Mercurial Mercurial > prosody > prosody / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugins/mod_auth_insecure.lua
author Matthew Wild <mwild1@gmail.com>
Wed, 27 Mar 2024 15:35:15 +0000
branch0.12
changeset 13469 54a936345aaa
parent 10918 0d7d71dee0a0
child 12675 32881d0c359f
permissions -rw-r--r--
prosodyctl check: Warn about invalid domain names in the config file This ensures that domain names of virtual hosts and components are valid in XMPP, and that they are encoded correctly.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
9278
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset 
     1
 
-- Prosody IM
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset 
     2
 
-- Copyright (C) 2008-2010 Matthew Wild
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset 
     3
 
-- Copyright (C) 2008-2010 Waqas Hussain
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset 
     4
 
--
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset 
     5
 
-- This project is MIT/X11 licensed. Please see the
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset 
     6
 
-- COPYING file in the source package for more information.
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset 
     7
 
--
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset 
     8
 
-- luacheck: ignore 212
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset 
     9
 












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    10


local datamanager = require "util.datamanager";












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    11


local new_sasl = require "util.sasl".new;







10918






0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords



Kim Alvefur <zash@zash.se>


parents: 
9295

diff
changeset




    12


local saslprep = require "util.encodings".stringprep.saslprep;







9278






db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    13














db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    14


local host = module.host;







9295






d5f798efb1ba
mod_auth_insecure: Fix module provider name



Matthew Wild <mwild1@gmail.com>


parents: 
9278

diff
changeset




    15


local provider = { name = "insecure" };







9278






db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    16














db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    17


assert(module:get_option_string("insecure_open_authentication") == "Yes please, I know what I'm doing!");












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    18














db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    19


function provider.test_password(username, password)












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    20


	return true;












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    21


end












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    22














db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    23


function provider.set_password(username, password)












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    24


	local account = datamanager.load(username, host, "accounts");







10918






0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords



Kim Alvefur <zash@zash.se>


parents: 
9295

diff
changeset




    25


	password = saslprep(password);












0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords



Kim Alvefur <zash@zash.se>


parents: 
9295

diff
changeset




    26


	if not password then












0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords



Kim Alvefur <zash@zash.se>


parents: 
9295

diff
changeset




    27


		return nil, "Password fails SASLprep.";












0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords



Kim Alvefur <zash@zash.se>


parents: 
9295

diff
changeset




    28


	end







9278






db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    29


	if account then












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    30


		account.password = password;












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    31


		return datamanager.store(username, host, "accounts", account);












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    32


	end












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    33


	return nil, "Account not available.";












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    34


end












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    35














db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    36


function provider.user_exists(username)












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    37


	return true;












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    38


end












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    39














db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    40


function provider.create_user(username, password)












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    41


	return datamanager.store(username, host, "accounts", {password = password});












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    42


end












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    43














db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    44


function provider.delete_user(username)












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    45


	return datamanager.store(username, host, "accounts", nil);












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    46


end












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    47














db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    48


function provider.get_sasl_handler()












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    49


	local getpass_authentication_profile = {












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    50


		plain_test = function(sasl, username, password, realm)












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    51


			return true, true;












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    52


		end












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    53


	};












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    54


	return new_sasl(module.host, getpass_authentication_profile);












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    55


end












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    56














db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    57


module:add_item("auth-provider", provider);












db137a87511b
mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    58
















prosody