Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 6207:ab14e7ecb82f
mod_http_oauth2: Allow JIDs as username for password grant
| author | magicfelix <felix@felix-zauberer.de> |
|---|---|
| date | Sat, 19 Apr 2025 20:32:37 +0200 |
| parents | a931a95e363e |
| children | 2505542c6c50 |
comparison
equal
deleted
inserted
replaced
| 6206:a931a95e363e | 6207:ab14e7ecb82f |
|---|---|
| 132 local registration_options = module:get_option("oauth2_registration_options", | 132 local registration_options = module:get_option("oauth2_registration_options", |
| 133 { default_ttl = registration_ttl; accept_expired = not registration_ttl }); | 133 { default_ttl = registration_ttl; accept_expired = not registration_ttl }); |
| 134 | 134 |
| 135 local pkce_required = module:get_option_boolean("oauth2_require_code_challenge", true); | 135 local pkce_required = module:get_option_boolean("oauth2_require_code_challenge", true); |
| 136 local respect_prompt = module:get_option_boolean("oauth2_respect_oidc_prompt", false); | 136 local respect_prompt = module:get_option_boolean("oauth2_respect_oidc_prompt", false); |
| 137 local expect_username_jid = module:get_option_boolean("oauth2_expect_username_jid", false); | |
| 137 | 138 |
| 138 local verification_key; | 139 local verification_key; |
| 139 local sign_client, verify_client; | 140 local sign_client, verify_client; |
| 140 if registration_key then | 141 if registration_key then |
| 141 -- Tie it to the host if global | 142 -- Tie it to the host if global |
| 417 if not verify_client_secret(params.client_id, params.client_secret) then | 418 if not verify_client_secret(params.client_id, params.client_secret) then |
| 418 module:log("debug", "client_secret mismatch"); | 419 module:log("debug", "client_secret mismatch"); |
| 419 return oauth_error("invalid_client", "incorrect credentials"); | 420 return oauth_error("invalid_client", "incorrect credentials"); |
| 420 end | 421 end |
| 421 | 422 |
| 422 local request_username = assert(params.username, oauth_error("invalid_request", "missing 'username'")); | 423 local request_username |
| 424 | |
| 425 if expect_username_jid then | |
| 426 local request_jid = assert(params.username, oauth_error("invalid_request", "missing 'username' (JID)")); | |
| 427 local _request_username, request_host, request_resource = jid.prepped_split(request_jid); | |
| 428 | |
| 429 if not (_request_username and request_host) or request_host ~= module.host then | |
| 430 return oauth_error("invalid_request", "invalid JID"); | |
| 431 end | |
| 432 | |
| 433 request_username = _request_username | |
| 434 else | |
| 435 request_username = assert(params.username, oauth_error("invalid_request", "missing 'username'")); | |
| 436 end | |
| 437 | |
| 423 local request_password = assert(params.password, oauth_error("invalid_request", "missing 'password'")); | 438 local request_password = assert(params.password, oauth_error("invalid_request", "missing 'password'")); |
| 424 | 439 |
| 425 if not usermanager.test_password(request_username, module.host, request_password) then | 440 if not usermanager.test_password(request_username, module.host, request_password) then |
| 426 return oauth_error("invalid_grant", "incorrect credentials"); | 441 return oauth_error("invalid_grant", "incorrect credentials"); |
| 427 end | 442 end |
