Software / code / prosody
Changeset
1218:8e02c10c9e60
mod_legacyauth: Hide stream feature when secure auth is enabled, and session isn't secure
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 29 May 2009 18:04:53 +0100 |
| parents | 1217:844ef764ef0e |
| children | 1219:f14e08a0ae7f |
| files | plugins/mod_legacyauth.lua |
| diffstat | 1 files changed, 6 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_legacyauth.lua Fri May 29 18:03:48 2009 +0100 +++ b/plugins/mod_legacyauth.lua Fri May 29 18:04:53 2009 +0100 @@ -19,7 +19,12 @@ module:add_feature("jabber:iq:auth"); module:add_event_hook("stream-features", function (session, features) - if not session.username then features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up(); end + if secure_auth_only and not session.secure then + -- Sorry, not offering to insecure streams! + return; + elseif not session.username then + features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up(); + end end); module:add_iq_handler("c2s_unauthed", "jabber:iq:auth",
