Merge pull request 'blacklist update' (#2) from dev into main

Reviewed-on: #2

.gitignore

@@ -1,6 +1,6 @@
 data/*
 certs/
-matterbrige/*.t*
+extras/matterbridge/*.t*
 tests/certs/
 tests/venv/
 tests/__pycache__/

CHANGELOG.md

@@ -1,5 +1,44 @@
 # Changelog
 
+## Unreleased 2024-05-05
+
+### Adjust config
+
+* Replace deprecated legacy_ssl with c2s_direct_tls.
+* Removed use_libevent = true. This means the default is now used which is epoll.
+
+### Test
+
+Added a test to check that no deprecated config settings are used.
+
+## v 1.3.3
+
+* Updated to LuaRocks 3.12.2
+* Updated to Lua 5.4
+* Updated to Prosody 0.12.5
+* Removed unused luarocks
+
+## v1.3.2
+
+* Added Firewall module with optional custom blacklist
+
+## v1.3.1
+
+* Added optional Firewall module for testing
+
+### Breaking Change
+
+Switched from [http_upload](https://modules.prosody.im/mod_http_upload) to [http_file_share](https://prosody.im/doc/modules/mod_http_file_share).
+This means that previous uploads will NOT work after upgrading.
+ENV variable `HTTP_UPLOAD_FILE_SIZE_LIMIT` was removed.
+
+The new module uses the following variables:
+
+* HTTP_FILE_SHARE_SIZE_LIMIT
+* HTTP_FILE_SHARE_DAILY_QUOTA
+
+See [readme.md](readme.md) for explanations and defaults.
+
 ## v1.3.0
 
 * Update to Debian Bookworm

Dockerfile

@@ -4,11 +4,11 @@ ARG BUILD_DATE
 ARG VCS_REF
 ARG VERSION
 
-ARG LUAROCKS_VERSION=3.9.2
-ARG PROSODY_VERSION=0.12.4
+ARG LUAROCKS_VERSION=3.12.2
+ARG PROSODY_VERSION=0.12.5
 
-ARG LUAROCKS_SHA256="bca6e4ecc02c203e070acdb5f586045d45c078896f6236eb46aa33ccd9b94edb"
-ARG PROSODY_DOWNLOAD_SHA256="47d712273c2f29558c412f6cdaec073260bbc26b7dda243db580330183d65856"
+ARG LUAROCKS_SHA256="b0e0c85205841ddd7be485f53d6125766d18a81d226588d2366931e9a1484492"
+ARG PROSODY_DOWNLOAD_SHA256="778fb7707a0f10399595ba7ab9c66dd2a2288c0ae3a7fe4ab78f97d462bd399f"
 
 LABEL luarocks.version="${LUAROCKS_VERSION}"
 LABEL org.opencontainers.image.authors="Wproject Garapenak"
@@ -30,7 +30,8 @@ RUN apt-get update \
       libidn2-0 \
       libpq-dev \
       libsqlite3-0 \
-      lua5.2 \
+      lua5.4 \
+      liblua5.4-dev \
       lua-bitop \
       lua-dbi-mysql \
       lua-dbi-postgresql \
@@ -73,11 +74,11 @@ RUN buildDeps='gcc git libc6-dev libidn2-dev liblua5.2-dev libsqlite3-dev libssl
  && make bootstrap \
  && cd / && rm -r /usr/src/luarocks \
  \
- && luarocks install luaevent \
+ # && luarocks install luaevent \
  && luarocks install luadbi \
  `#&& luarocks install luadbi-mysql MYSQL_INCDIR=/usr/include/mariadb/` \
  && luarocks install luadbi-sqlite3 \
- && luarocks install stringy \
+ # && luarocks install stringy \
  \
  && apt-get purge -y --auto-remove $buildDeps
 
@@ -90,7 +91,7 @@ RUN groupadd -r prosody \
 RUN mkdir -p /var/run/prosody/ \
  && chown prosody:prosody /var/run/prosody/
 
-ENV __FLUSH_LOG yes
+ENV __FLUSH_LOG=yes
 
 VOLUME ["/usr/local/var/lib/prosody"]
 
@@ -110,10 +111,12 @@ RUN download-prosody-modules.bash \
         filter_chatstates `# disable "X is typing" type messages` \
         smacks `# stream management (XEP-0198)` \
         throttle_presence `# presence throttling in CSI` \
-        http_upload `# file sharing (XEP-0363)` \
         vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \
+ #&& docker-prosody-module-pre-install.bash \
+	firewall `# anti-spam firewall` \
  && rm -rf "/usr/src/prosody-modules"
 RUN echo "TLS_REQCERT allow" >> /etc/ldap/ldap.conf
+
 USER prosody
 
 ENTRYPOINT ["/entrypoint.bash"]

conf.d/01-modules.cfg.lua

@@ -1,5 +1,7 @@
 plugin_paths = { "/usr/local/lib/prosody/custom-modules/" };
 
+-- table of enabled modules
+-- local mods_enabled = {
 modules_enabled = {
     -- Generally required
     "roster"; -- Allow users to have a roster. Recommended ;)
@@ -32,7 +34,7 @@ modules_enabled = {
     --"admin_telnet"; -- Opens telnet console interface on localhost port 5582
 
     -- HTTP modules
-    --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
+    "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
     --"http_files"; -- Serve static files from a directory over HTTP
 
     -- Other specific functionality
@@ -47,6 +49,8 @@ modules_enabled = {
     "server_contact_info"; -- This module lets you advertise various contact addresses for your XMPP service via XEP-0157.
 };
 
+-- modules_enabled = mods_enabled;
+
 -- These modules are auto-loaded, but should you want
 -- to disable them then uncomment them here:
 modules_disabled = {

conf.d/02-storage.cfg.lua

@@ -1,8 +1,8 @@
 default_storage = "sql"
 
 sql = {
-  driver = os.getenv("DB_DRIVER");
-  database = os.getenv("DB_DATABASE");
+  driver = os.getenv("DB_DRIVER") or "SQLite3";
+  database = os.getenv("DB_DATABASE") or "prosody.sqlite";
   host = os.getenv("DB_HOST");
   port = os.getenv("DB_PORT");
   username = os.getenv("DB_USERNAME");
@@ -21,11 +21,13 @@ storage = {
 archive_expires_after = "1y"
 
 -- bandwith limits
-limits = {
-    c2s = {
-        rate = "10kb/s";
-    };
-    s2sin = {
-        rate = "30kb/s";
-    };
-}
+--limits = {
+    --c2s = {
+        --rate = "10kb/s";
+    --};
+    --s2sin = {
+        --rate = "30kb/s";
+    --};
+--}
+
+http_max_content_size = os.getenv("HTTP_MAX_CONTENT_SIZE") or 1024 * 1024 * 10 -- Default is 10MB

conf.d/03-e2e-policy.cfg.lua

@@ -1,8 +1,16 @@
-local stringy = require "stringy" 
+local function _split(s, sep)
+	if not s then return nil; end
+	sep = sep or ",";
+	local parts = {};
+	for part in s:gmatch("[^"..sep.."]+") do
+		parts[#parts+1] = part;
+	end
+	return parts;
+end
 
 e2e_policy_chat = os.getenv("E2E_POLICY_CHAT")
 e2e_policy_muc = os.getenv("E2E_POLICY_MUC")
-e2e_policy_whitelist = stringy.split(os.getenv("E2E_POLICY_WHITELIST"), ", ")
+e2e_policy_whitelist = _split(os.getenv("E2E_POLICY_WHITELIST"), ", ")
 e2e_policy_message_optional_chat = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for conversations on this server."
 e2e_policy_message_required_chat = "For security reasons, OMEMO, OTR or PGP encryption is required for conversations on this server."
 e2e_policy_message_optional_muc = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for MUC on this server."

conf.d/04-server_contact_info.cfg.lua

@@ -1,12 +1,28 @@
-local stringy = require "stringy" 
+local function _split(s, sep)
+	if not s then return nil; end
+	sep = sep or ",";
+	local parts = {};
+	for part in s:gmatch("[^"..sep.."]+") do
+		parts[#parts+1] = part;
+	end
+	return parts;
+end
+
+local domain = os.getenv("DOMAIN")
+local abuse = os.getenv("SERVER_CONTACT_INFO_ABUSE") or "xmpp:abuse@" .. domain
+local admin = os.getenv("SERVER_CONTACT_INFO_ADMIN") or "xmpp:admin@" .. domain
+local feedback = os.getenv("SERVER_CONTACT_INFO_FEEDBACK") or "xmpp:feedback@" .. domain
+local sales = os.getenv("SERVER_CONTACT_INFO_SALES") or "xmpp:sales@" .. domain
+local security = os.getenv("SERVER_CONTACT_INFO_SECURITY") or "xmpp:security@" .. domain
+local support = os.getenv("SERVER_CONTACT_INFO_SUPPORT") or "xmpp:support@" .. domain
 
 contact_info = {
-  abuse = stringy.split(os.getenv("SERVER_CONTACT_INFO_ABUSE"), ", ");
-  admin = stringy.split(os.getenv("SERVER_CONTACT_INFO_ADMIN"), ", ");
-  feedback = stringy.split(os.getenv("SERVER_CONTACT_INFO_FEEDBACK"), ", ");
-  sales = stringy.split(os.getenv("SERVER_CONTACT_INFO_SALES"), ", ");
-  security = stringy.split(os.getenv("SERVER_CONTACT_INFO_SECURITY"), ", ");
-  support = stringy.split(os.getenv("SERVER_CONTACT_INFO_SUPPORT"), ", ");
+  abuse = _split(abuse, ", ");
+  admin = _split(admin, ", ");
+  feedback = _split(feedback, ", ");
+  sales = _split(sales, ", ");
+  security = _split(security, ", ");
+  support = _split(support, ", ");
 }
 
 welcome_message = "Kaixo $username, ongi etorri $host IM zerbitzura! Mesedez irakurri itzazu ondorengo <a href='https://lainoa.eus/terms/tos.html'>Erabilpen baldintzak</a>."

conf.d/05-vhost.cfg.lua

@@ -6,11 +6,11 @@ local domain_pubsub = os.getenv("DOMAIN_PUBSUB")
 
 -- XEP-0368: SRV records for XMPP over TLS
 -- https://compliance.conversations.im/test/xep0368/
-legacy_ssl_ssl = {
-	certificate = "certs/" .. domain .. "/fullchain.pem";
+c2s_direct_tls_ssl = {
+    certificate = "certs/" .. domain .. "/fullchain.pem";
 	key = "certs/" .. domain .. "/privkey.pem";
 }
-legacy_ssl_ports = { 5223 }
+c2s_direct_tls_ports = { 5223 }
 
 -- https://prosody.im/doc/certificates#service_certificates
 -- https://prosody.im/doc/ports#ssl_configuration
@@ -21,9 +21,12 @@ https_ssl = {
 
 VirtualHost (domain)
 
--- Set up a http file upload because proxy65 is not working in muc
-Component (domain_http_upload) "http_upload"
-	http_upload_expire_after = 60 * 60 * 24 * 7 -- a week in seconds
+-- Set up a http file upload 
+Component (domain_http_upload) "http_file_share"
+	http_file_share_expires_after = 60 * 60 * 24 * 7 -- a week in seconds
+	local size_limit = os.getenv("HTTP_FILE_SHARE_SIZE_LIMIT") or 10 * 1024 * 1024 -- Default is 10MB
+	http_file_share_size_limit = size_limit
+	http_file_share_daily_quota = os.getenv("HTTP_FILE_SHARE_DAILY_QUOTA") or 10 * size_limit -- Default is 10x the size limit
 
 Component (domain_muc) "muc"
 	name = "Prosody Chatrooms"

docker-prosody-module-install.bash

@@ -46,4 +46,10 @@ for ext in $exts; do
 		new_config=$(cat "${config}" | module="${ext}" perl -0pe 's/(modules_enabled[ ]*=[ ]*{[^}]*)};/$1\n\t"$ENV{module}";\n};/')
 		echo "${new_config}" > "${config}"
 	fi
+	# firewall module configuration
+    	if [ "$ext" == "firewall" ] ; then
+        	echo " - setting up mod_${ext}"
+        	new_config=$(cat "${config}" | echo -e "\nlocal spam_blocklist = os.getenv(\"SPAM_BLOCKLIST\") and \"/usr/local/etc/prosody/firewall/\" .. os.getenv(\"SPAM_BLOCKLIST\") or \"module:scripts/spam-blocklists.pfw\"\n\nfirewall_scripts = {\n\t\"module:scripts/spam-blocking.pfw\";\n\tspam_blocklist;\n};")
+        	echo "${new_config}" >> "${config}"
+    	fi
 done

extras/firewall/blacklist.txt

@@ -0,0 +1,22 @@
+bashtel.ru
+creep.im
+darkengine.biz
+default.rs
+exploit.im
+hiddenlizard.org
+jabber.bitactive.com
+jabber.cd
+jabber.cz
+jabber.freenet.de
+jabber.ipredator.se
+jabber.npw.net
+jabber.sampo.ru
+jabbim.pl
+labas.biz
+otr.chat
+paranoid.scarab.name
+rassnet.org
+safetyjabber.com
+sj.ms
+trashserver.net
+xmpp.bytesund.biz

extras/firewall/custom-blocklist.pfw

@@ -0,0 +1,21 @@
+# This script depends on spam-blocking.pfw also being loaded
+# Any traffic that is not explicitly blocked or allowed by other
+# rules will be checked against the JabberSPAM server blocklist
+
+%LIST blocklist: file:/usr/local/etc/prosody/firewall/blacklist.txt
+#%LIST blocklist: https://cdn.jsdelivr.net/gh/jabberspam/blacklist/blacklist.txt
+
+::user/spam_handle_unknown_custom
+
+CHECK LIST: blocklist contains $<@from|host>
+BOUNCE=policy-violation (Your server is blocked due to spam)
+
+::user/spam_check_muc_invite_custom
+
+# Check the server we received the invitation from
+CHECK LIST: blocklist contains $<@from|host>
+BOUNCE=policy-violation (Your server is blocked due to spam)
+
+# Check the inviter's JID against the blocklist, too
+CHECK LIST: blocklist contains $<{http://jabber.org/protocol/muc#user}x/invite@from|host>
+BOUNCE=policy-violation (Your server is blocked due to spam)

matterbridge/matterbridge.toml

@@ -1,84 +0,0 @@
-#https://github.com/42wim/matterbridge
-
-###################################################################
-#XMPP section - berriketak
-###################################################################
-[xmpp]
-[xmpp.telegram_berriketak]
-#Server="lainoa.eus:5222"
-Server="server:5222"
-#Jid="admin@lainoa.eus"
-Jid="admin@lainoa.eus"
-#Password="sagastarri996X"
-Password="sagastarri996"
-Muc="conference.lainoa.eus"
-Nick="Admin"
-SkipTLSVerify=true
-#IgnoreNicks="ircspammer1 ircspammer2"
-#RemoteNickFormat="[{NICK}] "
-RemoteNickFormat="{TENGO}({PROTOCOL}) "
-ShowJoinPart=false
-
-###################################################################
-#telegram section - berriketak
-###################################################################
-[telegram]
-[telegram.berriket_xmppBot]
-Token="434963747:AAHRbJAw9oN30b9KdjWacnyYyHS22r056SM" #token berriket_xmppBot
-MessageFormat="HTMLNick"
-EditDisable=false
-EditSuffix=" (edited)"
-IgnoreNicks="spammer1 spammer2"
-RemoteNickFormat="{NICK}: "
-ShowJoinPart=false
-UseInsecureURL=true
-MediaConvertWebPToPNG=true
-DisableWebPagePreview=false
-
-[tengo]
-#RemoteNickFormat="remotenickformat.tengo"
-RemoteNickFormat="/etc/matterbridge/nicks.tengo"
-#InMessage="/etc/matterbridge/in.tengo"
-OutMessage="/etc/matterbridge/out.tengo"
-
-###################################################################
-#gateway section
-###################################################################
-[[gateway]]
-name="gateway_berriketak"
-enable=true
-
-	[[gateway.inout]]
-	account="xmpp.telegram_berriketak"
-	channel="berriketak"
-        #channel="test"
-
-	[[gateway.inout]]
-	account="telegram.berriket_xmppBot"
-	channel="-183435536" #Telegram berriketak taldearen ID-a
-
-[[gateway]]
-name="test"
-enable=true
-
-        [[gateway.inout]]
-        account="xmpp.telegram_berriketak"
-        channel="test"
-
-        [[gateway.inout]]
-        account="telegram.berriket_xmppBot"
-        #channel="-241666435" #Telegram xmpp_test taldearen ID-a
-	channel="-1001617641457"
-
-#[[gateway]]
-#name="etxekok"
-#enable=true
-
-#        [[gateway.inout]]
-#        account="xmpp.telegram_berriketak"
-#        channel="etxekok"
-
-#        [[gateway.inout]]
-#        account="telegram.berriket_xmppBot"
-#        channel="-523032" #Telegram etxekok taldearen ID-a
-

matterbridge/nicks.tengo

@@ -1,5 +0,0 @@
-/*Customize nicks from X to XMPP*/
-result = nick
-if(nick == "Nekane Nekane") {
-   result = "Amona Nekane"
-}

matterbridge/out.tengo

@@ -1,30 +0,0 @@
-text := import("text")
-fmt := import("fmt")
-
-fmt.println(msgText)
-
-if(inProtocol == "telegram"){
-	if text.index(msgText, "https") > 1 {
-		media_array := text.re_split(":", msgText, 2)
-		fmt.println(media_array)    
-		if len(media_array) > 1 {
-			//TG desktop
-			media := text.trim_prefix(media_array[1]," ")
-			//msgText=media
-			bold := "**"+media+"**"
-			//link := "[link]("+media+")"
-			//msgText =link
-			msgText = text.re_replace("MEDIA", bold, msgText)
-			//msgText="![Tux, the Linux mascot]("+media+")"
-			//msgText=text.re_replace("matterbridge",msgText,"matterbridge (https://github.com/42wim/matterbridge)")
-		}else{
-			//TG android
-			msgText="https:"+media_array[0]
-		}
-
-	}
-}else{
-	//capitalize + bold
-        msgUsername = "<strong>"+text.title(msgUsername)+"</strong>"
-	msgText = msgText
-}

prosody.cfg.lua

@@ -1,14 +1,12 @@
 -- see example config at https://hg.prosody.im/-1.9/file/0.9.10/prosody.cfg.lua.dist
 -- easily extendable by putting into different config files within conf.d folder
 
-local stringy = require "stringy" 
+local stringy = require "stringy"
 
 admins = stringy.split(os.getenv("PROSODY_ADMINS"), ", ");
 
 pidfile = "/var/run/prosody/prosody.pid"
 
-use_libevent = true; -- improves performance
-
 allow_registration = os.getenv("ALLOW_REGISTRATION");
 
 c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION");

readme.md

@@ -54,6 +54,7 @@ While Conversations got everything set-up out-of-the-box, Gajim was used with th
 * Secure by default
   * SSL certificate required
   * End-to-end encryption required (using [OMEMO](https://conversations.im/omemo/) or [OTR](https://en.wikipedia.org/wiki/Off-the-Record_Messaging))
+  * Anti-spam filter (based on the pre-installed [Firewall](https://modules.prosody.im/mod_firewall) module)
 * Data storage
   * SQLite message store
   * Configured file upload and image sharing
@@ -157,11 +158,9 @@ docker build -t prosody/xmpp .
 Next I recommend using a ```docker-compose.yml``` file:
 
 ```yaml
-version: '3.7'
-
 services:
   server:
-    image: sarasmiseth/prosody:latest
+    image: prosody/xmpp:latest
     restart: unless-stopped
     ports:
       - "5000:5000"
@@ -176,9 +175,9 @@ services:
       - ./data:/usr/local/var/lib/prosody
 ```
 
-Boot it via: ```docker-compose up -d```.
+Boot it via: ```docker compose up -d```.
 
-Inspect logs: ```docker-compose logs -f```.
+Inspect logs: ```docker compose logs -f```.
 
 ### Volumes permissions
 
@@ -228,6 +227,9 @@ sudo chown 999:999 ./data
 | **DB_PORT**                      | Port on which the database is listening                                                                              | *optional*                                   |                            |
 | **DB_USERNAME**                  | The username to authenticate to the database                                                                         | *optional*                                   |                            |
 | **DB_PASSWORD**                  | The password to authenticate to the database                                                                         | *optional*                                   |                            |
+| **HTTP_MAX_CONTENT_SIZE**        | Max http content size in bytes                                                                                       | *optional*                                   | 10485760                   |
+| **HTTP_FILE_SHARE_SIZE_LIMIT**   | Max http file share size in bytes                                                                                    | *optional*                                   | 10485760                   |
+| **HTTP_FILE_SHARE_DAILY_QUOTA**  | Daily quota in bytes                                                                                                 | *optional*                                   | 10 times share size limit  |
 | **E2E_POLICY_CHAT**              | Policy for chat messages. Possible values: "none", "optional" and "required".                                        | *optional*                                   | "required"                 |
 | **E2E_POLICY_MUC**               | Policy for MUC messages. Possible values: "none", "optional" and "required".                                         | *optional*                                   | "required"                 |
 | **E2E_POLICY_WHITELIST**         | Make this module ignore messages sent to and from this JIDs or MUCs.                                                 | *optional*                                   | ""                         |
@@ -242,6 +244,8 @@ sudo chown 999:999 ./data
 | **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional*                                   | "xmpp:security@**DOMAIN**" |
 | **SERVER_CONTACT_INFO_SUPPORT**  | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional*                                   | "xmpp:support@**DOMAIN**"  |
 | **PROSODY_ADMINS**               | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net"                         | *optional*                                   | ""                         |
+| **ENABLE_FIREWALL**              | Enable Firewall module                                                                                               | *optional*                                   | false                      |
+| **SPAM_BLOCKLIST**               | Blacklist to use with Firewall module. Eg. "custom-blocklist.pfw"                                                    | *optional*                                   |                       |
 
 #### DNS
 
@@ -262,7 +266,7 @@ There is a helper script that eases installing additional prosody modules: ```do
 
 It downloads the current [prosody-modules](https://hg.prosody.im/prosody-modules/) repository. The specified modules are copied and its name is added to the ```modules_enabled``` variable within ```conf.d/01-modules.cfg.lua```.
 
-There is also ```docker-prosody-module-copy``` which copies the specified modules but does not add them to the ```modules_enabled``` variable within ```conf.d/01-modules.cfg.lua```.
+There is also ```docker-prosody-module-pre-install.bash``` which downloads the specified modules but does not add them to the ```modules_enabled``` variable within ```conf.d/01-modules.cfg.lua```. In fact, this script is in charge of pre-installing the Firewall module.
 
 If you need additional configuration just overwrite the respective _cfg.lua_ file or add new ones.
 
@@ -277,16 +281,16 @@ prosodyctl mod_storage_sql upgrade
 
 ## Matterbridge
 
-To enable bridges using **Matterbridge** simply add the service in the docker-compose.yml file. Then you need to add _toml_ config file in ```matterbridge``` directory spedifying protocols and gateways. Check [documentation](https://github.com/42wim/matterbridge#readme).
+To enable bridges using **Matterbridge** simply add the service in the docker-compose.yml file. Then you need to add _toml_ config file in ```matterbridge``` directory spedifying protocols and gateways. Check the [documentation](https://github.com/42wim/matterbridge#readme) for more information.
 
 ``` yaml
   matterbridge:
     image: 42wim/matterbridge:latest
     restart: unless-stopped
     volumes:
-    - ./matterbridge/matterbridge.toml:/etc/matterbridge/matterbridge.toml:ro
-    - ./matterbridge/nicks.tengo:/etc/matterbridge/nicks.tengo:ro
-    - ./matterbridge/out.tengo:/etc/matterbridge/out.tengo:ro
+    - ./extras/matterbridge/matterbridge.toml:/etc/matterbridge/matterbridge.toml:ro
+    - ./extras/matterbridge/nicks.tengo:/etc/matterbridge/nicks.tengo:ro
+    - ./extras/matterbridge/out.tengo:/etc/matterbridge/out.tengo:ro
     depends_on:
       - server
 

tests/bats/bats-assert

@@ -0,0 +1 @@
+Subproject commit e2d855bc78619ee15b0c702b5c30fb074101159f

tests/bats/bats-core

@@ -0,0 +1 @@
+Subproject commit a751f3d3da4b7db830612322a068a18379c78d09

tests/bats/bats-support

@@ -0,0 +1 @@
+Subproject commit 9bf10e876dd6b624fe44423f0b35e064225f7556

tests/docker-compose.yml

@@ -1,8 +1,6 @@
-version: "3.9"
-
 services:
   prosody:
-    image: prosody
+    image: prosody/xmpp:latest
     restart: unless-stopped
     ports:
       - "5000:5000"
@@ -19,7 +17,7 @@ services:
       - ./certs:/usr/local/etc/prosody/certs
 
   prosody_postgres:
-    image: prosody
+    image: prosody/xmpp:latest
     restart: unless-stopped
     ports:
       - "5000:5000"
@@ -53,7 +51,7 @@ services:
       POSTGRES_PASSWORD: prosody
 
   prosody_ldap:
-    image: prosody
+    image: prosody/xmpp:latest
     restart: unless-stopped
     ports:
       - "5000:5000"

tests/tests.bats

@@ -57,8 +57,8 @@ load 'bats/bats-assert/load'
   assert_output
 }
 
-@test "Should activate legacy_ssl" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'legacy_ssl' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\""
+@test "Should activate c2s_direct_tls" {
+  run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'c2s_direct_tls' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\""
   assert_success
   assert_output
 }
@@ -82,7 +82,17 @@ load 'bats/bats-assert/load'
 }
 
 @test "Should show upload URL" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: <https:\/\/upload.example.com:5281\/upload> - Ensure this can be reached by users\""
+  run bash -c "sudo docker-compose logs $batsContainerName | grep \"Serving 'file_share' at https:\/\/upload.example.com:5281\/file_share\""
   assert_success
   assert_output
 }
+
+@test "Should not use deprecated config" {
+  run bash -c "sudo docker-compose exec $batsContainerName /bin/bash -c \"/entrypoint.bash check\" | grep 'deprecated' -A 3"
+  assert_failure
+}
+
+@test "Should not have warnings in log" {
+  run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"warn\""
+  assert_failure
+}