prosody
87dd8639f08f
net/cqueues.lua
Software / code / prosody
File
net/cqueues.lua @ 13843:87dd8639f08f 13.0
mod_invites_register: Stricter validation of registration events
This fixes two problems:
1) Account invites that were created with a specific username were not
in fact restricted to that username.
2) Password reset invites were not restricted to resetting passwords,
but could be used to create an arbitrary new account if the client
or registration frontend (e.g. mod_invites_register_web) doesn't
handle/enforce the username.
This new validation ensures that registrations and resets are always for the
username specified in the invitation.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 10 Apr 2025 16:07:32 +0100 |
| parent | 12974:ba409c67353b |
line wrap: on
line source
-- Prosody IM -- Copyright (C) 2014 Daurnimator -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- -- This module allows you to use cqueues with a net.server mainloop -- local server = require "prosody.net.server"; local cqueues = require "cqueues"; local timer = require "prosody.util.timer"; assert(cqueues.VERSION >= 20150113, "cqueues newer than 20150113 required") -- Create a single top level cqueue local cq; if server.cq then -- server provides cqueues object cq = server.cq; elseif server.watchfd then cq = cqueues.new(); local timeout = timer.add_task(cq:timeout() or 0, function () -- FIXME It should be enough to reschedule this timeout instead of replacing it, but this does not work. See https://issues.prosody.im/1572 assert(cq:loop(0)); return cq:timeout(); end); server.watchfd(cq:pollfd(), function () assert(cq:loop(0)); local t = cq:timeout(); if t then timer.stop(timeout); timeout = timer.add_task(cq:timeout(), function () assert(cq:loop(0)); return cq:timeout(); end); end end); else error "NYI" end return { cq = cq; }
