Mercurial > prosody-hg
comparison plugins/mod_tokenauth.lua @ 13099:a1ba503610ed
mod_tokenauth: Support selection of _no_ role at all
If a grant does not have a role, we should not go and make one up.
While not very useful for XMPP if you can't even login, it may be useful
for OAuth2/OIDC.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 07 May 2023 20:34:07 +0200 |
| parents | 65d2ff6e674e |
| children | c8d949cf6b09 |
comparison
equal
deleted
inserted
replaced
| 13098:65d2ff6e674e | 13099:a1ba503610ed |
|---|---|
| 8 | 8 |
| 9 local token_store = module:open_store("auth_tokens", "keyval+"); | 9 local token_store = module:open_store("auth_tokens", "keyval+"); |
| 10 | 10 |
| 11 local access_time_granularity = module:get_option_number("token_auth_access_time_granularity", 60); | 11 local access_time_granularity = module:get_option_number("token_auth_access_time_granularity", 60); |
| 12 | 12 |
| 13 local function select_role(username, host, role) | 13 local function select_role(username, host, role_name) |
| 14 if role then | 14 if not role_name then return end |
| 15 return prosody.hosts[host].authz.get_role_by_name(role); | 15 local role = usermanager.get_role_by_name(role_name, host); |
| 16 end | 16 if not role then return end |
| 17 return usermanager.get_user_role(username, host); | 17 if not usermanager.user_can_assume_role(username, host, role.name) then return end |
| 18 return role; | |
| 18 end | 19 end |
| 19 | 20 |
| 20 function create_grant(actor_jid, grant_jid, grant_ttl, grant_data) | 21 function create_grant(actor_jid, grant_jid, grant_ttl, grant_data) |
| 21 grant_jid = jid.prep(grant_jid); | 22 grant_jid = jid.prep(grant_jid); |
| 22 if not actor_jid or actor_jid ~= grant_jid and not jid.compare(grant_jid, actor_jid) then | 23 if not actor_jid or actor_jid ~= grant_jid and not jid.compare(grant_jid, actor_jid) then |
