<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0">
  <channel>
    <link>http://hg.omfa.de/prosody-modules/</link>
    <language>en-us</language>

    <title>prosody-modules: mod_invites_register_api/mod_invites_register_api.lua history</title>
    <description>mod_invites_register_api/mod_invites_register_api.lua revision history</description>
    <item>
    <title>mod_invites_register_api: Use set_password() for password resets</title>
    <link>http://hg.omfa.de/prosody-modules/log/e977174082ee/mod_invites_register_api/mod_invites_register_api.lua</link>
    <description><![CDATA[mod_invites_register_api: Use set_password() for password resets<br/>
<br/>
Previously the code relied on the (weird) behaviour of create_user(), which<br/>
would update the password for a user account if it already existed. This has<br/>
several issues, and we plan to deprecate this behaviour of create_user().<br/>
<br/>
The larger issue is that this route does not trigger the user-password-changed<br/>
event, which can be a security problem. For example, it did not disconnect<br/>
existing user sessions (this occurs in mod_c2s in response to the event).<br/>
<br/>
Switching to set_password() is the right thing to do]]></description>
    <author>&#77;&#97;&#116;&#116;&#104;&#101;&#119;&#32;&#87;&#105;&#108;&#100;&#32;&#60;&#109;&#119;&#105;&#108;&#100;&#49;&#64;&#103;&#109;&#97;&#105;&#108;&#46;&#99;&#111;&#109;&#62;</author>
    <pubDate>Thu, 06 Feb 2025 10:24:30 +0000</pubDate>
</item>
<item>
    <title>Backed out changeset 94399ad6b5ab</title>
    <link>http://hg.omfa.de/prosody-modules/log/76ae646563ea/mod_invites_register_api/mod_invites_register_api.lua</link>
    <description><![CDATA[Backed out changeset 94399ad6b5ab<br/>
<br/>
Unintentional committed changes]]></description>
    <author>&#77;&#97;&#116;&#116;&#104;&#101;&#119;&#32;&#87;&#105;&#108;&#100;&#32;&#60;&#109;&#119;&#105;&#108;&#100;&#49;&#64;&#103;&#109;&#97;&#105;&#108;&#46;&#99;&#111;&#109;&#62;</author>
    <pubDate>Thu, 06 Feb 2025 10:23:08 +0000</pubDate>
</item>
<item>
    <title>mod_invites_register_api: Use set_password() for password resets</title>
    <link>http://hg.omfa.de/prosody-modules/log/94399ad6b5ab/mod_invites_register_api/mod_invites_register_api.lua</link>
    <description><![CDATA[mod_invites_register_api: Use set_password() for password resets<br/>
<br/>
Previously the code relied on the (weird) behaviour of create_user(), which<br/>
would update the password for a user account if it already existed. This has<br/>
several issues, and we plan to deprecate this behaviour of create_user().<br/>
<br/>
The larger issue is that this route does not trigger the user-password-changed<br/>
event, which can be a security problem. For example, it did not disconnect<br/>
existing user sessions (this occurs in mod_c2s in response to the event).<br/>
<br/>
Switching to set_password() is the right thing to do.]]></description>
    <author>&#77;&#97;&#116;&#116;&#104;&#101;&#119;&#32;&#87;&#105;&#108;&#100;&#32;&#60;&#109;&#119;&#105;&#108;&#100;&#49;&#64;&#103;&#109;&#97;&#105;&#108;&#46;&#99;&#111;&#109;&#62;</author>
    <pubDate>Thu, 06 Feb 2025 10:13:39 +0000</pubDate>
</item>
<item>
    <title>mod_invites_register_api: Handle password resets</title>
    <link>http://hg.omfa.de/prosody-modules/log/dbfa830e4504/mod_invites_register_api/mod_invites_register_api.lua</link>
    <description><![CDATA[mod_invites_register_api: Handle password resets<br/>
<br/>
Those need the information for whom they are in the GET response<br/>
as well as special handling in the POST.]]></description>
    <author>&#74;&#111;&#110;&#97;&#115;&#32;&#83;&#99;&#104;&#228;&#102;&#101;&#114;&#32;&#60;&#106;&#111;&#110;&#97;&#115;&#64;&#119;&#105;&#101;&#108;&#105;&#99;&#107;&#105;&#46;&#110;&#97;&#109;&#101;&#62;</author>
    <pubDate>Sat, 30 Jan 2021 10:47:57 +0100</pubDate>
</item>
<item>
    <title>mod_invites_register_api: reroute register call</title>
    <link>http://hg.omfa.de/prosody-modules/log/a1256e376dca/mod_invites_register_api/mod_invites_register_api.lua</link>
    <description><![CDATA[mod_invites_register_api: reroute register call<br/>
<br/>
The token from the URI was not used anyway. In addition, we now<br/>
return the resulting JID because it’s the only way to be sure.]]></description>
    <author>&#74;&#111;&#110;&#97;&#115;&#32;&#83;&#99;&#104;&#228;&#102;&#101;&#114;&#32;&#60;&#106;&#111;&#110;&#97;&#115;&#64;&#119;&#105;&#101;&#108;&#105;&#99;&#107;&#105;&#46;&#110;&#97;&#109;&#101;&#62;</author>
    <pubDate>Mon, 25 Jan 2021 16:55:39 +0100</pubDate>
</item>
<item>
    <title>mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API</title>
    <link>http://hg.omfa.de/prosody-modules/log/cba8cd564641/mod_invites_register_api/mod_invites_register_api.lua</link>
    <description><![CDATA[mod_invites_register_api: New module to allow turning invites into accounts via a HTTP API]]></description>
    <author>&#77;&#97;&#116;&#116;&#104;&#101;&#119;&#32;&#87;&#105;&#108;&#100;&#32;&#60;&#109;&#119;&#105;&#108;&#100;&#49;&#64;&#103;&#109;&#97;&#105;&#108;&#46;&#99;&#111;&#109;&#62;</author>
    <pubDate>Mon, 25 Jan 2021 12:44:20 +0000</pubDate>
</item>

  </channel>
</rss>
