annotate mod_auth_phpbb3/mod_auth_phpbb3.lua @ 5511:0860497152af

mod_http_oauth2: Record hash of client_id to allow future verification RFC 6819 section 5.2.2.2 states that refresh tokens MUST be bound to the client. In order to do that, we must record something that can definitely tie the client to the grant. Since the full client_id is so large (why we have this client_subset function), a hash is stored instead.
author Kim Alvefur <zash@zash.se>
date Fri, 02 Jun 2023 10:14:16 +0200
parents 28d99ffa3c06
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
1 -- phpbb3 authentication backend for Prosody
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
2 --
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
3 -- Copyright (C) 2011 Waqas Hussain
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
4 --
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
5
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
6 local log = require "util.logger".init("auth_sql");
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
7 local new_sasl = require "util.sasl".new;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
8 local nodeprep = require "util.encodings".stringprep.nodeprep;
419
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
9 local saslprep = require "util.encodings".stringprep.saslprep;
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
10 local DBI = require "DBI"
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
11 local md5 = require "util.hashes".md5;
377
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
12 local uuid_gen = require "util.uuid".generate;
2168
28d99ffa3c06 mod_auth_phpbb3: Add support for verifying bcrypt hashes (thanks bios)
Kim Alvefur <zash@zash.se>
parents: 1343
diff changeset
13 local have_bcrypt, bcrypt = pcall(require, "bcrypt"); -- available from luarocks
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
14
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
15 local connection;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
16 local params = module:get_option("sql");
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
17
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
18 local resolve_relative_path = require "core.configmanager".resolve_relative_path;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
19
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
20 local function test_connection()
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
21 if not connection then return nil; end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
22 if connection:ping() then
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
23 return true;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
24 else
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
25 module:log("debug", "Database connection closed");
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
26 connection = nil;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
27 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
28 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
29 local function connect()
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
30 if not test_connection() then
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
31 prosody.unlock_globals();
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
32 local dbh, err = DBI.Connect(
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
33 params.driver, params.database,
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
34 params.username, params.password,
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
35 params.host, params.port
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
36 );
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
37 prosody.lock_globals();
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
38 if not dbh then
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
39 module:log("debug", "Database connection failed: %s", tostring(err));
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
40 return nil, err;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
41 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
42 module:log("debug", "Successfully connected to database");
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
43 dbh:autocommit(true); -- don't run in transaction
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
44 connection = dbh;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
45 return connection;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
46 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
47 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
48
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
49 do -- process options to get a db connection
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
50 params = params or { driver = "SQLite3" };
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 814
diff changeset
51
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
52 if params.driver == "SQLite3" then
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
53 params.database = resolve_relative_path(prosody.paths.data or ".", params.database or "prosody.sqlite");
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
54 end
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 814
diff changeset
55
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
56 assert(params.driver and params.database, "Both the SQL driver and the database need to be specified");
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 814
diff changeset
57
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
58 assert(connect());
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
59 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
60
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
61 local function getsql(sql, ...)
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
62 if params.driver == "PostgreSQL" then
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
63 sql = sql:gsub("`", "\"");
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
64 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
65 if not test_connection() then connect(); end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
66 -- do prepared statement stuff
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
67 local stmt, err = connection:prepare(sql);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
68 if not stmt and not test_connection() then error("connection failed"); end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
69 if not stmt then module:log("error", "QUERY FAILED: %s %s", err, debug.traceback()); return nil, err; end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
70 -- run query
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
71 local ok, err = stmt:execute(...);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
72 if not ok and not test_connection() then error("connection failed"); end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
73 if not ok then return nil, err; end
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 814
diff changeset
74
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
75 return stmt;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
76 end
377
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
77 local function setsql(sql, ...)
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
78 local stmt, err = getsql(sql, ...);
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
79 if not stmt then return stmt, err; end
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
80 return stmt:affected();
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
81 end
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
82
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
83 local function get_password(username)
419
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
84 local stmt, err = getsql("SELECT `user_password` FROM `phpbb_users` WHERE `username_clean`=?", username);
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
85 if stmt then
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
86 for row in stmt:rows(true) do
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
87 return row.user_password;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
88 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
89 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
90 end
665
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
91 local function check_sessionids(username, session_id)
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
92 -- TODO add session expiration and auto-login check
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
93 local stmt, err = getsql("SELECT phpbb_sessions.session_id FROM phpbb_sessions INNER JOIN phpbb_users ON phpbb_users.user_id = phpbb_sessions.session_user_id WHERE phpbb_users.username_clean =?", username);
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
94 if stmt then
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
95 for row in stmt:rows(true) do
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
96 -- if row.session_id == session_id then return true; end
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
97
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
98 -- workaround for possible LuaDBI bug
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
99 -- The session_id returned by the sql statement has an additional zero at the end. But that is not in the database.
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
100 if row.session_id == session_id or row.session_id == session_id.."0" then return true; end
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
101 end
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
102 end
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
103 end
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
104
421
816d8e3e83a3 mod_auth_phpbb3: A little refactoring.
Waqas Hussain <waqas20@gmail.com>
parents: 420
diff changeset
105
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
106 local itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
377
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
107 local function hashEncode64(input, count)
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
108 local output = "";
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
109 local i, value = 0, 0;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
110
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
111 while true do
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
112 value = input:byte(i+1)
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
113 i = i+1;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
114 local idx = value % 0x40 + 1;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
115 output = output .. itoa64:sub(idx, idx);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
116
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
117 if i < count then
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
118 value = value + input:byte(i+1) * 256;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
119 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
120 local _ = value % (2^6);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
121 local idx = ((value - _) / (2^6)) % 0x40 + 1
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
122 output = output .. itoa64:sub(idx, idx);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
123
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
124 if i >= count then break; end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
125 i = i+1;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
126
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
127 if i < count then
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
128 value = value + input:byte(i+1) * 256 * 256;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
129 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
130 local _ = value % (2^12);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
131 local idx = ((value - _) / (2^12)) % 0x40 + 1
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
132 output = output .. itoa64:sub(idx, idx);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
133
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
134 if i >= count then break; end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
135 i = i+1;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
136
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
137 local _ = value % (2^18);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
138 local idx = ((value - _) / (2^18)) % 0x40 + 1
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
139 output = output .. itoa64:sub(idx, idx);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
140
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
141 if not(i < count) then break; end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
142 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
143 return output;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
144 end
377
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
145 local function hashCryptPrivate(password, genSalt)
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
146 local output = "*";
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
147 if not genSalt:match("^%$H%$") then return output; end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
148
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
149 local count_log2 = itoa64:find(genSalt:sub(4,4)) - 1;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
150 if count_log2 < 7 or count_log2 > 30 then return output; end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
151
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
152 local count = 2 ^ count_log2;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
153 local salt = genSalt:sub(5, 12);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
154
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
155 if #salt ~= 8 then return output; end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
156
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
157 local hash = md5(salt..password);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
158
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
159 while true do
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
160 hash = md5(hash..password);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
161 if not(count > 1) then break; end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
162 count = count-1;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
163 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
164
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
165 output = genSalt:sub(1, 12);
377
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
166 output = output .. hashEncode64(hash, 16);
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
167
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
168 return output;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
169 end
377
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
170 local function hashGensaltPrivate(input)
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
171 local iteration_count_log2 = 6;
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
172 local output = "$H$";
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
173 local idx = math.min(iteration_count_log2 + 5, 30) + 1;
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
174 output = output .. itoa64:sub(idx, idx);
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
175 output = output .. hashEncode64(input, 6);
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
176 return output;
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
177 end
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
178 local function phpbbCheckHash(password, hash)
421
816d8e3e83a3 mod_auth_phpbb3: A little refactoring.
Waqas Hussain <waqas20@gmail.com>
parents: 420
diff changeset
179 if #hash == 32 then return hash == md5(password, true); end -- legacy PHPBB2 hash
2168
28d99ffa3c06 mod_auth_phpbb3: Add support for verifying bcrypt hashes (thanks bios)
Kim Alvefur <zash@zash.se>
parents: 1343
diff changeset
180 if #hash == 34 then return hashCryptPrivate(password, hash) == hash; end
28d99ffa3c06 mod_auth_phpbb3: Add support for verifying bcrypt hashes (thanks bios)
Kim Alvefur <zash@zash.se>
parents: 1343
diff changeset
181 if #hash == 60 and have_bcrypt then return bcrypt.verify(password, hash); end
28d99ffa3c06 mod_auth_phpbb3: Add support for verifying bcrypt hashes (thanks bios)
Kim Alvefur <zash@zash.se>
parents: 1343
diff changeset
182 module:log("error", "Unsupported hash: %s", hash);
28d99ffa3c06 mod_auth_phpbb3: Add support for verifying bcrypt hashes (thanks bios)
Kim Alvefur <zash@zash.se>
parents: 1343
diff changeset
183 return false;
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
184 end
421
816d8e3e83a3 mod_auth_phpbb3: A little refactoring.
Waqas Hussain <waqas20@gmail.com>
parents: 420
diff changeset
185 local function phpbbCreateHash(password)
377
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
186 local random = uuid_gen():sub(-6);
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
187 local salt = hashGensaltPrivate(random);
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
188 local hash = hashCryptPrivate(password, salt);
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
189 if #hash == 34 then return hash; end
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
190 return md5(password, true);
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
191 end
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
192
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
193
814
881ec9919144 mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.
Waqas Hussain <waqas20@gmail.com>
parents: 665
diff changeset
194 provider = {};
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
195
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
196 function provider.test_password(username, password)
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
197 local hash = get_password(username);
375
cac309a3d655 mod_auth_phpbb3: Fixed traceback when logging in as a non-existent user.
Waqas Hussain <waqas20@gmail.com>
parents: 374
diff changeset
198 return hash and phpbbCheckHash(password, hash);
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
199 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
200 function provider.user_exists(username)
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
201 module:log("debug", "test user %s existence", username);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
202 return get_password(username) and true;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
203 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
204
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
205 function provider.get_password(username)
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
206 return nil, "Getting password is not supported.";
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
207 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
208 function provider.set_password(username, password)
421
816d8e3e83a3 mod_auth_phpbb3: A little refactoring.
Waqas Hussain <waqas20@gmail.com>
parents: 420
diff changeset
209 local hash = phpbbCreateHash(password);
626
f19f723571d9 mod_auth_phpbb3: Match the username_clean column instead of the username column when updating password.
Waqas Hussain <waqas20@gmail.com>
parents: 421
diff changeset
210 local stmt, err = setsql("UPDATE `phpbb_users` SET `user_password`=? WHERE `username_clean`=?", hash, username);
377
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
211 return stmt and true, err;
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
212 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
213 function provider.create_user(username, password)
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
214 return nil, "Account creation/modification not supported.";
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
215 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
216
419
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
217 local escapes = {
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
218 [" "] = "\\20";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
219 ['"'] = "\\22";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
220 ["&"] = "\\26";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
221 ["'"] = "\\27";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
222 ["/"] = "\\2f";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
223 [":"] = "\\3a";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
224 ["<"] = "\\3c";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
225 [">"] = "\\3e";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
226 ["@"] = "\\40";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
227 ["\\"] = "\\5c";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
228 };
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
229 local unescapes = {};
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
230 for k,v in pairs(escapes) do unescapes[v] = k; end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
231 local function jid_escape(s) return s and (s:gsub(".", escapes)); end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
232 local function jid_unescape(s) return s and (s:gsub("\\%x%x", unescapes)); end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
233
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
234 function provider.get_sasl_handler()
419
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
235 local sasl = {};
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
236 function sasl:clean_clone() return provider.get_sasl_handler(); end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
237 function sasl:mechanisms() return { PLAIN = true; }; end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
238 function sasl:select(mechanism)
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
239 if not self.selected and mechanism == "PLAIN" then
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
240 self.selected = mechanism;
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
241 return true;
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
242 end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
243 end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
244 function sasl:process(message)
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
245 if not message then return "failure", "malformed-request"; end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
246 local authorization, authentication, password = message:match("^([^%z]*)%z([^%z]+)%z([^%z]+)");
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
247 if not authorization then return "failure", "malformed-request"; end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
248 authentication = saslprep(authentication);
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
249 password = saslprep(password);
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
250 if (not password) or (password == "") or (not authentication) or (authentication == "") then
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
251 return "failure", "malformed-request", "Invalid username or password.";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
252 end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
253 local function test(authentication)
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
254 local prepped = nodeprep(authentication);
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
255 local normalized = jid_unescape(prepped);
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
256 return normalized and provider.test_password(normalized, password) and prepped;
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
257 end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
258 local username = test(authentication) or test(jid_escape(authentication));
665
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
259 if not username and params.sessionid_as_password then
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
260 local function test(authentication)
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
261 local prepped = nodeprep(authentication);
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
262 local normalized = jid_unescape(prepped);
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
263 return normalized and check_sessionids(normalized, password) and prepped;
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
264 end
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
265 username = test(authentication) or test(jid_escape(authentication));
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
266 end
419
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
267 if username then
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
268 self.username = username;
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
269 return "success";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
270 end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
271 return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent.";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
272 end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
273 return sasl;
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
274 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
275
814
881ec9919144 mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.
Waqas Hussain <waqas20@gmail.com>
parents: 665
diff changeset
276 module:provides("auth", provider);
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
277