# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1677068828 -3600
# Node ID 5484debdfdfed19695bb8f0109929630728988f0
# Parent  09b101a3b3e166d2c1c73590d55bb56540d636e0
mod_auth_internal_hashed: Refactor to prepare for disabling users

Moving this out will make space for a dynamic check whether a particular
user is disabled or not, which is one possible response to abuse of
account privileges.

diff -r 09b101a3b3e1 -r 5484debdfdfe plugins/mod_auth_internal_hashed.lua
--- a/plugins/mod_auth_internal_hashed.lua	Wed Feb 22 22:29:53 2023 +0100
+++ b/plugins/mod_auth_internal_hashed.lua	Wed Feb 22 13:27:08 2023 +0100
@@ -110,6 +110,11 @@
 	return true;
 end
 
+function provider.is_enabled(username) -- luacheck: ignore 212
+	-- TODO look up somewhere and allow disabling
+	return true;
+end
+
 function provider.users()
 	return accounts:users();
 end
@@ -140,7 +145,7 @@
 function provider.get_sasl_handler()
 	local testpass_authentication_profile = {
 		plain_test = function(_, username, password, realm)
-			return usermanager.test_password(username, realm, password), true;
+			return usermanager.test_password(username, realm, password), provider.is_enabled(username);
 		end,
 		[scram_name] = function(_, username)
 			local credentials = accounts:get(username);
@@ -157,7 +162,7 @@
 			local iteration_count, salt = credentials.iteration_count, credentials.salt;
 			stored_key = stored_key and from_hex(stored_key);
 			server_key = server_key and from_hex(server_key);
-			return stored_key, server_key, iteration_count, salt, true;
+			return stored_key, server_key, iteration_count, salt, provider.is_enabled(username);
 		end
 	};
 	return new_sasl(host, testpass_authentication_profile);