--- a/mod_auth_token/token_auth_utils.lib.lua Tue Feb 26 15:58:58 2019 +0100
+++ b/mod_auth_token/token_auth_utils.lib.lua Thu Feb 28 12:31:54 2019 +0100
@@ -36,6 +36,11 @@
function verify_token(username, password, realm, otp_seed, token_secret, log)
+ if (realm ~= module.host) then
+ log("debug", "Verification failed: realm ~= module.host");
+ return false;
+ end
+
local totp = otp.new_totp_from_key(otp_seed, OTP_DIGITS, OTP_INTERVAL)
local token = string.match(password, "(%d+) ")
local otp = token:sub(1,8)
@@ -44,17 +49,17 @@
local jid = username.."@"..realm
if totp:verify(otp, OTP_DEVIATION, luatz.gmtime(luatz.time())) then
- -- log("debug", "**** THE OTP WAS VERIFIED ****** ");
+ log("debug", "The TOTP was verified");
local hmac_ctx = hmac.new(token_secret, DIGEST_TYPE)
if signature == hmac_ctx:final(otp..nonce..jid) then
- -- log("debug", "**** THE KEY WAS VERIFIED ****** ");
+ log("debug", "The key was verified");
if check_nonce(jid, otp, nonce) then
- -- log("debug", "**** THE NONCE WAS VERIFIED ****** ");
+ log("debug", "The nonce was verified");
return true;
end
end
end
- -- log("debug", "**** VERIFICATION FAILED ****** ");
+ log("debug", "Verification failed");
return false;
end