plugins/mod_auth_default.lua
author Jeff Mitchell <jeff@jefferai.org>
Thu, 20 May 2010 14:19:14 -0400
changeset 3162 f246719abcd2
permissions -rw-r--r--
Added mod_auth_default
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
3162
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
     1
-- Prosody IM
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
     2
-- Copyright (C) 2008-2010 Matthew Wild
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
     3
-- Copyright (C) 2008-2010 Waqas Hussain
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
     4
-- Copyright (C) 2010 Jeff Mitchell
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
     5
--
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
     6
-- This project is MIT/X11 licensed. Please see the
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
     7
-- COPYING file in the source package for more information.
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
     8
--
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
     9
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    10
local datamanager = require "util.datamanager";
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    11
local log = require "util.logger".init("usermanager");
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    12
local type = type;
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    13
local error = error;
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    14
local ipairs = ipairs;
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    15
local hashes = require "util.hashes";
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    16
local jid_bare = require "util.jid".bare;
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    17
local config = require "core.configmanager";
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    18
local hosts = hosts;
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    19
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    20
local prosody = _G.prosody;
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    21
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    22
function new_default_provider(host)
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    23
	local provider = { name = "default" };
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    24
	
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    25
	function provider.test_password(username, password)
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    26
		log("debug", "test password for user %s at host %s", username, host);
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    27
		if is_cyrus(host) then return nil, "Legacy auth not supported with Cyrus SASL."; end
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    28
		local credentials = datamanager.load(username, host, "accounts") or {};
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    29
	
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    30
		if password == credentials.password then
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    31
			return true;
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    32
		else
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    33
			return nil, "Auth failed. Invalid username or password.";
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    34
		end
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    35
	end
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    36
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    37
	function provider.get_password(username)
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    38
		log("debug", "get password for user %s at host %s", username, host);
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    39
		if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    40
		return (datamanager.load(username, host, "accounts") or {}).password;
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    41
	end
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    42
	
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    43
	function provider.set_password(username, password)
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    44
		if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    45
		local account = datamanager.load(username, host, "accounts");
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    46
		if account then
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    47
			account.password = password;
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    48
			return datamanager.store(username, host, "accounts", account);
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    49
		end
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    50
		return nil, "Account not available.";
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    51
	end
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    52
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    53
	function provider.user_exists(username)
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    54
		if is_cyrus(host) then return true; end
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    55
		local account = datamanager.load(username, host, "accounts");
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    56
		if not account then
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    57
			log("debug", "account not found for username '%s' at host '%s'", username, host);
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    58
			return nil, "Auth failed. Invalid username";
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    59
		end
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    60
		if account.password == nil or string.len(account.password) == 0 then
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    61
			log("debug", "account password not set or zero-length for username '%s' at host '%s'", username, host);
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    62
			return nil, "Auth failed. Password invalid.";
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    63
		end
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    64
		return true;
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    65
	end
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    66
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    67
	function provider.create_user(username, password)
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    68
		if is_cyrus(host) then return nil, "Account creation/modification not available with Cyrus SASL."; end
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    69
		return datamanager.store(username, host, "accounts", {password = password});
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    70
	end
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    71
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    72
	function provider.get_supported_methods()
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    73
		return {["PLAIN"] = true, ["DIGEST-MD5"] = true}; -- TODO this should be taken from the config
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    74
	end
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    75
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    76
	function provider.is_admin(jid)
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    77
		local admins = config.get(host, "core", "admins");
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    78
		if admins ~= config.get("*", "core", "admins") and type(admins) == "table" then
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    79
			jid = jid_bare(jid);
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    80
			for _,admin in ipairs(admins) do
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    81
				if admin == jid then return true; end
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    82
			end
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    83
		elseif admins then
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    84
			log("error", "Option 'admins' for host '%s' is not a table", host);
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    85
		end
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    86
		return is_admin(jid); -- Test whether it's a global admin instead
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    87
	end
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    88
	return provider;
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    89
end
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    90
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    91
module:add_item("auth-provider", new_default_provider(module.host));
f246719abcd2 Added mod_auth_default
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
    92