author | JC Brand <jcbrand@minddistrict.com> |
Fri, 15 Apr 2016 13:45:01 +0000 | |
changeset 2163 | 5e8dec076afc |
parent 1943 | 54f9e8663139 |
child 2446 | b2a198665946 |
permissions | -rw-r--r-- |
1421
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 |
-- Prosody IM |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
-- Copyright (C) 2008-2013 Matthew Wild |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
-- Copyright (C) 2008-2013 Waqas Hussain |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
-- Copyright (C) 2014 Kim Alvefur |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
-- |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 |
-- This project is MIT/X11 licensed. Please see the |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 |
-- COPYING file in the source package for more information. |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 |
-- |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
|
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 |
local new_sasl = require "util.sasl".new; |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 |
local base64 = require "util.encodings".base64.encode; |
2163
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
12 |
local have_async, async = pcall(require, "util.async"); |
1421
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
local http = require "net.http"; |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
|
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 |
local log = module._log; |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 |
local host = module.host; |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 |
|
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 |
local api_base = module:get_option_string("http_auth_url", ""):gsub("$host", host); |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
if api_base == "" then error("http_auth_url required") end |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 |
|
1942
cfe73f64ad29
mod_auth_http_async: Fix syntax error
Kim Alvefur <zash@zash.se>
parents:
1936
diff
changeset
|
21 |
local function async_http_request(url, ex) |
2163
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
22 |
local wait, done = async.waiter(); |
1931
439711709d29
mod_auth_http_async: Wrap up async http request in a function
Kim Alvefur <zash@zash.se>
parents:
1753
diff
changeset
|
23 |
local content, code, request, response; |
1934
95bbf3c4aa27
mod_auth_http_async: Don't set global
Kim Alvefur <zash@zash.se>
parents:
1931
diff
changeset
|
24 |
local function cb(content_, code_, request_, response_) |
1931
439711709d29
mod_auth_http_async: Wrap up async http request in a function
Kim Alvefur <zash@zash.se>
parents:
1753
diff
changeset
|
25 |
content, code, request, response = content_, code_, request_, response_; |
439711709d29
mod_auth_http_async: Wrap up async http request in a function
Kim Alvefur <zash@zash.se>
parents:
1753
diff
changeset
|
26 |
done(); |
439711709d29
mod_auth_http_async: Wrap up async http request in a function
Kim Alvefur <zash@zash.se>
parents:
1753
diff
changeset
|
27 |
end |
1935
bd5412eb0a6d
mod_auth_http_async: Actually do the HTTP request
Kim Alvefur <zash@zash.se>
parents:
1934
diff
changeset
|
28 |
http.request(url, ex, cb); |
1931
439711709d29
mod_auth_http_async: Wrap up async http request in a function
Kim Alvefur <zash@zash.se>
parents:
1753
diff
changeset
|
29 |
wait(); |
439711709d29
mod_auth_http_async: Wrap up async http request in a function
Kim Alvefur <zash@zash.se>
parents:
1753
diff
changeset
|
30 |
return content, code, request, response; |
439711709d29
mod_auth_http_async: Wrap up async http request in a function
Kim Alvefur <zash@zash.se>
parents:
1753
diff
changeset
|
31 |
end |
439711709d29
mod_auth_http_async: Wrap up async http request in a function
Kim Alvefur <zash@zash.se>
parents:
1753
diff
changeset
|
32 |
|
1421
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 |
local provider = {}; |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 |
|
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 |
function provider.test_password(username, password) |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 |
log("debug", "test password for user %s at host %s", username, host); |
2163
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
37 |
local url = api_base:gsub("$user", username); |
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
38 |
local ex = { |
1931
439711709d29
mod_auth_http_async: Wrap up async http request in a function
Kim Alvefur <zash@zash.se>
parents:
1753
diff
changeset
|
39 |
headers = { Authorization = "Basic "..base64(username..":"..password); }; |
2163
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
40 |
} |
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
41 |
if (have_async) then |
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
42 |
local _, code = async_http_request(url, ex); |
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
43 |
if code >= 200 and code <= 299 then |
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
44 |
module:log("debug", "HTTP auth provider confirmed valid password"); |
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
45 |
return true; |
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
46 |
else |
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
47 |
module:log("debug", "HTTP auth provider returned status code %d", code); |
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
48 |
end |
1421
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 |
else |
2163
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
50 |
local ok, err = http.request(url, ex, function(body, code) |
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
51 |
if code >= 200 and code <= 299 then |
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
52 |
module:log("debug", "HTTP auth provider confirmed valid password"); |
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
53 |
else |
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
54 |
module:log("debug", "HTTP auth provider returned status code %d", code); |
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
55 |
end |
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
56 |
end); |
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
57 |
if ok then |
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
58 |
return true; |
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
59 |
end |
1421
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 |
end |
2163
5e8dec076afc
mod_auth_http_async: Fall back to non-async calling of http_auth_url
JC Brand <jcbrand@minddistrict.com>
parents:
1943
diff
changeset
|
61 |
return nil, "Auth failed. Invalid username or password."; |
1421
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 |
end |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 |
|
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 |
function provider.set_password(username, password) |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 |
return nil, "Changing passwords not supported"; |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 |
end |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 |
|
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 |
function provider.user_exists(username) |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 |
return true; |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
70 |
end |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 |
|
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
72 |
function provider.create_user(username, password) |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
73 |
return nil, "User creation not supported"; |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
74 |
end |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
75 |
|
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
76 |
function provider.delete_user(username) |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
77 |
return nil , "User deletion not supported"; |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 |
end |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 |
|
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 |
function provider.get_sasl_handler() |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
81 |
return new_sasl(host, { |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
82 |
plain_test = function(sasl, username, password, realm) |
1943
54f9e8663139
mod_auth_http_async: Correctly pass password to provider.test_password (thanks mother)
Kim Alvefur <zash@zash.se>
parents:
1942
diff
changeset
|
83 |
return provider.test_password(username, password), true; |
1421
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
84 |
end |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
85 |
}); |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
86 |
end |
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
87 |
|
295c30e44ba8
mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
88 |
module:provides("auth", provider); |