# HG changeset patch # User Matthew Wild # Date 1775159686 -3600 # Node ID 7008869fcce2941a98d7964c7eb3fc573dd2cd2c # Parent 221f3378e7f457fc1d1fdb9517e96a9bbadcd0eb# Parent 0e9e3efa381febc98baa0e7b80d350f1e488e901 Merge 13.0->trunk diff -r 221f3378e7f4 -r 7008869fcce2 plugins/mod_admin_shell.lua --- a/plugins/mod_admin_shell.lua Tue Mar 31 14:18:06 2026 +0100 +++ b/plugins/mod_admin_shell.lua Thu Apr 02 20:54:46 2026 +0100 @@ -21,6 +21,7 @@ local st = require "prosody.util.stanza"; local parse_args = require "prosody.util.argparse".parse; local dt = require "prosody.util.datetime"; +local saslprep = require "prosody.util.encodings".stringprep.saslprep; local _G = _G; @@ -1913,8 +1914,16 @@ role = module:get_option_string("default_provisioned_role", "prosody:member"); end - return promise.resolve(password or self.session.request_input("password")):next(function (password_) - local ok, err = um.create_user_with_role(username, password_, host, role); + return promise.resolve(password or self.session.request_input("password")):next(function (raw_password) + local prepped_password = saslprep(raw_password); + if not prepped_password or prepped_password == "" then + return promise.reject("Unacceptable password"); + end + + self.session.print(("PW: %q"):format(raw_password)); + self.session.print(("PW2: %q"):format(prepped_password)); + + local ok, err = um.create_user_with_role(username, prepped_password, host, role); if not ok then return promise.reject("Could not create user: "..err); end @@ -1979,8 +1988,16 @@ return nil, "No such user"; end - return promise.resolve(password or self.session.request_input("password")):next(function (password_) - local ok, err = um.set_password(username, password_, host, nil); + return promise.resolve(password or self.session.request_input("password")):next(function (raw_password) + local prepped_password = saslprep(raw_password); + if not prepped_password or prepped_password == "" then + return promise.reject("Unacceptable password"); + end + + self.session.print(("PW: %q"):format(raw_password)); + self.session.print(("PW2: %q"):format(prepped_password)); + + local ok, err = um.set_password(username, prepped_password, host, nil); if ok then return "User password changed"; else diff -r 221f3378e7f4 -r 7008869fcce2 util/human/io.lua --- a/util/human/io.lua Tue Mar 31 14:18:06 2026 +0100 +++ b/util/human/io.lua Thu Apr 02 20:54:46 2026 +0100 @@ -43,7 +43,7 @@ end io.write("\n"); if ok then - return pass; + return (pass:gsub("\n$", "")); end end