mod_invites_adhoc: Fail contact invite if user is not on current host
Only the username was being used, and the host of the requester ignored.
Luckily this only affects admins of the host. If they want to create an
account they can use the other command. If they want to create a contact
they should request from their account on this host.
-- Copyright (C) 2018 Minddistrict
--
-- This file is MIT/X11 licensed.
--
local s_match = string.match;
local registerMechanism = require "util.sasl".registerMechanism;
local saslprep = require "util.encodings".stringprep.saslprep;
local nodeprep = require "util.encodings".stringprep.nodeprep;
local log = require "util.logger".init("sasl");
local _ENV = nil;
local function token_auth(self, message)
if not message then
return "failure", "malformed-request";
end
local authorization, authentication, password = s_match(message, "^([^%z]*)%z([^%z]+)%z([^%z]+)");
if not authorization then
return "failure", "malformed-request";
end
-- SASLprep password and authentication
authentication = saslprep(authentication);
password = saslprep(password);
if (not password) or (password == "") or (not authentication) or (authentication == "") then
log("debug", "Username or password violates SASLprep.");
return "failure", "malformed-request", "Invalid username or password.";
end
local _nodeprep = self.profile.nodeprep;
if _nodeprep ~= false then
authentication = (_nodeprep or nodeprep)(authentication);
if not authentication or authentication == "" then
return "failure", "malformed-request", "Invalid username or password."
end
end
local correct, state = false, false;
correct, state = self.profile.token(self, authentication, password, self.realm);
self.username = authentication
if state == false then
return "failure", "account-disabled";
elseif state == nil or not correct then
return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent.";
end
return "success";
end
registerMechanism("X-TOKEN", {"token"}, token_auth);