prosody
87dd8639f08f
core/features.lua
Software / code / prosody
File
core/features.lua @ 13843:87dd8639f08f 13.0
mod_invites_register: Stricter validation of registration events
This fixes two problems:
1) Account invites that were created with a specific username were not
in fact restricted to that username.
2) Password reset invites were not restricted to resetting passwords,
but could be used to create an arbitrary new account if the client
or registration frontend (e.g. mod_invites_register_web) doesn't
handle/enforce the username.
This new validation ensures that registrations and resets are always for the
username specified in the invitation.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 10 Apr 2025 16:07:32 +0100 |
| parent | 13718:569fae28a2f3 |
line wrap: on
line source
local set = require "prosody.util.set"; return { available = set.new{ -- mod_bookmarks bundled "mod_bookmarks"; -- mod_server_info bundled "mod_server_info"; -- mod_flags bundled "mod_flags"; -- mod_cloud_notify bundled "mod_cloud_notify"; -- mod_muc has built-in vcard support "muc_vcard"; -- mod_http_altconnect bundled "http_altconnect"; -- Roles, module.may and per-session authz "permissions"; -- prosody.* namespace "loader"; -- "keyval+" store "keyval+"; "s2sout-pre-connect-event"; -- prosody:guest, prosody:registered, prosody:member "split-user-roles"; -- new moduleapi methods "getopt-enum"; "getopt-interval"; "getopt-period"; "getopt-integer"; -- new module.ready() "module-ready"; -- SIGUSR1 and 2 events "signal-events"; }; };
