Mercurial > lxmppd-hg-xmllex / changeset

changeset

mod_legacyauth: Hide stream feature when secure auth is enabled, and session isn't secure

Fri, 29 May 2009 18:04:53 +0100

author
Matthew Wild <mwild1@gmail.com>
date
Fri, 29 May 2009 18:04:53 +0100
changeset 1218
8e02c10c9e60
parent 1217
844ef764ef0e
child 1219
f14e08a0ae7f

mod_legacyauth: Hide stream feature when secure auth is enabled, and session isn't secure

plugins/mod_legacyauth.lua file | annotate | diff | comparison | revisions 
--- a/plugins/mod_legacyauth.lua	Fri May 29 18:03:48 2009 +0100
+++ b/plugins/mod_legacyauth.lua	Fri May 29 18:04:53 2009 +0100
@@ -19,7 +19,12 @@
 
 module:add_feature("jabber:iq:auth");
 module:add_event_hook("stream-features", function (session, features)
-	if not session.username then features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up(); end
+	if secure_auth_only and not session.secure then
+		-- Sorry, not offering to insecure streams!
+		return;
+	elseif not session.username then
+		features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up();
+	end
 end);
 
 module:add_iq_handler("c2s_unauthed", "jabber:iq:auth",

Mercurial Repository: lxmppd-hg-xmllex

mercurial