Mercurial Mercurial > prosody > prosody-modules / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_rest: Reject password that fails saslprep earlier (thanks tgy)
authorKim Alvefur <zash@zash.se>
Thu, 04 Jul 2024 16:06:32 +0200
changeset 5929 32d1abb89dfe
parent 5928 2b80188448d1
child 5930 9bcc26406b47
mod_rest: Reject password that fails saslprep earlier (thanks tgy) Prevents an error later if/when passing the password through saslprep a second time in the authentication module, since the prep functions now reject nil The error reporting could be improved but that would involve adding a way to pass errors back out of the check_credentials() function.
mod_rest/mod_rest.lua file | annotate | diff | comparison | revisions 
--- a/mod_rest/mod_rest.lua	Wed Jun 19 16:54:52 2024 +0100
+++ b/mod_rest/mod_rest.lua	Thu Jul 04 16:06:32 2024 +0200
@@ -46,7 +46,7 @@
 		local username, password = string.match(creds, "^([^:]+):(.*)$");
 		if not username then return false; end
 		username, password = encodings.stringprep.nodeprep(username), encodings.stringprep.saslprep(password);
-		if not username then return false; end
+		if not username or not password then return false; end
 		if not um.test_password(username, module.host, password) then
 			return false;
 		end
prosody-modules