prosody
c0eea4f6c739
plugins/mod_vcard4.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

plugins/mod_vcard4.lua @ 12659:c0eea4f6c739

usermanager: Add back temporary is_admin to warn about deprecated API usage Goal: Introduce role-auth with minimal disruption is_admin() is unsafe in a system with per-session permissions, so it has been deprecated. Roll-out approach: 1) First, log a warning when is_admin() is used. It should continue to function normally, backed by the new role API. Nothing is really using per-session authz yet, so there is minimal security concern. The 'strict_deprecate_is_admin' global setting can be set to 'true' to force a hard failure of is_admin() attempts (it will log an error and always return false). 2) In some time (at least 1 week), but possibly longer depending on the number of affected deployments: switch 'strict_deprecate_is_admin' to 'true' by default. It can still be disabled for systems that need it. 3) Further in the future, before the next release, the option will be removed and is_admin() will be permanently disabled.
author Matthew Wild <mwild1@gmail.com>
date Mon, 15 Aug 2022 15:25:07 +0100
parent 10707:c4b49939b471
child 12977:74b9e05af71e
line wrap: on
line source

local st = require "util.stanza"
local jid_split = require "util.jid".split;

local mod_pep = module:depends("pep");

module:hook("account-disco-info", function (event)
	event.reply:tag("feature", { var = "urn:ietf:params:xml:ns:vcard-4.0" }):up();
end);

module:hook("iq-get/bare/urn:ietf:params:xml:ns:vcard-4.0:vcard", function (event)
	local origin, stanza = event.origin, event.stanza;

	local pep_service = mod_pep.get_pep_service(jid_split(stanza.attr.to) or origin.username);
	local ok, id, item = pep_service:get_last_item("urn:xmpp:vcard4", stanza.attr.from);
	if ok and item then
		origin.send(st.reply(stanza):add_child(item.tags[1]));
	elseif id == "item-not-found" or not id then
		origin.send(st.error_reply(stanza, "cancel", "item-not-found"));
	elseif id == "forbidden" then
		origin.send(st.error_reply(stanza, "auth", "forbidden"));
	else
		origin.send(st.error_reply(stanza, "modify", "undefined-condition"));
	end
	return true;
end);

module:hook("iq-set/self/urn:ietf:params:xml:ns:vcard-4.0:vcard", function (event)
	local origin, stanza = event.origin, event.stanza;

	local vcard4 = st.stanza("item", { xmlns = "http://jabber.org/protocol/pubsub", id = "current" })
		:add_child(stanza.tags[1]);

	local pep_service = mod_pep.get_pep_service(origin.username);

	local ok, err = pep_service:publish("urn:xmpp:vcard4", origin.full_jid, "current", vcard4);
	if ok then
		origin.send(st.reply(stanza));
	elseif err == "forbidden" then
		origin.send(st.error_reply(stanza, "auth", "forbidden"));
	else
		origin.send(st.error_reply(stanza, "modify", "undefined-condition", err));
	end
	return true;
end);