# HG changeset patch # User Kim Alvefur # Date 1487699684 -3600 # Node ID 72b6d5ab4137f87e91c23b639b13351f7c41575f # Parent 00bca79ae778fa29db2434f8c189efa5e423dca7 mod_register: Require encryption before registration if c2s_require_encryption is set (fixes #595) diff -r 00bca79ae778 -r 72b6d5ab4137 plugins/mod_register.lua --- a/plugins/mod_register.lua Wed Dec 21 11:02:17 2016 +0100 +++ b/plugins/mod_register.lua Tue Feb 21 18:54:44 2017 +0100 @@ -20,6 +20,7 @@ local compat = module:get_option_boolean("registration_compat", true); local allow_registration = module:get_option_boolean("allow_registration", false); local additional_fields = module:get_option("additional_registration_fields", {}); +local require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); local account_details = module:open_store("account_details"); @@ -75,7 +76,7 @@ local session, features = event.origin, event.features; -- Advertise registration to unauthorized clients only. - if not(allow_registration) or session.type ~= "c2s_unauthed" then + if not(allow_registration) or session.type ~= "c2s_unauthed" or (require_encryption and not session.secure) then return end @@ -183,6 +184,8 @@ if not(allow_registration) or session.type ~= "c2s_unauthed" then session.send(st.error_reply(stanza, "cancel", "service-unavailable")); + elseif require_encryption and not session.secure then + session.send(st.error_reply(stanza, "modify", "policy-violation", "Encryption is required")); else local query = stanza.tags[1]; if stanza.attr.type == "get" then