mod_legacyauth: Hide stream feature when secure auth is enabled, and session isn...

author Matthew Wild <mwild1@gmail.com>

Fri, 29 May 2009 17:04:53 +0000 (18:04 +0100)

committer Matthew Wild <mwild1@gmail.com>

Fri, 29 May 2009 17:04:53 +0000 (18:04 +0100)
author Matthew Wild <mwild1@gmail.com>
Fri, 29 May 2009 17:04:53 +0000 (18:04 +0100)
committer Matthew Wild <mwild1@gmail.com>
Fri, 29 May 2009 17:04:53 +0000 (18:04 +0100)
diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua

index f1ffef349ea8a2b5cc3b27ea9576a33fab88f969..8bff51fef7be460b2dd21a69e2e17ead81b47d71 100644 (file)
--- a/plugins/mod_legacyauth.lua
+++ b/plugins/mod_legacyauth.lua
@@ -19,7 +19,12 @@ local usermanager = require "core.usermanager";
  
  module:add_feature("jabber:iq:auth");
  module:add_event_hook("stream-features", function (session, features)
-       if not session.username then features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up(); end
+       if secure_auth_only and not session.secure then
+               -- Sorry, not offering to insecure streams!
+               return;
+       elseif not session.username then
+               features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up();
+       end
  end);
  
  module:add_iq_handler("c2s_unauthed", "jabber:iq:auth",
author	Matthew Wild <mwild1@gmail.com>
	Fri, 29 May 2009 17:04:53 +0000 (18:04 +0100)
committer	Matthew Wild <mwild1@gmail.com>
	Fri, 29 May 2009 17:04:53 +0000 (18:04 +0100)