# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1574963837 -3600
# Node ID 602dd1e2f399c1907a50f3c1127e60f3b101e276
# Parent  0c44090cb1688cab345b3b74627a8073df9dac2e
mod_s2s_bidi: Ignore unencrypted connections if s2s_require_encryption is set

Prevents some weirdness in cases where no authentication is done

diff -r 0c44090cb168 -r 602dd1e2f399 plugins/mod_s2s_bidi.lua
--- a/plugins/mod_s2s_bidi.lua	Thu Nov 28 18:30:30 2019 +0100
+++ b/plugins/mod_s2s_bidi.lua	Thu Nov 28 18:57:17 2019 +0100
@@ -10,15 +10,17 @@
 local xmlns_bidi_feature = "urn:xmpp:features:bidi"
 local xmlns_bidi = "urn:xmpp:bidi";
 
+local require_encryption = module:get_option_boolean("s2s_require_encryption", false);
+
 module:hook("s2s-stream-features", function(event)
 	local origin, features = event.origin, event.features;
-	if origin.type == "s2sin_unauthed" then
+	if origin.type == "s2sin_unauthed" and (not require_encryption or origin.secure) then
 		features:tag("bidi", { xmlns = xmlns_bidi_feature }):up();
 	end
 end);
 
 module:hook_tag("http://etherx.jabber.org/streams", "features", function (session, stanza)
-	if session.type == "s2sout_unauthed" then
+	if session.type == "s2sout_unauthed" and (not require_encryption or session.secure) then
 		local bidi = stanza:get_child("bidi", xmlns_bidi_feature);
 		if bidi then
 			session.incoming = true;
@@ -29,7 +31,7 @@
 end, 200);
 
 module:hook_tag("urn:xmpp:bidi", "bidi", function(session)
-	if session.type == "s2sin_unauthed" then
+	if session.type == "s2sin_unauthed" and (not require_encryption or session.secure) then
 		session.log("debug", "Requested bidirectional stream");
 		session.outgoing = true;
 		return true;