Mercurial > prosody-hg
comparison plugins/mod_auth_internal_hashed.lua @ 10914:0d7d71dee0a0 0.11
mod_auth_internal_*: Apply saslprep to passwords
Related to #1560
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 23 May 2020 14:17:04 +0200 |
| parents | b1ca849b8e3a |
| children | c7ed8f754033 c98aebe601f9 |
comparison
equal
deleted
inserted
replaced
| 10913:54953b5a214b | 10914:0d7d71dee0a0 |
|---|---|
| 13 local usermanager = require "core.usermanager"; | 13 local usermanager = require "core.usermanager"; |
| 14 local generate_uuid = require "util.uuid".generate; | 14 local generate_uuid = require "util.uuid".generate; |
| 15 local new_sasl = require "util.sasl".new; | 15 local new_sasl = require "util.sasl".new; |
| 16 local hex = require"util.hex"; | 16 local hex = require"util.hex"; |
| 17 local to_hex, from_hex = hex.to, hex.from; | 17 local to_hex, from_hex = hex.to, hex.from; |
| 18 local saslprep = require "util.encodings".stringprep.saslprep; | |
| 18 | 19 |
| 19 local log = module._log; | 20 local log = module._log; |
| 20 local host = module.host; | 21 local host = module.host; |
| 21 | 22 |
| 22 local accounts = module:open_store("accounts"); | 23 local accounts = module:open_store("accounts"); |
| 30 local provider = {}; | 31 local provider = {}; |
| 31 | 32 |
| 32 function provider.test_password(username, password) | 33 function provider.test_password(username, password) |
| 33 log("debug", "test password for user '%s'", username); | 34 log("debug", "test password for user '%s'", username); |
| 34 local credentials = accounts:get(username) or {}; | 35 local credentials = accounts:get(username) or {}; |
| 36 password = saslprep(password); | |
| 37 if not password then | |
| 38 return nil, "Password fails SASLprep."; | |
| 39 end | |
| 35 | 40 |
| 36 if credentials.password ~= nil and string.len(credentials.password) ~= 0 then | 41 if credentials.password ~= nil and string.len(credentials.password) ~= 0 then |
| 37 if credentials.password ~= password then | 42 if saslprep(credentials.password) ~= password then |
| 38 return nil, "Auth failed. Provided password is incorrect."; | 43 return nil, "Auth failed. Provided password is incorrect."; |
| 39 end | 44 end |
| 40 | 45 |
| 41 if provider.set_password(username, credentials.password) == nil then | 46 if provider.set_password(username, credentials.password) == nil then |
| 42 return nil, "Auth failed. Could not set hashed password from plaintext."; | 47 return nil, "Auth failed. Could not set hashed password from plaintext."; |
