--- a/mod_auth_external/mod_auth_external.lua Wed Sep 12 19:15:45 2012 +0000
+++ b/mod_auth_external/mod_auth_external.lua Thu Sep 13 00:17:42 2012 +0500
@@ -93,53 +93,50 @@
end
end
-function new_external_provider(host)
- local provider = {};
-
- function provider.test_password(username, password)
- return do_query("auth", username, password);
- end
+local host = module.host;
+local provider = {};
- function provider.set_password(username, password)
- return do_query("setpass", username, password);
- end
-
- function provider.user_exists(username)
- return do_query("isuser", username);
- end
+function provider.test_password(username, password)
+ return do_query("auth", username, password);
+end
- function provider.create_user(username, password) return nil, "Account creation/modification not available."; end
-
- function provider.get_sasl_handler()
- local testpass_authentication_profile = {
- plain_test = function(sasl, username, password, realm)
- local prepped_username = nodeprep(username);
- if not prepped_username then
- log("debug", "NODEprep failed on username: %s", username);
- return "", nil;
- end
- return usermanager.test_password(prepped_username, realm, password), true;
- end,
- };
- return new_sasl(module.host, testpass_authentication_profile);
- end
+function provider.set_password(username, password)
+ return do_query("setpass", username, password);
+end
- function provider.is_admin(jid)
- local admins = config.get(host, "core", "admins");
- if admins ~= config.get("*", "core", "admins") then
- if type(admins) == "table" then
- jid = jid_bare(jid);
- for _,admin in ipairs(admins) do
- if admin == jid then return true; end
- end
- elseif admins then
- log("error", "Option 'admins' for host '%s' is not a table", host);
- end
- end
- return usermanager.is_admin(jid); -- Test whether it's a global admin instead
- end
-
- return provider;
+function provider.user_exists(username)
+ return do_query("isuser", username);
end
-module:provides("auth", new_external_provider(module.host));
+function provider.create_user(username, password) return nil, "Account creation/modification not available."; end
+
+function provider.get_sasl_handler()
+ local testpass_authentication_profile = {
+ plain_test = function(sasl, username, password, realm)
+ local prepped_username = nodeprep(username);
+ if not prepped_username then
+ log("debug", "NODEprep failed on username: %s", username);
+ return "", nil;
+ end
+ return usermanager.test_password(prepped_username, realm, password), true;
+ end,
+ };
+ return new_sasl(host, testpass_authentication_profile);
+end
+
+function provider.is_admin(jid)
+ local admins = config.get(host, "core", "admins");
+ if admins ~= config.get("*", "core", "admins") then
+ if type(admins) == "table" then
+ jid = jid_bare(jid);
+ for _,admin in ipairs(admins) do
+ if admin == jid then return true; end
+ end
+ elseif admins then
+ log("error", "Option 'admins' for host '%s' is not a table", host);
+ end
+ end
+ return usermanager.is_admin(jid); -- Test whether it's a global admin instead
+end
+
+module:provides("auth", provider);
--- a/mod_auth_internal_yubikey/mod_auth_internal_yubikey.lua Wed Sep 12 19:15:45 2012 +0000
+++ b/mod_auth_internal_yubikey/mod_auth_internal_yubikey.lua Thu Sep 13 00:17:42 2012 +0500
@@ -45,83 +45,80 @@
local global_yubikey_key = module:get_option_string("yubikey_key");
-function new_default_provider(host)
- local provider = {};
- log("debug", "initializing default authentication provider for host '%s'", host);
+local host = module.host;
+local provider = {};
+log("debug", "initializing default authentication provider for host '%s'", host);
+
+function provider.test_password(username, password)
+ log("debug", "test password '%s' for user %s at host %s", password, username, module.host);
- function provider.test_password(username, password)
- log("debug", "test password '%s' for user %s at host %s", password, username, module.host);
-
- local account_info = datamanager.load(username, host, "accounts") or {};
- local yubikey_key = account_info.yubikey_key or global_yubikey_key;
- if account_info.yubikey_key then
- log("debug", "Authenticating Yubikey OTP for %s", username);
- local authed, err = yubikey:authenticate(password, account_info.yubikey_key, account_info.yubikey_state or {}, { account = account_info, username = username, host = host });
- if not authed then
- log("debug", "Failed to authenticate %s via OTP: %s", username, err);
- return authed, err;
- end
- return authed;
- elseif account_info.password and password == account_info.password then
- -- No yubikey configured for this user, treat as normal password
- log("debug", "No yubikey configured for %s, successful login using password auth", username);
- return true;
- else
- return nil, "Auth failed. Invalid username or password.";
- end
- end
-
- function provider.get_password(username)
- log("debug", "get_password for username '%s' at host '%s'", username, module.host);
- return (datamanager.load(username, host, "accounts") or {}).password;
- end
-
- function provider.set_password(username, password)
- local account = datamanager.load(username, host, "accounts");
- if account then
- account.password = password;
- return datamanager.store(username, host, "accounts", account);
+ local account_info = datamanager.load(username, host, "accounts") or {};
+ local yubikey_key = account_info.yubikey_key or global_yubikey_key;
+ if account_info.yubikey_key then
+ log("debug", "Authenticating Yubikey OTP for %s", username);
+ local authed, err = yubikey:authenticate(password, account_info.yubikey_key, account_info.yubikey_state or {}, { account = account_info, username = username, host = host });
+ if not authed then
+ log("debug", "Failed to authenticate %s via OTP: %s", username, err);
+ return authed, err;
end
- return nil, "Account not available.";
- end
-
- function provider.user_exists(username)
- local account = datamanager.load(username, host, "accounts");
- if not account then
- log("debug", "account not found for username '%s' at host '%s'", username, module.host);
- return nil, "Auth failed. Invalid username";
- end
+ return authed;
+ elseif account_info.password and password == account_info.password then
+ -- No yubikey configured for this user, treat as normal password
+ log("debug", "No yubikey configured for %s, successful login using password auth", username);
return true;
- end
-
- function provider.create_user(username, password)
- return datamanager.store(username, host, "accounts", {password = password});
- end
-
- function provider.delete_user(username)
- return datamanager.store(username, host, "accounts", nil);
+ else
+ return nil, "Auth failed. Invalid username or password.";
end
+end
- function provider.get_sasl_handler()
- local realm = module:get_option("sasl_realm") or module.host;
- local getpass_authentication_profile = {
- plain_test = function(sasl, username, password, realm)
- local prepped_username = nodeprep(username);
- if not prepped_username then
- log("debug", "NODEprep failed on username: %s", username);
- return false, nil;
- end
-
- return usermanager.test_password(username, realm, password), true;
- end
- };
- return new_sasl(realm, getpass_authentication_profile);
- end
-
- return provider;
+function provider.get_password(username)
+ log("debug", "get_password for username '%s' at host '%s'", username, module.host);
+ return (datamanager.load(username, host, "accounts") or {}).password;
end
-module:provides("auth", new_default_provider(module.host));
+function provider.set_password(username, password)
+ local account = datamanager.load(username, host, "accounts");
+ if account then
+ account.password = password;
+ return datamanager.store(username, host, "accounts", account);
+ end
+ return nil, "Account not available.";
+end
+
+function provider.user_exists(username)
+ local account = datamanager.load(username, host, "accounts");
+ if not account then
+ log("debug", "account not found for username '%s' at host '%s'", username, module.host);
+ return nil, "Auth failed. Invalid username";
+ end
+ return true;
+end
+
+function provider.create_user(username, password)
+ return datamanager.store(username, host, "accounts", {password = password});
+end
+
+function provider.delete_user(username)
+ return datamanager.store(username, host, "accounts", nil);
+end
+
+function provider.get_sasl_handler()
+ local realm = module:get_option("sasl_realm") or module.host;
+ local getpass_authentication_profile = {
+ plain_test = function(sasl, username, password, realm)
+ local prepped_username = nodeprep(username);
+ if not prepped_username then
+ log("debug", "NODEprep failed on username: %s", username);
+ return false, nil;
+ end
+
+ return usermanager.test_password(username, realm, password), true;
+ end
+ };
+ return new_sasl(realm, getpass_authentication_profile);
+end
+
+module:provides("auth", provider);
function module.command(arg)
local command = arg[1];