mod_rest: Reject password that fails saslprep earlier (thanks tgy)
Prevents an error later if/when passing the password through saslprep a
second time in the authentication module, since the prep functions now
reject nil
The error reporting could be improved but that would involve adding a
way to pass errors back out of the check_credentials() function.
--- a/mod_rest/mod_rest.lua Wed Jun 19 16:54:52 2024 +0100
+++ b/mod_rest/mod_rest.lua Thu Jul 04 16:06:32 2024 +0200
@@ -46,7 +46,7 @@
local username, password = string.match(creds, "^([^:]+):(.*)$");
if not username then return false; end
username, password = encodings.stringprep.nodeprep(username), encodings.stringprep.saslprep(password);
- if not username then return false; end
+ if not username or not password then return false; end
if not um.test_password(username, module.host, password) then
return false;
end