Mercurial > prosody-modules
comparison mod_auth_token/mod_sasl_token.lua @ 2956:d0ca211e1b0e
New HMAC token authentication module for Prosody.
| author | JC Brand <jc@opkode.com> |
|---|---|
| date | Tue, 27 Mar 2018 10:48:04 +0200 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 2938:f000ba14d531 | 2956:d0ca211e1b0e |
|---|---|
| 1 -- Copyright (C) 2018 Minddistrict | |
| 2 -- | |
| 3 -- This file is MIT/X11 licensed. | |
| 4 -- | |
| 5 | |
| 6 local s_match = string.match; | |
| 7 local registerMechanism = require "util.sasl".registerMechanism; | |
| 8 local saslprep = require "util.encodings".stringprep.saslprep; | |
| 9 local nodeprep = require "util.encodings".stringprep.nodeprep; | |
| 10 local log = require "util.logger".init("sasl"); | |
| 11 local _ENV = nil; | |
| 12 | |
| 13 | |
| 14 local function token_auth(self, message) | |
| 15 if not message then | |
| 16 return "failure", "malformed-request"; | |
| 17 end | |
| 18 | |
| 19 local authorization, authentication, password = s_match(message, "^([^%z]*)%z([^%z]+)%z([^%z]+)"); | |
| 20 | |
| 21 if not authorization then | |
| 22 return "failure", "malformed-request"; | |
| 23 end | |
| 24 | |
| 25 -- SASLprep password and authentication | |
| 26 authentication = saslprep(authentication); | |
| 27 password = saslprep(password); | |
| 28 | |
| 29 if (not password) or (password == "") or (not authentication) or (authentication == "") then | |
| 30 log("debug", "Username or password violates SASLprep."); | |
| 31 return "failure", "malformed-request", "Invalid username or password."; | |
| 32 end | |
| 33 | |
| 34 local _nodeprep = self.profile.nodeprep; | |
| 35 if _nodeprep ~= false then | |
| 36 authentication = (_nodeprep or nodeprep)(authentication); | |
| 37 if not authentication or authentication == "" then | |
| 38 return "failure", "malformed-request", "Invalid username or password." | |
| 39 end | |
| 40 end | |
| 41 | |
| 42 local correct, state = false, false; | |
| 43 correct, state = self.profile.token(self, authentication, password, self.realm); | |
| 44 | |
| 45 self.username = authentication | |
| 46 if state == false then | |
| 47 return "failure", "account-disabled"; | |
| 48 elseif state == nil or not correct then | |
| 49 return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent."; | |
| 50 end | |
| 51 return "success"; | |
| 52 end | |
| 53 | |
| 54 registerMechanism("X-TOKEN", {"token"}, token_auth); |
