mod_auth_internal_hashed: Refactor to prepare for disabling users
Moving this out will make space for a dynamic check whether a particular
user is disabled or not, which is one possible response to abuse of
account privileges.
--- a/plugins/mod_auth_internal_hashed.lua Wed Feb 22 22:29:53 2023 +0100
+++ b/plugins/mod_auth_internal_hashed.lua Wed Feb 22 13:27:08 2023 +0100
@@ -110,6 +110,11 @@
return true;
end
+function provider.is_enabled(username) -- luacheck: ignore 212
+ -- TODO look up somewhere and allow disabling
+ return true;
+end
+
function provider.users()
return accounts:users();
end
@@ -140,7 +145,7 @@
function provider.get_sasl_handler()
local testpass_authentication_profile = {
plain_test = function(_, username, password, realm)
- return usermanager.test_password(username, realm, password), true;
+ return usermanager.test_password(username, realm, password), provider.is_enabled(username);
end,
[scram_name] = function(_, username)
local credentials = accounts:get(username);
@@ -157,7 +162,7 @@
local iteration_count, salt = credentials.iteration_count, credentials.salt;
stored_key = stored_key and from_hex(stored_key);
server_key = server_key and from_hex(server_key);
- return stored_key, server_key, iteration_count, salt, true;
+ return stored_key, server_key, iteration_count, salt, provider.is_enabled(username);
end
};
return new_sasl(host, testpass_authentication_profile);