prosody
38c95544b7ee
plugins/mod_vcard4.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

plugins/mod_vcard4.lua @ 13289:38c95544b7ee

mod_saslauth, mod_c2s: Disable tls-server-end-point channel binding by default This channel binding method is now enabled when a hash is manually set in the config, or it attempts to discover the hash automatically if the value is the special string "auto". A related change to mod_c2s prevents complicated certificate lookups in the client connection hot path - this work now happens only when this channel binding method is used. I'm not aware of anything else that uses ssl_cfg (vs ssl_ctx). Rationale for disabling by default: - Minor performance impact in automatic cert detection - This method is weak against a leaked/stolen private key (other methods such as 'tls-exporter' would not be compromised in such a case) Rationale for keeping the implementation: - For some deployments, this may be the only method available (e.g. due to TLS offloading in another process/server).
author Matthew Wild <mwild1@gmail.com>
date Thu, 26 Oct 2023 15:14:39 +0100
parent 12977:74b9e05af71e
line wrap: on
line source

local st = require "prosody.util.stanza"
local jid_split = require "prosody.util.jid".split;

local mod_pep = module:depends("pep");

module:hook("account-disco-info", function (event)
	event.reply:tag("feature", { var = "urn:ietf:params:xml:ns:vcard-4.0" }):up();
end);

module:hook("iq-get/bare/urn:ietf:params:xml:ns:vcard-4.0:vcard", function (event)
	local origin, stanza = event.origin, event.stanza;

	local pep_service = mod_pep.get_pep_service(jid_split(stanza.attr.to) or origin.username);
	local ok, id, item = pep_service:get_last_item("urn:xmpp:vcard4", stanza.attr.from);
	if ok and item then
		origin.send(st.reply(stanza):add_child(item.tags[1]));
	elseif id == "item-not-found" or not id then
		origin.send(st.error_reply(stanza, "cancel", "item-not-found"));
	elseif id == "forbidden" then
		origin.send(st.error_reply(stanza, "auth", "forbidden"));
	else
		origin.send(st.error_reply(stanza, "modify", "undefined-condition"));
	end
	return true;
end);

module:hook("iq-set/self/urn:ietf:params:xml:ns:vcard-4.0:vcard", function (event)
	local origin, stanza = event.origin, event.stanza;

	local vcard4 = st.stanza("item", { xmlns = "http://jabber.org/protocol/pubsub", id = "current" })
		:add_child(stanza.tags[1]);

	local pep_service = mod_pep.get_pep_service(origin.username);

	local ok, err = pep_service:publish("urn:xmpp:vcard4", origin.full_jid, "current", vcard4);
	if ok then
		origin.send(st.reply(stanza));
	elseif err == "forbidden" then
		origin.send(st.error_reply(stanza, "auth", "forbidden"));
	else
		origin.send(st.error_reply(stanza, "modify", "undefined-condition", err));
	end
	return true;
end);