author | Kim Alvefur <zash@zash.se> |
Wed, 27 Mar 2024 19:33:11 +0100 | |
changeset 13471 | c2a476f4712a |
parent 12981 | 74b9e05af71e |
permissions | -rw-r--r-- |
3162 | 1 |
-- Prosody IM |
2 |
-- Copyright (C) 2008-2010 Matthew Wild |
|
3 |
-- Copyright (C) 2008-2010 Waqas Hussain |
|
4 |
-- |
|
5 |
-- This project is MIT/X11 licensed. Please see the |
|
6 |
-- COPYING file in the source package for more information. |
|
7 |
-- |
|
8 |
||
12981
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12954
diff
changeset
|
9 |
local usermanager = require "prosody.core.usermanager"; |
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12954
diff
changeset
|
10 |
local new_sasl = require "prosody.util.sasl".new; |
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12954
diff
changeset
|
11 |
local saslprep = require "prosody.util.encodings".stringprep.saslprep; |
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12954
diff
changeset
|
12 |
local secure_equals = require "prosody.util.hashes".equals; |
3162 | 13 |
|
4762
943f9f860ab4
mod_auth_internal_plain: Remove unused imports
Matthew Wild <mwild1@gmail.com>
parents:
4603
diff
changeset
|
14 |
local log = module._log; |
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
15 |
local host = module.host; |
3163 | 16 |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
17 |
local accounts = module:open_store("accounts"); |
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
18 |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
19 |
-- define auth provider |
5117
2c7e1ce8f482
mod_auth_*: Use module:provides().
Waqas Hussain <waqas20@gmail.com>
parents:
5115
diff
changeset
|
20 |
local provider = {}; |
3162 | 21 |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
22 |
function provider.test_password(username, password) |
5779
70bb0df1ffe7
mod_auth_internal_plain: Remove redundant hostname from log messages
Kim Alvefur <zash@zash.se>
parents:
5776
diff
changeset
|
23 |
log("debug", "test password for user '%s'", username); |
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
24 |
local credentials = accounts:get(username) or {}; |
10918
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
25 |
password = saslprep(password); |
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
26 |
if not password then |
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
27 |
return nil, "Password fails SASLprep."; |
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
28 |
end |
3162 | 29 |
|
11548
c98aebe601f9
mod_auth_internal_{plain,hashed}: Use constant-time string comparison for secrets
Matthew Wild <mwild1@gmail.com>
parents:
10918
diff
changeset
|
30 |
if secure_equals(password, saslprep(credentials.password)) then |
3162 | 31 |
return true; |
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
32 |
else |
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
33 |
return nil, "Auth failed. Invalid username or password."; |
3162 | 34 |
end |
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
35 |
end |
3162 | 36 |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
37 |
function provider.get_password(username) |
5779
70bb0df1ffe7
mod_auth_internal_plain: Remove redundant hostname from log messages
Kim Alvefur <zash@zash.se>
parents:
5776
diff
changeset
|
38 |
log("debug", "get_password for username '%s'", username); |
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
39 |
return (accounts:get(username) or {}).password; |
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
40 |
end |
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
41 |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
42 |
function provider.set_password(username, password) |
5780
bc3bf4ded7e4
mod_auth_internal_plain: Log a debug message when changing password to be consistent with the other methods
Kim Alvefur <zash@zash.se>
parents:
5779
diff
changeset
|
43 |
log("debug", "set_password for username '%s'", username); |
10918
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
44 |
password = saslprep(password); |
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
45 |
if not password then |
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
46 |
return nil, "Password fails SASLprep."; |
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
47 |
end |
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
48 |
local account = accounts:get(username); |
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
49 |
if account then |
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
50 |
account.password = password; |
12650
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11548
diff
changeset
|
51 |
account.updated = os.time(); |
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
52 |
return accounts:set(username, account); |
3162 | 53 |
end |
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
54 |
return nil, "Account not available."; |
3162 | 55 |
end |
56 |
||
12650
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11548
diff
changeset
|
57 |
function provider.get_account_info(username) |
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11548
diff
changeset
|
58 |
local account = accounts:get(username); |
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11548
diff
changeset
|
59 |
if not account then return nil, "Account not available"; end |
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11548
diff
changeset
|
60 |
return { |
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11548
diff
changeset
|
61 |
created = account.created; |
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11548
diff
changeset
|
62 |
password_updated = account.updated; |
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11548
diff
changeset
|
63 |
}; |
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11548
diff
changeset
|
64 |
end |
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11548
diff
changeset
|
65 |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
66 |
function provider.user_exists(username) |
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
67 |
local account = accounts:get(username); |
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
68 |
if not account then |
5779
70bb0df1ffe7
mod_auth_internal_plain: Remove redundant hostname from log messages
Kim Alvefur <zash@zash.se>
parents:
5776
diff
changeset
|
69 |
log("debug", "account not found for username '%s'", username); |
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
70 |
return nil, "Auth failed. Invalid username"; |
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
71 |
end |
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
72 |
return true; |
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
73 |
end |
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
74 |
|
5156
6b08c922a2e4
mod_auth_internal_{plain,hashed}: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5117
diff
changeset
|
75 |
function provider.users() |
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
76 |
return accounts:users(); |
5156
6b08c922a2e4
mod_auth_internal_{plain,hashed}: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5117
diff
changeset
|
77 |
end |
6b08c922a2e4
mod_auth_internal_{plain,hashed}: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5117
diff
changeset
|
78 |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
79 |
function provider.create_user(username, password) |
12954
2cb5994e3f94
mod_auth_internal_plain: Fix user creation done via mod_admin_shell
Vitaly Orekhov <vkvo2000@vivaldi.net>
parents:
12650
diff
changeset
|
80 |
local now = os.time(); |
2cb5994e3f94
mod_auth_internal_plain: Fix user creation done via mod_admin_shell
Vitaly Orekhov <vkvo2000@vivaldi.net>
parents:
12650
diff
changeset
|
81 |
if password == nil then |
2cb5994e3f94
mod_auth_internal_plain: Fix user creation done via mod_admin_shell
Vitaly Orekhov <vkvo2000@vivaldi.net>
parents:
12650
diff
changeset
|
82 |
return accounts:set(username, { created = now, updated = now, disabled = true }); |
2cb5994e3f94
mod_auth_internal_plain: Fix user creation done via mod_admin_shell
Vitaly Orekhov <vkvo2000@vivaldi.net>
parents:
12650
diff
changeset
|
83 |
end |
10918
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
84 |
password = saslprep(password); |
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
85 |
if not password then |
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
86 |
return nil, "Password fails SASLprep."; |
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
87 |
end |
12650
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11548
diff
changeset
|
88 |
return accounts:set(username, { |
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11548
diff
changeset
|
89 |
password = password; |
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11548
diff
changeset
|
90 |
created = now, updated = now; |
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11548
diff
changeset
|
91 |
}); |
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
92 |
end |
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
93 |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
94 |
function provider.delete_user(username) |
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
95 |
return accounts:set(username, nil); |
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
96 |
end |
3162 | 97 |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
98 |
function provider.get_sasl_handler() |
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
99 |
local getpass_authentication_profile = { |
8060
4a9275594981
mod_auth_internal_plain: Rename unused self argument [luacheck]
Kim Alvefur <zash@zash.se>
parents:
5781
diff
changeset
|
100 |
plain = function(_, username, realm) |
5302
52fe5df91c65
mod_auth_internal_plain, mod_auth_internal_hashed: No need to nodeprep here.
Waqas Hussain <waqas20@gmail.com>
parents:
5156
diff
changeset
|
101 |
local password = usermanager.get_password(username, realm); |
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
102 |
if not password then |
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
103 |
return "", nil; |
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
104 |
end |
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
105 |
return password, true; |
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
106 |
end |
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
107 |
}; |
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
108 |
return new_sasl(host, getpass_authentication_profile); |
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
109 |
end |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5509
diff
changeset
|
110 |
|
5117
2c7e1ce8f482
mod_auth_*: Use module:provides().
Waqas Hussain <waqas20@gmail.com>
parents:
5115
diff
changeset
|
111 |
module:provides("auth", provider); |
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
112 |