File

mod_invites_register: Stricter validation of registration events This fixes two problems: 1) Account invites that were created with a specific username were not in fact restricted to that username. 2) Password reset invites were not restricted to resetting passwords, but could be used to create an arbitrary new account if the client or registration frontend (e.g. mod_invites_register_web) doesn't handle/enforce the username. This new validation ensures that registrations and resets are always for the username specified in the invitation.

Thanks for your interest in contributing to the project!

There are many ways to contribute, such as helping improve the
documentation, reporting bugs, spreading the word or testing the latest
development version.

You can find more information on how to contribute at <https://prosody.im/doc/contributing>

See also the HACKERS and README files.