changeset 6364:9c110fbecd86

mod_auth_oauth_external: Record existence of users This allows iterating over users as well as existence checks.
author Kim Alvefur <zash@zash.se>
date Sat, 17 Jan 2026 05:14:25 +0100
parents 8f65b23a5fd2
children 42866d42e267
files mod_auth_oauth_external/mod_auth_oauth_external.lua
diffstat 1 files changed, 25 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/mod_auth_oauth_external/mod_auth_oauth_external.lua	Sat Jan 17 05:13:09 2026 +0100
+++ b/mod_auth_oauth_external/mod_auth_oauth_external.lua	Sat Jan 17 05:14:25 2026 +0100
@@ -27,9 +27,12 @@
 }
 --]]
 
+local accounts = module:open_store("accounts");
+
 local host = module.host;
 local provider = {};
 
+-- TODO remove, not needed after https://hg.prosody.im/trunk/rev/01f95f3de6fc
 local function not_implemented()
 	return nil, "method not implemented"
 end
@@ -42,18 +45,29 @@
 provider.create_user = not_implemented;
 provider.delete_user = not_implemented;
 
-function provider.user_exists(_username)
-	-- Can this even be done in a generic way in OAuth 2?
-	-- OIDC and WebFinger perhaps?
-	return true;
+function provider.get_account_info(username)
+	local account = accounts:get(username);
+	if not account then return nil, "Account not available"; end
+	return {
+		created = account.created;
+		password_updated = account.updated;
+		enabled = not account.disabled;
+	};
+end
+
+function provider.user_exists(username)
+	local account, err = accounts:get(username);
+	if err then
+		return nil, err;
+	elseif account then
+		return true;
+	else
+		return false
+	end
 end
 
 function provider.users()
-	-- TODO this could be done by recording known users locally
-	return function ()
-		module:log("debug", "User iteration not supported");
-		return nil;
-	end
+	return accounts:users();
 end
 
 function provider.get_sasl_handler()
@@ -86,6 +100,7 @@
 				-- We're not going to get more info, only the username
 				self.username = jid.escape(username);
 				self.token_info = token_resp;
+				accounts:set(self.username, { exists = true });
 				return true, true;
 			end
 			local ret, err = async.wait_for(self.profile.http_client:request(validation_endpoint,
@@ -104,6 +119,7 @@
 			end
 			self.username = jid.escape(response[username_field]);
 			self.token_info = response;
+			accounts:set(self.username, { exists = true });
 			return true, true;
 		end
 	end