prosody
87dd8639f08f
util/watchdog.lua
Software / code / prosody
File
util/watchdog.lua @ 13843:87dd8639f08f 13.0
mod_invites_register: Stricter validation of registration events
This fixes two problems:
1) Account invites that were created with a specific username were not
in fact restricted to that username.
2) Password reset invites were not restricted to resetting passwords,
but could be used to create an arbitrary new account if the client
or registration frontend (e.g. mod_invites_register_web) doesn't
handle/enforce the username.
This new validation ensures that registrations and resets are always for the
username specified in the invitation.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 10 Apr 2025 16:07:32 +0100 |
| parent | 12975:d10957394a3c |
line wrap: on
line source
local timer = require "prosody.util.timer"; local setmetatable = setmetatable; local _ENV = nil; -- luacheck: std none local watchdog_methods = {}; local watchdog_mt = { __index = watchdog_methods }; local function new(timeout, callback) local watchdog = setmetatable({ timeout = timeout; callback = callback; timer_id = nil; }, watchdog_mt); watchdog:reset(); -- Kick things off return watchdog; end function watchdog_methods:reset(new_timeout) if new_timeout then self.timeout = new_timeout; end if self.timer_id then timer.reschedule(self.timer_id, self.timeout+1); else self.timer_id = timer.add_task(self.timeout+1, function () return self:callback(); end); end end function watchdog_methods:cancel() if self.timer_id then timer.stop(self.timer_id); self.timer_id = nil; end end return { new = new; };
