| author | Matthew Wild <mwild1@gmail.com> |
| Mon, 20 Feb 2023 18:10:15 +0000 | |
| branch | 0.12 |
| changeset 12898 | 0598d822614f |
| parent 11548 | c98aebe601f9 |
| child 12650 | 3f38f4735c7a |
| permissions | -rw-r--r-- |
| 3162 | 1 |
-- Prosody IM |
2 |
-- Copyright (C) 2008-2010 Matthew Wild |
|
3 |
-- Copyright (C) 2008-2010 Waqas Hussain |
|
4 |
-- |
|
5 |
-- This project is MIT/X11 licensed. Please see the |
|
6 |
-- COPYING file in the source package for more information. |
|
7 |
-- |
|
8 |
||
| 3163 | 9 |
local usermanager = require "core.usermanager"; |
|
3186
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
10 |
local new_sasl = require "util.sasl".new; |
|
10918
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
11 |
local saslprep = require "util.encodings".stringprep.saslprep; |
|
11548
c98aebe601f9
mod_auth_internal_{plain,hashed}: Use constant-time string comparison for secrets
Matthew Wild <mwild1@gmail.com>
parents:
10918
diff
changeset
|
12 |
local secure_equals = require "util.hashes".equals; |
| 3162 | 13 |
|
|
4762
943f9f860ab4
mod_auth_internal_plain: Remove unused imports
Matthew Wild <mwild1@gmail.com>
parents:
4603
diff
changeset
|
14 |
local log = module._log; |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
15 |
local host = module.host; |
| 3163 | 16 |
|
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
17 |
local accounts = module:open_store("accounts"); |
|
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
18 |
|
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
19 |
-- define auth provider |
|
5117
2c7e1ce8f482
mod_auth_*: Use module:provides().
Waqas Hussain <waqas20@gmail.com>
parents:
5115
diff
changeset
|
20 |
local provider = {}; |
| 3162 | 21 |
|
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
22 |
function provider.test_password(username, password) |
|
5779
70bb0df1ffe7
mod_auth_internal_plain: Remove redundant hostname from log messages
Kim Alvefur <zash@zash.se>
parents:
5776
diff
changeset
|
23 |
log("debug", "test password for user '%s'", username); |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
24 |
local credentials = accounts:get(username) or {}; |
|
10918
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
25 |
password = saslprep(password); |
|
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
26 |
if not password then |
|
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
27 |
return nil, "Password fails SASLprep."; |
|
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
28 |
end |
| 3162 | 29 |
|
|
11548
c98aebe601f9
mod_auth_internal_{plain,hashed}: Use constant-time string comparison for secrets
Matthew Wild <mwild1@gmail.com>
parents:
10918
diff
changeset
|
30 |
if secure_equals(password, saslprep(credentials.password)) then |
| 3162 | 31 |
return true; |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
32 |
else |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
33 |
return nil, "Auth failed. Invalid username or password."; |
| 3162 | 34 |
end |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
35 |
end |
| 3162 | 36 |
|
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
37 |
function provider.get_password(username) |
|
5779
70bb0df1ffe7
mod_auth_internal_plain: Remove redundant hostname from log messages
Kim Alvefur <zash@zash.se>
parents:
5776
diff
changeset
|
38 |
log("debug", "get_password for username '%s'", username); |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
39 |
return (accounts:get(username) or {}).password; |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
40 |
end |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
41 |
|
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
42 |
function provider.set_password(username, password) |
|
5780
bc3bf4ded7e4
mod_auth_internal_plain: Log a debug message when changing password to be consistent with the other methods
Kim Alvefur <zash@zash.se>
parents:
5779
diff
changeset
|
43 |
log("debug", "set_password for username '%s'", username); |
|
10918
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
44 |
password = saslprep(password); |
|
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
45 |
if not password then |
|
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
46 |
return nil, "Password fails SASLprep."; |
|
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
47 |
end |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
48 |
local account = accounts:get(username); |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
49 |
if account then |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
50 |
account.password = password; |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
51 |
return accounts:set(username, account); |
| 3162 | 52 |
end |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
53 |
return nil, "Account not available."; |
| 3162 | 54 |
end |
55 |
||
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
56 |
function provider.user_exists(username) |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
57 |
local account = accounts:get(username); |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
58 |
if not account then |
|
5779
70bb0df1ffe7
mod_auth_internal_plain: Remove redundant hostname from log messages
Kim Alvefur <zash@zash.se>
parents:
5776
diff
changeset
|
59 |
log("debug", "account not found for username '%s'", username); |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
60 |
return nil, "Auth failed. Invalid username"; |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
61 |
end |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
62 |
return true; |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
63 |
end |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
64 |
|
|
5156
6b08c922a2e4
mod_auth_internal_{plain,hashed}: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5117
diff
changeset
|
65 |
function provider.users() |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
66 |
return accounts:users(); |
|
5156
6b08c922a2e4
mod_auth_internal_{plain,hashed}: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5117
diff
changeset
|
67 |
end |
|
6b08c922a2e4
mod_auth_internal_{plain,hashed}: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5117
diff
changeset
|
68 |
|
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
69 |
function provider.create_user(username, password) |
|
10918
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
70 |
password = saslprep(password); |
|
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
71 |
if not password then |
|
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
72 |
return nil, "Password fails SASLprep."; |
|
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8060
diff
changeset
|
73 |
end |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
74 |
return accounts:set(username, {password = password}); |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
75 |
end |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
76 |
|
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
77 |
function provider.delete_user(username) |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
78 |
return accounts:set(username, nil); |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
79 |
end |
| 3162 | 80 |
|
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
81 |
function provider.get_sasl_handler() |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
82 |
local getpass_authentication_profile = { |
|
8060
4a9275594981
mod_auth_internal_plain: Rename unused self argument [luacheck]
Kim Alvefur <zash@zash.se>
parents:
5781
diff
changeset
|
83 |
plain = function(_, username, realm) |
|
5302
52fe5df91c65
mod_auth_internal_plain, mod_auth_internal_hashed: No need to nodeprep here.
Waqas Hussain <waqas20@gmail.com>
parents:
5156
diff
changeset
|
84 |
local password = usermanager.get_password(username, realm); |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
85 |
if not password then |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
86 |
return "", nil; |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
87 |
end |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
88 |
return password, true; |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
89 |
end |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
90 |
}; |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
91 |
return new_sasl(host, getpass_authentication_profile); |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
92 |
end |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5509
diff
changeset
|
93 |
|
|
5117
2c7e1ce8f482
mod_auth_*: Use module:provides().
Waqas Hussain <waqas20@gmail.com>
parents:
5115
diff
changeset
|
94 |
module:provides("auth", provider); |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
95 |