Mercurial > prosody-modules
annotate mod_http_authentication/mod_http_authentication.lua @ 6319:04c3273cb81f
mod_auth_cyrus: Add empty 'profile' table to SASL handler objects
This is for compatibility with Prosody's built-in util.sasl objects.
A SASL profile table usually includes methods supported by the backend, which
can be used by SASL mechanism handlers to perform operations (such as testing
the password). It also optionally contains a 'cb' field with channel binding
method handlers.
The Cyrus backend doesn't support channel binding, and doesn't have the same
concept of auth backend methods (it handles all that internally, and Prosody
has no insight or control over it).
Thus, we create an empty profile which informs Prosody that the SASL handler
does not support any of the auth or channel binding methods. Some features
will not work, but they didn't work anyway. This just makes it explicit.
This fixes a traceback in mod_sasl2_fast, which expected SASL handlers to
always contain a 'profile' field.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 04 Sep 2025 10:14:46 +0100 |
| parents | 05725785e3a6 |
| children |
| rev | line source |
|---|---|
|
2337
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
1 |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
2 module:set_global(); |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
3 |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
4 local b64_decode = require "util.encodings".base64.decode; |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
5 local server = require "net.http.server"; |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
6 |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
7 local credentials = module:get_option_string("http_credentials", "username:secretpassword"); |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
8 local unauthed_endpoints = module:get_option_set("unauthenticated_http_endpoints", { "/http-bind", "/http-bind/" })._items; |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
9 |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
10 module:wrap_object_event(server._events, false, function (handlers, event_name, event_data) |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
11 local request = event_data.request; |
|
3442
05725785e3a6
mod_http_authentication: Allow HTTP error events to pass through (fixes #1293)
Kim Alvefur <zash@zash.se>
parents:
2337
diff
changeset
|
12 if event_name ~= "http-error" and request and not unauthed_endpoints[request.path] then |
|
2337
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
13 local response = event_data.response; |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
14 local headers = request.headers; |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
15 if not headers.authorization then |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
16 response.headers.www_authenticate = ("Basic realm=%q"):format(module.host.."/"..module.name); |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
17 return 401; |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
18 end |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
19 local user_password = b64_decode(headers.authorization:match("%s(%S*)$")); |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
20 if user_password ~= credentials then |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
21 return 401; |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
22 end |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
23 end |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
24 return handlers(event_name, event_data); |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
25 end); |
