prosody
c0eea4f6c739
doc/session.txt

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

doc/session.txt @ 12659:c0eea4f6c739

usermanager: Add back temporary is_admin to warn about deprecated API usage Goal: Introduce role-auth with minimal disruption is_admin() is unsafe in a system with per-session permissions, so it has been deprecated. Roll-out approach: 1) First, log a warning when is_admin() is used. It should continue to function normally, backed by the new role API. Nothing is really using per-session authz yet, so there is minimal security concern. The 'strict_deprecate_is_admin' global setting can be set to 'true' to force a hard failure of is_admin() attempts (it will log an error and always return false). 2) In some time (at least 1 week), but possibly longer depending on the number of affected deployments: switch 'strict_deprecate_is_admin' to 'true' by default. It can still be disabled for systems that need it. 3) Further in the future, before the next release, the option will be removed and is_admin() will be permanently disabled.
author Matthew Wild <mwild1@gmail.com>
date Mon, 15 Aug 2022 15:25:07 +0100
parent 8728:41c959c5c84b
line wrap: on
line source


Structure of a session:


session {
	-- properties --
	conn -- the tcp connection
	notopen -- true if stream has not been initiated, removed after receiving <stream:steam>
	type -- the connection type. Valid values include:
			-- "c2s_unauthed" - connection has not been authenticated yet
			-- "c2s" - from a local client to the server
	username -- the node part of the client's jid (not defined before auth)
	host -- the host part of the client's jid (not defined before stream initiation)
	resource -- the resource part of the client's full jid (not defined before resource binding)
	full_jid -- convenience for the above 3 as string in username@host/resource form (not defined before resource binding)
	priority -- the resource priority, default: 0
	presence -- the last non-directed presence with no type attribute. initially nil. reset to nil on unavailable presence.
	interested -- true if the resource requested the roster. Interested resources receive roster updates. Initially nil.
	roster -- the user's roster. Loaded as soon as the resource is bound (session becomes a connected resource).
	
	-- methods --
	send(x) -- converts x to a string, and writes it to the connection
	close(x) -- Disconnect the user and clean up the session, best call sessionmanager.destroy_session() instead of this in most cases
}

if session.full_jid (also session.roster and session.resource) then this is a "connected resource"
if session.presence then this is an "available resource" (all available resources are connected resources)
if session.interested then this is an "interested resource" (all interested resources are connected resources)