view plugins/mod_auth_insecure.lua @ 14218:926f25af2ffe 13.0

util.tlsref: New util library to encapsulate the Mozilla/TLSRef recommendations Previously we embedded this data directly into core.certmanager. This splits it out, for various benefits: - Removes data from the business logic (the config parsing is complex enough as it is) - Allows easier testing and tracking of the data (this commit adds various consistency checks, so that we can have more confidence in future updates to the data not breaking stuff) This library also supports multiple versions of the recommendations. Previously we picked a single version, and put that into certmanager. But this meant we had to make choices for our users, and one of the choices is between advancing security standards and ensuring we don't break connectivity for people doing minor upgrades (deterring people from performing minor upgrades would have a security impact too). This library supports the concept of a "default" and a "latest" version, so we are now free to add new versions into stable releases, and admins can pick between compatibility and security.
author Matthew Wild <mwild1@gmail.com>
date Fri, 12 Jun 2026 13:01:56 +0100
parents 74b9e05af71e
children
line wrap: on
line source

-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
-- luacheck: ignore 212

local datamanager = require "prosody.util.datamanager";
local new_sasl = require "prosody.util.sasl".new;
local saslprep = require "prosody.util.encodings".stringprep.saslprep;

local host = module.host;
local provider = { name = "insecure" };

assert(module:get_option_string("insecure_open_authentication") == "Yes please, I know what I'm doing!");

function provider.test_password(username, password)
	return true;
end

function provider.set_password(username, password)
	local account = datamanager.load(username, host, "accounts");
	password = saslprep(password);
	if not password then
		return nil, "Password fails SASLprep.";
	end
	if account then
		account.updated = os.time();
		account.password = password;
		return datamanager.store(username, host, "accounts", account);
	end
	return nil, "Account not available.";
end

function provider.user_exists(username)
	return true;
end

function provider.create_user(username, password)
	local now = os.time();
	return datamanager.store(username, host, "accounts", { created = now; updated = now; password = password });
end

function provider.delete_user(username)
	return datamanager.store(username, host, "accounts", nil);
end

function provider.get_sasl_handler()
	local getpass_authentication_profile = {
		plain_test = function(sasl, username, password, realm)
			return true, true;
		end
	};
	return new_sasl(module.host, getpass_authentication_profile);
end

module:add_item("auth-provider", provider);