prosody-modules: mod_auth_token/mod_sasl_token.lua@59d5fc50f602 (annotated)

2960 d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	1	-- Copyright (C) 2018 Minddistrict
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	2	--
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	3	-- This file is MIT/X11 licensed.
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	4	--
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	5
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	6	local s_match = string.match;
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	7	local registerMechanism = require "util.sasl".registerMechanism;
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	8	local saslprep = require "util.encodings".stringprep.saslprep;
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	9	local nodeprep = require "util.encodings".stringprep.nodeprep;
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	10	local log = require "util.logger".init("sasl");
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	11	local _ENV = nil;
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	12
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	13
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	14	local function token_auth(self, message)
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	15	if not message then
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	16	return "failure", "malformed-request";
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	17	end
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	18
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	19	local authorization, authentication, password = s_match(message, "^([^%z]*)%z([^%z]+)%z([^%z]+)");
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	20
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	21	if not authorization then
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	22	return "failure", "malformed-request";
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	23	end
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	24
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	25	-- SASLprep password and authentication
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	26	authentication = saslprep(authentication);
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	27	password = saslprep(password);
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	28
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	29	if (not password) or (password == "") or (not authentication) or (authentication == "") then
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	30	log("debug", "Username or password violates SASLprep.");
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	31	return "failure", "malformed-request", "Invalid username or password.";
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	32	end
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	33
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	34	local _nodeprep = self.profile.nodeprep;
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	35	if _nodeprep ~= false then
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	36	authentication = (_nodeprep or nodeprep)(authentication);
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	37	if not authentication or authentication == "" then
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	38	return "failure", "malformed-request", "Invalid username or password."
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	39	end
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	40	end
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	41
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	42	local correct, state = false, false;
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	43	correct, state = self.profile.token(self, authentication, password, self.realm);
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	44
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	45	self.username = authentication
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	46	if state == false then
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	47	return "failure", "account-disabled";
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	48	elseif state == nil or not correct then
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	49	return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent.";
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	50	end
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	51	return "success";
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	52	end
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	53
d0ca211e1b0e New HMAC token authentication module for Prosody. JC Brand <jc@opkode.com> parents: diff changeset	54	registerMechanism("X-TOKEN", {"token"}, token_auth);

author	Kim Alvefur <zash@zash.se>
	Sun, 23 Jul 2023 02:56:08 +0200
changeset 5620	59d5fc50f602
parent 2960	d0ca211e1b0e
permissions	-rw-r--r--