn:xmpp:delay", from = muc_domain, stamp = stamp}):up(); -- XEP-0203
-	stanza:tag("x", {xmlns = "jabber:x:delay", from = muc_domain, stamp = datetime.legacy()}):up(); -- XEP-0091 (deprecated)
-	local entry = { stanza = stanza, stamp = stamp };
-	t_insert(history, entry);
-	while #history > (self._data.history_length or default_history_length) do t_remove(history, 1) end
+
+-- add to history
+module:hook("muc-broadcast-message", function(event)
+	if event.historic then
+		local room = event.room
+		local history = room._data['history'];
+		if not history then history = {}; room._data['history'] = history; end
+		local stanza = st.clone(event.stanza);
+		stanza.attr.to = "";
+		local ts = gettime();
+		local stamp = datetime.datetime(ts);
+		stanza:tag("delay", {xmlns = "urn:xmpp:delay", from = module.host, stamp = stamp}):up(); -- XEP-0203
+		stanza:tag("x", {xmlns = "jabber:x:delay", from = module.host, stamp = datetime.legacy()}):up(); -- XEP-0091 (deprecated)
+		local entry = { stanza = stanza, timestamp = ts };
+		t_insert(history, entry);
+		while #history > room:get_historylength() do t_remove(history, 1) end
+	end
+end)
+
+function room_mt:broadcast_except_nick(stanza, nick)
+	return self:broadcast(stanza, function(rnick, occupant) return rnick ~= nick end)
 end
-function room_mt:broadcast_except_nick(stanza, nick)
-	for rnick, occupant in pairs(self._occupants) do
-		if rnick ~= nick then
-			for jid in pairs(occupant.sessions) do
-				stanza.attr.to = jid;
-				self:_route_stanza(stanza);
-			end
+
+-- Broadcast a stanza to all occupants in the room.
+-- optionally checks conditional called with nicl
+function room_mt:broadcast(stanza, cond_func)
+	for nick, occupant in pairs(self._occupants) do
+		if cond_func == nil or cond_func(nick, occupant) then
+			self:route_to_occupant(occupant, stanza)
 		end
 	end
 end
 
 function room_mt:send_occupant_list(to)
-	local current_nick = self._jid_nick[to];
+	local current_nick = self:get_occupant_jid(to);
 	for occupant, o_data in pairs(self._occupants) do
 		if occupant ~= current_nick then
 			local pres = get_filtered_presence(o_data.sessions[o_data.jid]);
@@ -145,52 +167,88 @@
 		end
 	end
 end
-function room_mt:send_history(to, stanza)
-	local history = self._data['history']; -- send discussion history
-	if history then
-		local x_tag = stanza and stanza:get_child("x", "http://jabber.org/protocol/muc");
-		local history_tag = x_tag and x_tag:get_child("history", "http://jabber.org/protocol/muc");
-
-		local maxchars = history_tag and tonumber(history_tag.attr.maxchars);
-		if maxchars then maxchars = math.floor(maxchars); end
 
-		local maxstanzas = math.floor(history_tag and tonumber(history_tag.attr.maxstanzas) or #history);
-		if not history_tag then maxstanzas = 20; end
+local function parse_history(stanza)
+	local x_tag = stanza:get_child("x", "http://jabber.org/protocol/muc");
+	local history_tag = x_tag and x_tag:get_child("history", "http://jabber.org/protocol/muc");
+	if not history_tag then
+		return nil, 20, nil
+	end
 
-		local seconds = history_tag and tonumber(history_tag.attr.seconds);
-		if seconds then seconds = datetime.datetime(os.time() - math.floor(seconds)); end
+	local maxchars = tonumber(history_tag.attr.maxchars);
 
-		local since = history_tag and history_tag.attr.since;
-		if since then since = datetime.parse(since); since = since and datetime.datetime(since); end
-		if seconds and (not since or since < seconds) then since = seconds; end
+	local maxstanzas = tonumber(history_tag.attr.maxstanzas);
 
-		local n = 0;
-		local charcount = 0;
+	-- messages received since the UTC datetime specified
+	local since = history_tag.attr.since;
+	if since then
+		since = datetime.parse(since);
+	end
 
-		for i=#history,1,-1 do
-			local entry = history[i];
-			if maxchars then
-				if not entry.chars then
-					entry.stanza.attr.to = "";
-					entry.chars = #tostring(entry.stanza);
-				end
-				charcount = charcount + entry.chars + #to;
-				if charcount > maxchars then break; end
-			end
-			if since and since > entry.stamp then break; end
-			if n + 1 > maxstanzas then break; end
-			n = n + 1;
-		end
-		for i=#history-n+1,#history do
-			local msg = history[i].stanza;
-			msg.attr.to = to;
-			self:_route_stanza(msg);
+	-- messages received in the last "X" seconds.
+	local seconds = tonumber(history_tag.attr.seconds);
+	if seconds then
+		seconds = gettime() - seconds
+		if since then
+			since = math.max(since, seconds);
+		else
+			since = seconds;
 		end
 	end
+
+	return maxchars, maxstanzas, since
 end
-function room_mt:send_subject(to)
-	if self._data['subject'] then
-		self:_route_stanza(st.message({type='groupchat', from=self._data['subject_from'] or self.jid, to=to}):tag("subject"):text(self._data['subject']));
+
+module:hook("muc-get-history", function(event)
+	local room = event.room
+	local history = room._data['history']; -- send discussion history
+	if not history then return nil end
+	local history_len = #history
+
+	local to = event.to
+	local maxchars = event.maxchars
+	local maxstanzas = event.maxstanzas or history_len
+	local since = event.since
+	local n = 0;
+	local charcount = 0;
+	for i=history_len,1,-1 do
+		local entry = history[i];
+		if maxchars then
+			if not entry.chars then
+				entry.stanza.attr.to = "";
+				entry.chars = #tostring(entry.stanza);
+			end
+			charcount = charcount + entry.chars + #to;
+			if charcount > maxchars then break; end
+		end
+		if since and since > entry.timestamp then break; end
+		if n + 1 > maxstanzas then break; end
+		n = n + 1;
+	end
+
+	local i = history_len-n+1
+	function event:next_stanza()
+		if i > history_len then return nil end
+		local entry = history[i]
+		local msg = entry.stanza
+		msg.attr.to = to;
+		i = i + 1
+		return msg
+	end
+	return true;
+end)
+
+function room_mt:send_history(stanza)
+	local maxchars, maxstanzas, since = parse_history(stanza)
+	local event = {
+		room = self;
+		to = stanza.attr.from; -- `to` is required to calculate the character count for `maxchars`
+		maxchars = maxchars, maxstanzas = maxstanzas, since = since;
+		next_stanza = function() end; -- events should define this iterator
+	}
+	module:fire_event("muc-get-history", event)
+	for msg in event.next_stanza , event do
+		self:_route_stanza(msg);
 	end
 end
 
@@ -204,7 +262,7 @@
 		:tag("feature", {var=self:get_members_only() and "muc_membersonly" or "muc_open"}):up()
 		:tag("feature", {var=self:get_persistent() and "muc_persistent" or "muc_temporary"}):up()
 		:tag("feature", {var=self:get_hidden() and "muc_hidden" or "muc_public"}):up()
-		:tag("feature", {var=self._data.whois ~= "anyone" and "muc_semianonymous" or "muc_nonanonymous"}):up()
+		:tag("feature", {var=self:get_whois() ~= "anyone" and "muc_semianonymous" or "muc_nonanonymous"}):up()
 		:add_child(dataform.new({
 			{ name = "FORM_TYPE", type = "hidden", value = "http://jabber.org/protocol/muc#roominfo" },
 			{ name = "muc#roominfo_description", label = "Description", value = "" },
@@ -219,25 +277,44 @@
 	end
 	return reply;
 end
+
+function room_mt:get_subject()
+	return self._data['subject'], self._data['subject_from']
+end
+local function create_subject_message(subject)
+	return st.message({type='groupchat'})
+		:tag('subject'):text(subject):up();
+end
+function room_mt:send_subject(to)
+	local from, subject = self:get_subject()
+	if subject then
+		local msg = create_subject_message(subject)
+		msg.attr.from = from
+		msg.attr.to = to
+		self:_route_stanza(msg);
+	end
+end
 function room_mt:set_subject(current_nick, subject)
 	if subject == "" then subject = nil; end
 	self._data['subject'] = subject;
 	self._data['subject_from'] = current_nick;
 	if self.save then self:save(); end
-	local msg = st.message({type='groupchat', from=current_nick})
-		:tag('subject'):text(subject):up();
+	local msg = create_subject_message(subject)
+	msg.attr.from = current_nick
 	self:broadcast_message(msg, false);
 	return true;
 end
 
-local function build_unavailable_presence_from_error(stanza)
+function room_mt:handle_kickable(origin, stanza)
 	local type, condition, text = stanza:get_error();
 	local error_message = "Kicked: "..(condition and condition:gsub("%-", " ") or "presence error");
 	if text then
 		error_message = error_message..": "..text;
 	end
-	return st.presence({type='unavailable', from=stanza.attr.from, to=stanza.attr.to})
+	local kick_stanza = st.presence({type='unavailable', from=stanza.attr.from, to=stanza.attr.to})
 		:tag('status'):text(error_message);
+	self:handle_unavailable_to_occupant(origin, kick_stanza); -- send unavailable
+	return true;
 end
 
 function room_mt:set_name(name)
@@ -351,237 +428,309 @@
 	return self._data.whois;
 end
 
-local function construct_stanza_id(room, stanza)
-	local from_jid, to_nick = stanza.attr.from, stanza.attr.to;
-	local from_nick = room._jid_nick[from_jid];
-	local occupant = room._occupants[to_nick];
-	local to_jid = occupant.jid;
-
-	return from_nick, to_jid, base64.encode(to_jid.."\0"..stanza.attr.id.."\0"..md5(from_jid));
+function room_mt:handle_unavailable_to_occupant(origin, stanza)
+	local from = stanza.attr.from;
+	local current_nick = self:get_occupant_jid(from);
+	if not current_nick then
+		return true; -- discard
+	end
+	local pr = get_filtered_presence(stanza);
+	pr.attr.from = current_nick;
+	log("debug", "%s leaving %s", current_nick, self.jid);
+	self._jid_nick[from] = nil;
+	local occupant = self._occupants[current_nick];
+	local new_jid = next(occupant.sessions);
+	if new_jid == from then new_jid = next(occupant.sessions, new_jid); end
+	if new_jid then
+		local jid = occupant.jid;
+		occupant.jid = new_jid;
+		occupant.sessions[from] = nil;
+		pr.attr.to = from;
+		pr:tag("x", {xmlns='http://jabber.org/protocol/muc#user'})
+			:tag("item", {affiliation=occupant.affiliation or "none", role='none'}):up()
+			:tag("status", {code='110'}):up();
+		self:_route_stanza(pr);
+		if jid ~= new_jid then
+			pr = st.clone(occupant.sessions[new_jid])
+				:tag("x", {xmlns='http://jabber.org/protocol/muc#user'})
+				:tag("item", {affiliation=occupant.affiliation or "none", role=occupant.role or "none"});
+			pr.attr.from = current_nick;
+			self:broadcast_except_nick(pr, current_nick);
+		end
+	else
+		occupant.role = 'none';
+		self:broadcast_presence(pr, from);
+		self._occupants[current_nick] = nil;
+		module:fire_event("muc-occupant-left", { room = self; nick = current_nick; });
+	end
+	return true;
 end
-local function deconstruct_stanza_id(room, stanza)
-	local from_jid_possiblybare, to_nick = stanza.attr.from, stanza.attr.to;
-	local from_jid, id, to_jid_hash = (base64.decode(stanza.attr.id) or ""):match("^(.+)%z(.*)%z(.+)$");
-	local from_nick = room._jid_nick[from_jid];
+
+function room_mt:handle_occupant_presence(origin, stanza)
+	local from = stanza.attr.from;
+	local pr = get_filtered_presence(stanza);
+	local current_nick = stanza.attr.to
+	pr.attr.from = current_nick;
+	log("debug", "%s broadcasted presence", current_nick);
+	self._occupants[current_nick].sessions[from] = pr;
+	self:broadcast_presence(pr, from);
+	return true;
+end
 
-	if not(from_nick) then return; end
-	if not(from_jid_possiblybare == from_jid or from_jid_possiblybare == jid_bare(from_jid)) then return; end
-
-	local occupant = room._occupants[to_nick];
-	for to_jid in pairs(occupant and occupant.sessions or {}) do
-		if md5(to_jid) == to_jid_hash then
-			return from_nick, to_jid, id;
-		end
+function room_mt:handle_change_nick(origin, stanza, current_nick, to)
+	local from = stanza.attr.from;
+	local occupant = self._occupants[current_nick];
+	local is_multisession = next(occupant.sessions, next(occupant.sessions));
+	if self._occupants[to] or is_multisession then
+		log("debug", "%s couldn't change nick", current_nick);
+		local reply = st.error_reply(stanza, "cancel", "conflict"):up();
+		reply.tags[1].attr.code = "409";
+		origin.send(reply:tag("x", {xmlns = "http://jabber.org/protocol/muc"}));
+		return true;
+	else
+		local to_nick = select(3, jid_split(to));
+		log("debug", "%s (%s) changing nick to %s", current_nick, occupant.jid, to);
+		local p = st.presence({type='unavailable', from=current_nick});
+		self:broadcast_presence(p, from, '303', to_nick);
+		self._occupants[current_nick] = nil;
+		self._occupants[to] = occupant;
+		self._jid_nick[from] = to;
+		local pr = get_filtered_presence(stanza);
+		pr.attr.from = to;
+		self._occupants[to].sessions[from] = pr;
+		self:broadcast_presence(pr, from);
+		return true;
 	end
 end
 
+module:hook("muc-occupant-pre-join", function(event)
+	return module:fire_event("muc-occupant-pre-join/affiliation", event)
+		or module:fire_event("muc-occupant-pre-join/password", event)
+		or module:fire_event("muc-occupant-pre-join/locked", event)
+		or module:fire_event("muc-occupant-pre-join/nick-conflict", event)
+end, -1)
 
-function room_mt:handle_to_occupant(origin, stanza) -- PM, vCards, etc
+module:hook("muc-occupant-pre-join/password", function(event)
+	local room, stanza = event.room, event.stanza;
+	local from, to = stanza.attr.from, stanza.attr.to;
+	local password = stanza:get_child("x", "http://jabber.org/protocol/muc");
+	password = password and password:get_child_text("password", "http://jabber.org/protocol/muc");
+	if not password or password == "" then password = nil; end
+	if room:get_password() ~= password then
+		local from, to = stanza.attr.from, stanza.attr.to;
+		log("debug", "%s couldn't join due to invalid password: %s", from, to);
+		local reply = st.error_reply(stanza, "auth", "not-authorized"):up();
+		reply.tags[1].attr.code = "401";
+		event.origin.send(reply:tag("x", {xmlns = "http://jabber.org/protocol/muc"}));
+		return true;
+	end
+end, -1)
+
+module:hook("muc-occupant-pre-join/nick-conflict", function(event)
+	local room, stanza = event.room, event.stanza;
+	local from, to = stanza.attr.from, stanza.attr.to;
+	local occupant = room._occupants[to]
+	if occupant -- occupant already exists
+		and jid_bare(from) ~= jid_bare(occupant.jid) then -- and has different bare real jid
+		log("debug", "%s couldn't join due to nick conflict: %s", from, to);
+		local reply = st.error_reply(stanza, "cancel", "conflict"):up();
+		reply.tags[1].attr.code = "409";
+		event.origin.send(reply:tag("x", {xmlns = "http://jabber.org/protocol/muc"}));
+		return true;
+	end
+end, -1)
+
+module:hook("muc-occupant-pre-join/locked", function(event)
+	if event.room:is_locked() then -- Deny entry
+		event.origin.send(st.error_reply(event.stanza, "cancel", "item-not-found"));
+		return true;
+	end
+end, -1)
+
+function room_mt:handle_join(origin, stanza)
 	local from, to = stanza.attr.from, stanza.attr.to;
-	local room = jid_bare(to);
-	local current_nick = self._jid_nick[from];
-	local type = stanza.attr.type;
-	log("debug", "room: %s, current_nick: %s, stanza: %s", room or "nil", current_nick or "nil", stanza:top_tag());
-	if (select(2, jid_split(from)) == muc_domain) then error("Presence from the MUC itself!!!"); end
-	if stanza.name == "presence" then
+	local affiliation = self:get_affiliation(from);
+	if affiliation == nil and next(self._affiliations) == nil then -- new room, no owners
+		affiliation = "owner";
+		self._affiliations[jid_bare(from)] = affiliation;
+		if self:is_locked() and not stanza:get_child("x", "http://jabber.org/protocol/muc") then
+			self:unlock(); -- Older groupchat protocol doesn't lock
+		end
+	end
+	if module:fire_event("muc-occupant-pre-join", {
+		room = self;
+		origin = origin;
+		stanza = stanza;
+		affiliation = affiliation;
+	}) then return true; end
+	log("debug", "%s joining as %s", from, to);
+
+	local role = self:get_default_role(affiliation)
+	if role then -- new occupant
+		local is_merge = not not self._occupants[to]
+		if not is_merge then
+			self._occupants[to] = {affiliation=affiliation, role=role, jid=from, sessions={[from]=get_filtered_presence(stanza)}};
+		else
+			self._occupants[to].sessions[from] = get_filtered_presence(stanza);
+		end
+		self._jid_nick[from] = to;
+		self:send_occupant_list(from);
 		local pr = get_filtered_presence(stanza);
-		pr.attr.from = current_nick;
-		if type == "error" then -- error, kick em out!
-			if current_nick then
-				log("debug", "kicking %s from %s", current_nick, room);
-				self:handle_to_occupant(origin, build_unavailable_presence_from_error(stanza));
+		pr.attr.from = to;
+		pr:tag("x", {xmlns='http://jabber.org/protocol/muc#user'})
+			:tag("item", {affiliation=affiliation or "none", role=role or "none"}):up();
+		if not is_merge then
+			self:broadcast_except_nick(pr, to);
+		end
+		pr:tag("status", {code='110'}):up();
+		if self:get_whois() == 'anyone' then
+			pr:tag("status", {code='100'}):up();
+		end
+		if self:is_locked() then
+			pr:tag("status", {code='201'}):up();
+		end
+		pr.attr.to = from;
+		self:_route_stanza(pr);
+		self:send_history(from, stanza);
+		self:send_subject(from);
+		return true;
+	end
+end
+
+-- registration required for entering members-only room
+module:hook("muc-occupant-pre-join/affiliation", function(event)
+	if event.affiliation == nil and event.room:get_members_only() then
+		local reply = st.error_reply(event.stanza, "auth", "registration-required"):up();
+		reply.tags[1].attr.code = "407";
+		event.origin.send(reply:tag("x", {xmlns = "http://jabber.org/protocol/muc"}));
+		return true;
+	end
+end, -1)
+
+-- banned
+module:hook("muc-occupant-pre-join/affiliation", function(event)
+	if event.affiliation == "outcast" then
+		local reply = st.error_reply(event.stanza, "auth", "forbidden"):up();
+		reply.tags[1].attr.code = "403";
+		event.origin.send(reply:tag("x", {xmlns = "http://jabber.org/protocol/muc"}));
+		return true;
+	end
+end, -1)
+
+function room_mt:handle_available_to_occupant(origin, stanza)
+	local from, to = stanza.attr.from, stanza.attr.to;
+	local current_nick = self:get_occupant_jid(from);
+	if current_nick then
+		--if #pr == #stanza or current_nick ~= to then -- commented because google keeps resending directed presence
+			if current_nick == to then -- simple presence
+				return self:handle_occupant_presence(origin, stanza)
+			else -- change nick
+				return self:handle_change_nick(origin, stanza, current_nick, to)
 			end
-		elseif type == "unavailable" then -- unavailable
-			if current_nick then
-				log("debug", "%s leaving %s", current_nick, room);
-				self._jid_nick[from] = nil;
-				local occupant = self._occupants[current_nick];
-				local new_jid = next(occupant.sessions);
-				if new_jid == from then new_jid = next(occupant.sessions, new_jid); end
-				if new_jid then
-					local jid = occupant.jid;
-					occupant.jid = new_jid;
-					occupant.sessions[from] = nil;
-					pr.attr.to = from;
-					pr:tag("x", {xmlns='http://jabber.org/protocol/muc#user'})
-						:tag("item", {affiliation=occupant.affiliation or "none", role='none'}):up()
-						:tag("status", {code='110'}):up();
-					self:_route_stanza(pr);
-					if jid ~= new_jid then
-						pr = st.clone(occupant.sessions[new_jid])
-							:tag("x", {xmlns='http://jabber.org/protocol/muc#user'})
-							:tag("item", {affiliation=occupant.affiliation or "none", role=occupant.role or "none"});
-						pr.attr.from = current_nick;
-						self:broadcast_except_nick(pr, current_nick);
-					end
-				else
-					occupant.role = 'none';
-					self:broadcast_presence(pr, from);
-					self._occupants[current_nick] = nil;
+		--else -- possible rejoin
+		--	log("debug", "%s had connection replaced", current_nick);
+		--	self:handle_to_occupant(origin, st.presence({type='unavailable', from=from, to=to})
+		--		:tag('status'):text('Replaced by new connection'):up()); -- send unavailable
+		--	self:handle_to_occupant(origin, stanza); -- resend available
+		--end
+	else -- enter room
+		return self:handle_join(origin, stanza)
+	end
+end
+
+function room_mt:handle_presence_to_occupant(origin, stanza)
+	local type = stanza.attr.type;
+	if type == "error" then -- error, kick em out!
+		return self:handle_kickable(origin, stanza)
+	elseif type == "unavailable" then -- unavailable
+		return self:handle_unavailable_to_occupant(origin, stanza)
+	elseif not type then -- available
+		return self:handle_available_to_occupant(origin, stanza)
+	elseif type ~= 'result' then -- bad type
+		if type ~= 'visible' and type ~= 'invisible' then -- COMPAT ejabberd can broadcast or forward XEP-0018 presences
+			origin.send(st.error_reply(stanza, "modify", "bad-request")); -- FIXME correct error?
+		end
+	end
+	return true;
+end
+
+function room_mt:handle_iq_to_occupant(origin, stanza)
+	local from, to = stanza.attr.from, stanza.attr.to;
+	local type = stanza.attr.type;
+	local id = stanza.attr.id;
+	local current_nick = self:get_occupant_jid(from);
+	local o_data = self._occupants[to];
+	if (type == "error" or type == "result") then
+		do -- deconstruct_stanza_id
+			if not current_nick or not o_data then return nil; end
+			local from_jid, id, to_jid_hash = (base64.decode(stanza.attr.id) or ""):match("^(.+)%z(.*)%z(.+)$");
+			if not(from == from_jid or from == jid_bare(from_jid)) then return nil; end
+			local session_jid
+			for to_jid in pairs(o_data.sessions) do
+				if md5(to_jid) == to_jid_hash then
+					session_jid = to_jid;
+					break;
 				end
 			end
-		elseif not type then -- available
-			if current_nick then
-				--if #pr == #stanza or current_nick ~= to then -- commented because google keeps resending directed presence
-					if current_nick == to then -- simple presence
-						log("debug", "%s broadcasted presence", current_nick);
-						self._occupants[current_nick].sessions[from] = pr;
-						self:broadcast_presence(pr, from);
-					else -- change nick
-						local occupant = self._occupants[current_nick];
-						local is_multisession = next(occupant.sessions, next(occupant.sessions));
-						if self._occupants[to] or is_multisession then
-							log("debug", "%s couldn't change nick", current_nick);
-							local reply = st.error_reply(stanza, "cancel", "conflict"):up();
-							reply.tags[1].attr.code = "409";
-							origin.send(reply:tag("x", {xmlns = "http://jabber.org/protocol/muc"}));
-						else
-							local data = self._occupants[current_nick];
-							local to_nick = select(3, jid_split(to));
-							if to_nick then
-								log("debug", "%s (%s) changing nick to %s", current_nick, data.jid, to);
-								local p = st.presence({type='unavailable', from=current_nick});
-								self:broadcast_presence(p, from, '303', to_nick);
-								self._occupants[current_nick] = nil;
-								self._occupants[to] = data;
-								self._jid_nick[from] = to;
-								pr.attr.from = to;
-								self._occupants[to].sessions[from] = pr;
-								self:broadcast_presence(pr, from);
-							else
-								--TODO malformed-jid
-							end
-						end
-					end
-				--else -- possible rejoin
-				--	log("debug", "%s had connection replaced", current_nick);
-				--	self:handle_to_occupant(origin, st.presence({type='unavailable', from=from, to=to})
-				--		:tag('status'):text('Replaced by new connection'):up()); -- send unavailable
-				--	self:handle_to_occupant(origin, stanza); -- resend available
-				--end
-			else -- enter room
-				local new_nick = to;
-				local is_merge;
-				if self._occupants[to] then
-					if jid_bare(from) ~= jid_bare(self._occupants[to].jid) then
-						new_nick = nil;
-					end
-					is_merge = true;
-				end
-				local password = stanza:get_child("x", "http://jabber.org/protocol/muc");
-				password = password and password:get_child("password", "http://jabber.org/protocol/muc");
-				password = password and password[1] ~= "" and password[1];
-				if self:get_password() and self:get_password() ~= password then
-					log("debug", "%s couldn't join due to invalid password: %s", from, to);
-					local reply = st.error_reply(stanza, "auth", "not-authorized"):up();
-					reply.tags[1].attr.code = "401";
-					origin.send(reply:tag("x", {xmlns = "http://jabber.org/protocol/muc"}));
-				elseif not new_nick then
-					log("debug", "%s couldn't join due to nick conflict: %s", from, to);
-					local reply = st.error_reply(stanza, "cancel", "conflict"):up();
-					reply.tags[1].attr.code = "409";
-					origin.send(reply:tag("x", {xmlns = "http://jabber.org/protocol/muc"}));
-				else
-					log("debug", "%s joining as %s", from, to);
-					if not next(self._affiliations) then -- new room, no owners
-						self._affiliations[jid_bare(from)] = "owner";
-						if self.locked and not stanza:get_child("x", "http://jabber.org/protocol/muc") then
-							self.locked = nil; -- Older groupchat protocol doesn't lock
-						end
-					elseif self.locked then -- Deny entry
-						origin.send(st.error_reply(stanza, "cancel", "item-not-found"));
-						return;
-					end
-					local affiliation = self:get_affiliation(from);
-					local role = self:get_default_role(affiliation)
-					if role then -- new occupant
-						if not is_merge then
-							self._occupants[to] = {affiliation=affiliation, role=role, jid=from, sessions={[from]=get_filtered_presence(stanza)}};
-						else
-							self._occupants[to].sessions[from] = get_filtered_presence(stanza);
-						end
-						self._jid_nick[from] = to;
-						self:send_occupant_list(from);
-						pr.attr.from = to;
-						pr:tag("x", {xmlns='http://jabber.org/protocol/muc#user'})
-							:tag("item", {affiliation=affiliation or "none", role=role or "none"}):up();
-						if not is_merge then
-							self:broadcast_except_nick(pr, to);
-						end
-						pr:tag("status", {code='110'}):up();
-						if self._data.whois == 'anyone' then
-							pr:tag("status", {code='100'}):up();
-						end
-						if self.locked then
-							pr:tag("status", {code='201'}):up();
-						end
-						pr.attr.to = from;
-						self:_route_stanza(pr);
-						self:send_history(from, stanza);
-						self:send_subject(from);
-					elseif not affiliation then -- registration required for entering members-only room
-						local reply = st.error_reply(stanza, "auth", "registration-required"):up();
-						reply.tags[1].attr.code = "407";
-						origin.send(reply:tag("x", {xmlns = "http://jabber.org/protocol/muc"}));
-					else -- banned
-						local reply = st.error_reply(stanza, "auth", "forbidden"):up();
-						reply.tags[1].attr.code = "403";
-						origin.send(reply:tag("x", {xmlns = "http://jabber.org/protocol/muc"}));
-					end
-				end
-			end
-		elseif type ~= 'result' then -- bad type
-			if type ~= 'visible' and type ~= 'invisible' then -- COMPAT ejabberd can broadcast or forward XEP-0018 presences
-				origin.send(st.error_reply(stanza, "modify", "bad-request")); -- FIXME correct error?
-			end
+			if session_jid == nil then return nil; end
+			stanza.attr.from, stanza.attr.to, stanza.attr.id = current_nick, session_jid, id
+		end
+		log("debug", "%s sent private iq stanza to %s (%s)", from, to, stanza.attr.to);
+		self:_route_stanza(stanza);
+		stanza.attr.from, stanza.attr.to, stanza.attr.id = from, to, id;
+		return true;
+	else -- Type is "get" or "set"
+		if not current_nick then
+			origin.send(st.error_reply(stanza, "cancel", "not-acceptable"));
+			return true;
+		end
+		if not o_data then -- recipient not in room
+			origin.send(st.error_reply(stanza, "cancel", "item-not-found", "Recipient not in room"));
+			return true;
 		end
-	elseif not current_nick then -- not in room
-		if (type == "error" or type == "result") and stanza.name == "iq" then
-			local id = stanza.attr.id;
-			stanza.attr.from, stanza.attr.to, stanza.attr.id = deconstruct_stanza_id(self, stanza);
-			if stanza.attr.id then
-				self:_route_stanza(stanza);
-			end
-			stanza.attr.from, stanza.attr.to, stanza.attr.id = from, to, id;
-		elseif type ~= "error" then
+		do -- construct_stanza_id
+			stanza.attr.id = base64.encode(o_data.jid.."\0"..stanza.attr.id.."\0"..md5(from));
+		end
+		stanza.attr.from, stanza.attr.to = current_nick, o_data.jid;
+		log("debug", "%s sent private iq stanza to %s (%s)", from, to, o_data.jid);
+		if stanza.tags[1].attr.xmlns == 'vcard-temp' then
+			stanza.attr.to = jid_bare(stanza.attr.to);
+		end
+		self:_route_stanza(stanza);
+		stanza.attr.from, stanza.attr.to, stanza.attr.id = from, to, id;
+		return true;
+	end
+end
+
+function room_mt:handle_message_to_occupant(origin, stanza)
+	local from, to = stanza.attr.from, stanza.attr.to;
+	local current_nick = self:get_occupant_jid(from);
+	local type = stanza.attr.type;
+	if not current_nick then -- not in room
+		if type ~= "error" then
 			origin.send(st.error_reply(stanza, "cancel", "not-acceptable"));
 		end
-	elseif stanza.name == "message" and type == "groupchat" then -- groupchat messages not allowed in PM
+		return true;
+	end
+	if type == "groupchat" then -- groupchat messages not allowed in PM
 		origin.send(st.error_reply(stanza, "modify", "bad-request"));
-	elseif current_nick and stanza.name == "message" and type == "error" and is_kickable_error(stanza) then
+		return true;
+	elseif type == "error" and is_kickable_error(stanza) then
 		log("debug", "%s kicked from %s for sending an error message", current_nick, self.jid);
-		self:handle_to_occupant(origin, build_unavailable_presence_from_error(stanza)); -- send unavailable
-	else -- private stanza
-		local o_data = self._occupants[to];
-		if o_data then
-			log("debug", "%s sent private stanza to %s (%s)", from, to, o_data.jid);
-			if stanza.name == "iq" then
-				local id = stanza.attr.id;
-				if stanza.attr.type == "get" or stanza.attr.type == "set" then
-					stanza.attr.from, stanza.attr.to, stanza.attr.id = construct_stanza_id(self, stanza);
-				else
-					stanza.attr.from, stanza.attr.to, stanza.attr.id = deconstruct_stanza_id(self, stanza);
-				end
-				if type == 'get' and stanza.tags[1].attr.xmlns == 'vcard-temp' then
-					stanza.attr.to = jid_bare(stanza.attr.to);
-				end
-				if stanza.attr.id then
-					self:_route_stanza(stanza);
-				end
-				stanza.attr.from, stanza.attr.to, stanza.attr.id = from, to, id;
-			else -- message
-				stanza:tag("x", { xmlns = "http://jabber.org/protocol/muc#user" }):up();
-				stanza.attr.from = current_nick;
-				for jid in pairs(o_data.sessions) do
-					stanza.attr.to = jid;
-					self:_route_stanza(stanza);
-				end
-				stanza.attr.from, stanza.attr.to = from, to;
-			end
-		elseif type ~= "error" and type ~= "result" then -- recipient not in room
-			origin.send(st.error_reply(stanza, "cancel", "item-not-found", "Recipient not in room"));
-		end
+		return self:handle_kickable(origin, stanza); -- send unavailable
 	end
+
+	local o_data = self._occupants[to];
+	if not o_data then
+		origin.send(st.error_reply(stanza, "cancel", "item-not-found", "Recipient not in room"));
+		return true;
+	end
+	log("debug", "%s sent private message stanza to %s (%s)", from, to, o_data.jid);
+	stanza:tag("x", { xmlns = "http://jabber.org/protocol/muc#user" }):up();
+	stanza.attr.from = current_nick;
+	self:route_to_occupant(o_data, stanza)
+	stanza.attr.from = from;
+	return true;
 end
 
 function room_mt:send_form(origin, stanza)
@@ -591,6 +740,7 @@
 end
 
 function room_mt:get_form_layout(actor)
+	local whois = self:get_whois()
 	local form = dataform.new({
 		title = "Configuration for "..self.jid,
 		instructions = "Complete and submit this form to configure the room.",
@@ -634,8 +784,8 @@
 			type = 'list-single',
 			label = 'Who May Discover Real JIDs?',
 			value = {
-				{ value = 'moderators', label = 'Moderators Only', default = self._data.whois == 'moderators' },
-				{ value = 'anyone',     label = 'Anyone',          default = self._data.whois == 'anyone' }
+				{ value = 'moderators', label = 'Moderators Only', default = whois == 'moderators' },
+				{ value = 'anyone',     label = 'Anyone',          default = whois == 'anyone' }
 			}
 		},
 		{
@@ -668,8 +818,7 @@
 
 function room_mt:process_form(origin, stanza)
 	local query = stanza.tags[1];
-	local form;
-	for _, tag in ipairs(query.tags) do if tag.name == "x" and tag.attr.xmlns == "jabber:x:data" then form = tag; break; end end
+	local form = query:get_child("x", "jabber:x:data")
 	if not form then origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); return; end
 	if form.attr.type == "cancel" then origin.send(st.reply(stanza)); return; end
 	if form.attr.type ~= "submit" then origin.send(st.error_reply(stanza, "cancel", "bad-request", "Not a submitted form")); return; end
@@ -704,9 +853,8 @@
 	handle_option("password", "muc#roomconfig_roomsecret");
 
 	if self.save then self:save(true); end
-	if self.locked then
-		module:fire_event("muc-room-unlocked", { room = self });
-		self.locked = nil;
+	if self:is_locked() then
+		self:unlock();
 	end
 	origin.send(st.reply(stanza));
 
@@ -737,211 +885,296 @@
 			self._jid_nick[jid] = nil;
 		end
 		self._occupants[nick] = nil;
+		module:fire_event("muc-occupant-left", { room = self; nick = nick; });
 	end
 	self:set_persistent(false);
 	module:fire_event("muc-room-destroyed", { room = self });
 end
 
-function room_mt:handle_to_room(origin, stanza) -- presence changes and groupchat messages, along with disco/etc
-	local type = stanza.attr.type;
-	local xmlns = stanza.tags[1] and stanza.tags[1].attr.xmlns;
-	if stanza.name == "iq" then
-		if xmlns == "http://jabber.org/protocol/disco#info" and type == "get" and not stanza.tags[1].attr.node then
-			origin.send(self:get_disco_info(stanza));
-		elseif xmlns == "http://jabber.org/protocol/disco#items" and type == "get" and not stanza.tags[1].attr.node then
-			origin.send(self:get_disco_items(stanza));
-		elseif xmlns == "http://jabber.org/protocol/muc#admin" then
-			local actor = stanza.attr.from;
-			local affiliation = self:get_affiliation(actor);
-			local current_nick = self._jid_nick[actor];
-			local role = current_nick and self._occupants[current_nick].role or self:get_default_role(affiliation);
-			local item = stanza.tags[1].tags[1];
-			if item and item.name == "item" then
-				if type == "set" then
-					local callback = function() origin.send(st.reply(stanza)); end
-					if item.attr.jid then -- Validate provided JID
-						item.attr.jid = jid_prep(item.attr.jid);
-						if not item.attr.jid then
-							origin.send(st.error_reply(stanza, "modify", "jid-malformed"));
-							return;
-						end
-					end
-					if not item.attr.jid and item.attr.nick then -- COMPAT Workaround for Miranda sending 'nick' instead of 'jid' when changing affiliation
-						local occupant = self._occupants[self.jid.."/"..item.attr.nick];
-						if occupant then item.attr.jid = occupant.jid; end
-					elseif not item.attr.nick and item.attr.jid then
-						local nick = self._jid_nick[item.attr.jid];
-						if nick then item.attr.nick = select(3, jid_split(nick)); end
-					end
-					local reason = item.tags[1] and item.tags[1].name == "reason" and #item.tags[1] == 1 and item.tags[1][1];
-					if item.attr.affiliation and item.attr.jid and not item.attr.role then
-						local success, errtype, err = self:set_affiliation(actor, item.attr.jid, item.attr.affiliation, callback, reason);
-						if not success then origin.send(st.error_reply(stanza, errtype, err)); end
-					elseif item.attr.role and item.attr.nick and not item.attr.affiliation then
-						local success, errtype, err = self:set_role(actor, self.jid.."/"..item.attr.nick, item.attr.role, callback, reason);
-						if not success then origin.send(st.error_reply(stanza, errtype, err)); end
-					else
-						origin.send(st.error_reply(stanza, "cancel", "bad-request"));
-					end
-				elseif type == "get" then
-					local _aff = item.attr.affiliation;
-					local _rol = item.attr.role;
-					if _aff and not _rol then
-						if affiliation == "owner" or (affiliation == "admin" and _aff ~= "owner" and _aff ~= "admin") then
-							local reply = st.reply(stanza):query("http://jabber.org/protocol/muc#admin");
-							for jid, affiliation in pairs(self._affiliations) do
-								if affiliation == _aff then
-									reply:tag("item", {affiliation = _aff, jid = jid}):up();
-								end
-							end
-							origin.send(reply);
-						else
-							origin.send(st.error_reply(stanza, "auth", "forbidden"));
-						end
-					elseif _rol and not _aff then
-						if role == "moderator" then
-							-- TODO allow admins and owners not in room? Provide read-only access to everyone who can see the participants anyway?
-							if _rol == "none" then _rol = nil; end
-							local reply = st.reply(stanza):query("http://jabber.org/protocol/muc#admin");
-							for occupant_jid, occupant in pairs(self._occupants) do
-								if occupant.role == _rol then
-									reply:tag("item", {
-										nick = select(3, jid_split(occupant_jid)),
-										role = _rol or "none",
-										affiliation = occupant.affiliation or "none",
-										jid = occupant.jid
-										}):up();
-								end
-							end
-							origin.send(reply);
-						else
-							origin.send(st.error_reply(stanza, "auth", "forbidden"));
-						end
-					else
-						origin.send(st.error_reply(stanza, "cancel", "bad-request"));
-					end
-				end
-			elseif type == "set" or type == "get" then
-				origin.send(st.error_reply(stanza, "cancel", "bad-request"));
-			end
-		elseif xmlns == "http://jabber.org/protocol/muc#owner" and (type == "get" or type == "set") and stanza.tags[1].name == "query" then
-			if self:get_affiliation(stanza.attr.from) ~= "owner" then
-				origin.send(st.error_reply(stanza, "auth", "forbidden", "Only owners can configure rooms"));
-			elseif stanza.attr.type == "get" then
-				self:send_form(origin, stanza);
-			elseif stanza.attr.type == "set" then
-				local child = stanza.tags[1].tags[1];
-				if not child then
-					origin.send(st.error_reply(stanza, "modify", "bad-request"));
-				elseif child.name == "destroy" then
-					local newjid = child.attr.jid;
-					local reason, password;
-					for _,tag in ipairs(child.tags) do
-						if tag.name == "reason" then
-							reason = #tag.tags == 0 and tag[1];
-						elseif tag.name == "password" then
-							password = #tag.tags == 0 and tag[1];
-						end
-					end
-					self:destroy(newjid, reason, password);
-					origin.send(st.reply(stanza));
-				else
-					self:process_form(origin, stanza);
+function room_mt:handle_disco_info_get_query(origin, stanza)
+	origin.send(self:get_disco_info(stanza));
+	return true;
+end
+
+function room_mt:handle_disco_items_get_query(origin, stanza)
+	origin.send(self:get_disco_items(stanza));
+	return true;
+end
+
+function room_mt:handle_admin_query_set_command(origin, stanza)
+	local item = stanza.tags[1].tags[1];
+	if item.attr.jid then -- Validate provided JID
+		item.attr.jid = jid_prep(item.attr.jid);
+		if not item.attr.jid then
+			origin.send(st.error_reply(stanza, "modify", "jid-malformed"));
+			return true;
+		end
+	end
+	if not item.attr.jid and item.attr.nick then -- COMPAT Workaround for Miranda sending 'nick' instead of 'jid' when changing affiliation
+		local occupant = self._occupants[self.jid.."/"..item.attr.nick];
+		if occupant then item.attr.jid = occupant.jid; end
+	elseif not item.attr.nick and item.attr.jid then
+		local nick = self:get_occupant_jid(item.attr.jid);
+		if nick then item.attr.nick = select(3, jid_split(nick)); end
+	end
+	local actor = stanza.attr.from;
+	local callback = function() origin.send(st.reply(stanza)); end
+	local reason = item:get_child_text("reason");
+	if item.attr.affiliation and item.attr.jid and not item.attr.role then
+		local success, errtype, err = self:set_affiliation(actor, item.attr.jid, item.attr.affiliation, callback, reason);
+		if not success then origin.send(st.error_reply(stanza, errtype, err)); end
+		return true;
+	elseif item.attr.role and item.attr.nick and not item.attr.affiliation then
+		local success, errtype, err = self:set_role(actor, self.jid.."/"..item.attr.nick, item.attr.role, callback, reason);
+		if not success then origin.send(st.error_reply(stanza, errtype, err)); end
+		return true;
+	else
+		origin.send(st.error_reply(stanza, "cancel", "bad-request"));
+		return true;
+	end
+end
+
+function room_mt:handle_admin_query_get_command(origin, stanza)
+	local actor = stanza.attr.from;
+	local affiliation = self:get_affiliation(actor);
+	local item = stanza.tags[1].tags[1];
+	local _aff = item.attr.affiliation;
+	local _rol = item.attr.role;
+	if _aff and not _rol then
+		if affiliation == "owner" or (affiliation == "admin" and _aff ~= "owner" and _aff ~= "admin") then
+			local reply = st.reply(stanza):query("http://jabber.org/protocol/muc#admin");
+			for jid, affiliation in pairs(self._affiliations) do
+				if affiliation == _aff then
+					reply:tag("item", {affiliation = _aff, jid = jid}):up();
 				end
 			end
-		elseif type == "set" or type == "get" then
-			origin.send(st.error_reply(stanza, "cancel", "service-unavailable"));
-		end
-	elseif stanza.name == "message" and type == "groupchat" then
-		local from = stanza.attr.from;
-		local current_nick = self._jid_nick[from];
-		local occupant = self._occupants[current_nick];
-		if not occupant then -- not in room
-			origin.send(st.error_reply(stanza, "cancel", "not-acceptable"));
-		elseif occupant.role == "visitor" then
-			origin.send(st.error_reply(stanza, "auth", "forbidden"));
+			origin.send(reply);
+			return true;
 		else
-			local from = stanza.attr.from;
-			stanza.attr.from = current_nick;
-			local subject = stanza:get_child_text("subject");
-			if subject then
-				if occupant.role == "moderator" or
-					( self._data.changesubject and occupant.role == "participant" ) then -- and participant
-					self:set_subject(current_nick, subject);
-				else
-					stanza.attr.from = from;
-					origin.send(st.error_reply(stanza, "auth", "forbidden"));
-				end
-			else
-				self:broadcast_message(stanza, self:get_historylength() > 0 and stanza:get_child("body"));
-			end
-			stanza.attr.from = from;
+			origin.send(st.error_reply(stanza, "auth", "forbidden"));
+			return true;
 		end
-	elseif stanza.name == "message" and type == "error" and is_kickable_error(stanza) then
-		local current_nick = self._jid_nick[stanza.attr.from];
-		log("debug", "%s kicked from %s for sending an error message", current_nick, self.jid);
-		self:handle_to_occupant(origin, build_unavailable_presence_from_error(stanza)); -- send unavailable
-	elseif stanza.name == "presence" then -- hack - some buggy clients send presence updates to the room rather than their nick
-		local to = stanza.attr.to;
-		local current_nick = self._jid_nick[stanza.attr.from];
-		if current_nick then
-			stanza.attr.to = current_nick;
-			self:handle_to_occupant(origin, stanza);
-			stanza.attr.to = to;
-		elseif type ~= "error" and type ~= "result" then
-			origin.send(st.error_reply(stanza, "cancel", "service-unavailable"));
-		end
-	elseif stanza.name == "message" and not(type == "chat" or type == "error" or type == "groupchat" or type == "headline") and #stanza.tags == 1
-		and self._jid_nick[stanza.attr.from] and stanza.tags[1].name == "x" and stanza.tags[1].attr.xmlns == "http://jabber.org/protocol/muc#user" then
-		local x = stanza.tags[1];
-		local payload = (#x.tags == 1 and x.tags[1]);
-		if payload and payload.name == "invite" and payload.attr.to then
-			local _from, _to = stanza.attr.from, stanza.attr.to;
-			local _invitee = jid_prep(payload.attr.to);
-			if _invitee then
-				local _reason = payload.tags[1] and payload.tags[1].name == 'reason' and #payload.tags[1].tags == 0 and payload.tags[1][1];
-				local invite = st.message({from = _to, to = _invitee, id = stanza.attr.id})
-					:tag('x', {xmlns='http://jabber.org/protocol/muc#user'})
-						:tag('invite', {from=_from})
-							:tag('reason'):text(_reason or ""):up()
-						:up();
-						if self:get_password() then
-							invite:tag("password"):text(self:get_password()):up();
-						end
-					invite:up()
-					:tag('x', {xmlns="jabber:x:conference", jid=_to}) -- COMPAT: Some older clients expect this
-						:text(_reason or "")
-					:up()
-					:tag('body') -- Add a plain message for clients which don't support invites
-						:text(_from..' invited you to the room '.._to..(_reason and (' ('.._reason..')') or ""))
-					:up();
-				if self:get_members_only() and not self:get_affiliation(_invitee) then
-					log("debug", "%s invited %s into members only room %s, granting membership", _from, _invitee, _to);
-					self:set_affiliation(_from, _invitee, "member", nil, "Invited by " .. self._jid_nick[_from])
+	elseif _rol and not _aff then
+		local role = self:get_role(self:get_occupant_jid(actor)) or self:get_default_role(affiliation);
+		if role == "moderator" then
+			if _rol == "none" then _rol = nil; end
+			local reply = st.reply(stanza):query("http://jabber.org/protocol/muc#admin");
+			for occupant_jid, occupant in pairs(self._occupants) do
+				if occupant.role == _rol then
+					reply:tag("item", {
+						nick = select(3, jid_split(occupant_jid)),
+						role = _rol or "none",
+						affiliation = occupant.affiliation or "none",
+						jid = occupant.jid
+						}):up();
 				end
-				self:_route_stanza(invite);
-			else
-				origin.send(st.error_reply(stanza, "cancel", "jid-malformed"));
 			end
+			origin.send(reply);
+			return true;
 		else
-			origin.send(st.error_reply(stanza, "cancel", "bad-request"));
+			origin.send(st.error_reply(stanza, "auth", "forbidden"));
+			return true;
 		end
 	else
-		if type == "error" or type == "result" then return; end
-		origin.send(st.error_reply(stanza, "cancel", "service-unavailable"));
+		origin.send(st.error_reply(stanza, "cancel", "bad-request"));
+		return true;
+	end
+end
+
+function room_mt:handle_owner_query_get_to_room(origin, stanza)
+	if self:get_affiliation(stanza.attr.from) ~= "owner" then
+		origin.send(st.error_reply(stanza, "auth", "forbidden", "Only owners can configure rooms"));
+		return true;
+	end
+
+	self:send_form(origin, stanza);
+	return true;
+end
+function room_mt:handle_owner_query_set_to_room(origin, stanza)
+	if self:get_affiliation(stanza.attr.from) ~= "owner" then
+		origin.send(st.error_reply(stanza, "auth", "forbidden", "Only owners can configure rooms"));
+		return true;
+	end
+
+	local child = stanza.tags[1].tags[1];
+	if not child then
+		origin.send(st.error_reply(stanza, "modify", "bad-request"));
+		return true;
+	elseif child.name == "destroy" then
+		local newjid = child.attr.jid;
+		local reason = child:get_child_text("reason");
+		local password = child:get_child_text("password");
+		self:destroy(newjid, reason, password);
+		origin.send(st.reply(stanza));
+		return true;
+	else
+		self:process_form(origin, stanza);
+		return true;
 	end
 end
 
-function room_mt:handle_stanza(origin, stanza)
-	local to_node, to_host, to_resource = jid_split(stanza.attr.to);
-	if to_resource then
-		self:handle_to_occupant(origin, stanza);
+function room_mt:handle_groupchat_to_room(origin, stanza)
+	local from = stanza.attr.from;
+	local current_nick = self:get_occupant_jid(from);
+	local occupant = self._occupants[current_nick];
+	if not occupant then -- not in room
+		origin.send(st.error_reply(stanza, "cancel", "not-acceptable"));
+		return true;
+	elseif occupant.role == "visitor" then
+		origin.send(st.error_reply(stanza, "auth", "forbidden"));
+		return true;
 	else
-		self:handle_to_room(origin, stanza);
+		local from = stanza.attr.from;
+		stanza.attr.from = current_nick;
+		local subject = stanza:get_child_text("subject");
+		if subject then
+			if occupant.role == "moderator" or
+				( self:get_changesubject() and occupant.role == "participant" ) then -- and participant
+				self:set_subject(current_nick, subject);
+			else
+				stanza.attr.from = from;
+				origin.send(st.error_reply(stanza, "auth", "forbidden"));
+			end
+		else
+			self:broadcast_message(stanza, self:get_historylength() > 0 and stanza:get_child("body"));
+		end
+		stanza.attr.from = from;
+		return true;
 	end
 end
 
-function room_mt:route_stanza(stanza) end -- Replace with a routing function, e.g., function(room, stanza) core_route_stanza(origin, stanza); end
+-- hack - some buggy clients send presence updates to the room rather than their nick
+function room_mt:handle_presence_to_room(origin, stanza)
+	local current_nick = self:get_occupant_jid(stanza.attr.from);
+	local handled
+	if current_nick then
+		local to = stanza.attr.to;
+		stanza.attr.to = current_nick;
+		handled = self:handle_presence_to_occupant(origin, stanza);
+		stanza.attr.to = to;
+	end
+	return handled;
+end
+
+function room_mt:handle_mediated_invite(origin, stanza)
+	local payload = stanza:get_child("x", "http://jabber.org/protocol/muc#user"):get_child("invite")
+	local _from, _to = stanza.attr.from, stanza.attr.to;
+	local current_nick = self:get_occupant_jid(_from)
+	-- Need visitor role or higher to invite
+	if not self:get_role(current_nick) or not self:get_default_role(self:get_affiliation(_from)) then
+		origin.send(st.error_reply(stanza, "auth", "forbidden"));
+		return true;
+	end
+	local _invitee = jid_prep(payload.attr.to);
+	if _invitee then
+		if self:get_whois() == "moderators" then
+			_from = current_nick;
+		end
+		local _reason = payload:get_child_text("reason")
+		local invite = st.message({from = _to, to = _invitee, id = stanza.attr.id})
+			:tag('x', {xmlns='http://jabber.org/protocol/muc#user'})
+				:tag('invite', {from=_from})
+					:tag('reason'):text(_reason or ""):up()
+				:up();
+		local password = self:get_password()
+		if password then
+			invite:tag("password"):text(password):up();
+		end
+			invite:up()
+			:tag('x', {xmlns="jabber:x:conference", jid=_to}) -- COMPAT: Some older clients expect this
+				:text(_reason or "")
+			:up()
+			:tag('body') -- Add a plain message for clients which don't support invites
+				:text(_from..' invited you to the room '.._to..(_reason and (' ('.._reason..')') or ""))
+			:up();
+		module:fire_event("muc-invite", { room = self, stanza = invite, origin = origin, incoming = stanza });
+		return true;
+	else
+		origin.send(st.error_reply(stanza, "cancel", "jid-malformed"));
+		return true;
+	end
+end
+
+module:hook("muc-invite", function(event)
+	event.room:_route_stanza(event.stanza);
+	return true;
+end, -1)
+
+-- When an invite is sent; add an affiliation for the invitee
+module:hook("muc-invite", function(event)
+	local room, stanza = event.room, event.stanza
+	local invitee = stanza.attr.to
+	if room:get_members_only() and not room:get_affiliation(invitee) then
+		local from = stanza:get_child("x", "http://jabber.org/protocol/muc#user"):get_child("invite").attr.from
+		local current_nick = room:get_occupant_jid(from)
+		log("debug", "%s invited %s into members only room %s, granting membership", from, invitee, room.jid);
+		room:set_affiliation(from, invitee, "member", nil, "Invited by " .. current_nick)
+	end
+end)
+
+function room_mt:handle_mediated_decline(origin, stanza)
+	local payload = stanza:get_child("x", "http://jabber.org/protocol/muc#user"):get_child("decline")
+	local declinee = jid_prep(payload.attr.to);
+	if declinee then
+		local from, to = stanza.attr.from, stanza.attr.to;
+		-- TODO: Validate declinee
+		local reason = payload:get_child_text("reason")
+		local decline = st.message({from = to, to = declinee, id = stanza.attr.id})
+			:tag('x', {xmlns='http://jabber.org/protocol/muc#user'})
+				:tag('decline', {from=from})
+					:tag('reason'):text(reason or ""):up()
+				:up()
+			:up()
+			:tag('body') -- Add a plain message for clients which don't support declines
+				:text(from..' declined your invite to the room '..to..(reason and (' ('..reason..')') or ""))
+			:up();
+		module:fire_event("muc-decline", { room = self, stanza = decline, origin = origin, incoming = stanza });
+		return true;
+	else
+		origin.send(st.error_reply(stanza, "cancel", "jid-malformed"));
+		return true;
+	end
+end
+
+module:hook("muc-decline", function(event)
+	local room, stanza = event.room, event.stanza
+	local occupant = room:get_occupant_by_real_jid(stanza.attr.to);
+	if occupant then
+		room:route_to_occupant(occupant, stanza)
+	else
+		room:route_stanza(stanza);
+	end
+	return true;
+end, -1)
+
+function room_mt:handle_message_to_room(origin, stanza)
+	local type = stanza.attr.type;
+	if type == "groupchat" then
+		return self:handle_groupchat_to_room(origin, stanza)
+	elseif type == "error" and is_kickable_error(stanza) then
+		return self:handle_kickable(origin, stanza)
+	elseif type == nil then
+		local x = stanza:get_child("x", "http://jabber.org/protocol/muc#user");
+		if x then
+			local payload = x.tags[1];
+			if payload == nil then
+				-- fallthrough
+			elseif payload.name == "invite" and payload.attr.to then
+				return self:handle_mediated_invite(origin, stanza)
+			elseif payload.name == "decline" and payload.attr.to then
+				return self:handle_mediated_decline(origin, stanza)
+			end
+			origin.send(st.error_reply(stanza, "cancel", "bad-request"));
+			return true;
+		end
+	else
+		return nil;
+	end
+end
+
+function room_mt:route_stanza(stanza)
+	module:send(stanza)
+end
 
 function room_mt:get_affiliation(jid)
 	local node, host, resource = jid_split(jid);
@@ -1031,7 +1264,7 @@
 
 	if actor_jid == true then return true; end
 
-	local actor = self._occupants[self._jid_nick[actor_jid]];
+	local actor = self._occupants[self:get_occupant_jid(actor_jid)];
 	if actor and actor.role == "moderator" then
 		if occupant.affiliation ~= "owner" and occupant.affiliation ~= "admin" then
 			if actor.affiliation == "owner" or actor.affiliation == "admin" then
@@ -1085,11 +1318,11 @@
 
 function room_mt:_route_stanza(stanza)
 	local muc_child;
-	local to_occupant = self._occupants[self._jid_nick[stanza.attr.to]];
-	local from_occupant = self._occupants[stanza.attr.from];
 	if stanza.name == "presence" then
+		local to_occupant = self._occupants[self:get_occupant_jid(stanza.attr.to)];
+		local from_occupant = self._occupants[stanza.attr.from];
 		if to_occupant and from_occupant then
-			if self._data.whois == 'anyone' then
+			if self:get_whois() == 'anyone' then
 			    muc_child = stanza:get_child("x", "http://jabber.org/protocol/muc#user");
 			else
 				if to_occupant.role == "moderator" or jid_bare(to_occupant.jid) == jid_bare(from_occupant.jid) then
@@ -1097,10 +1330,8 @@
 				end
 			end
 		end
-	end
-	if muc_child then
-		for _, item in pairs(muc_child.tags) do
-			if item.name == "item" then
+		if muc_child then
+			for item in muc_child:childtags("item") do
 				if from_occupant == to_occupant then
 					item.attr.jid = stanza.attr.to;
 				else
@@ -1111,10 +1342,8 @@
 	end
 	self:route_stanza(stanza);
 	if muc_child then
-		for _, item in pairs(muc_child.tags) do
-			if item.name == "item" then
-				item.attr.jid = nil;
-			end
+		for item in muc_child:childtags("item") do
+			item.attr.jid = nil;
 		end
 	end
 end
@@ -1124,6 +1353,7 @@
 function _M.new_room(jid, config)
 	return setmetatable({
 		jid = jid;
+		locked = nil;
 		_jid_nick = {};
 		_occupants = {};
 		_data = {