prosody-modules: mod_auth_http_cookie/mod_auth_http

annotate mod_auth_http_cookie/mod_auth_http_cookie.lua @ 4813:0a257d1402c3

mod_muc_rtbl: Optimize case with zero hashes On the assumption that during quiet times between torrents of spam, the hash set would be empty. There would be no point in doing the operations and hashes to check for a match in that case.

author	Kim Alvefur <zash@zash.se>
date	Mon, 06 Dec 2021 18:19:19 +0100
parents	b7aa8630438e
children

rev	line source
3037 bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	1 -- Prosody IM
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	2 -- Copyright (C) 2008-2013 Matthew Wild
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	3 -- Copyright (C) 2008-2013 Waqas Hussain
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	4 -- Copyright (C) 2014 Kim Alvefur
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	5 --
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	6 -- This project is MIT/X11 licensed. Please see the
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	7 -- COPYING file in the source package for more information.
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	8 --
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	9
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	10 local new_sasl = require "util.sasl".new;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	11 local base64 = require "util.encodings".base64.encode;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	12 local have_async, async = pcall(require, "util.async");
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	13
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	14 local nodeprep = require "util.encodings".stringprep.nodeprep;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	15
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	16 local log = module._log;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	17 local host = module.host;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	18
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	19 local password_auth_url = module:get_option_string("http_auth_url", ""):gsub("$host", host);
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	20
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	21 local cookie_auth_url = module:get_option_string("http_cookie_auth_url");
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	22 if cookie_auth_url then
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	23 cookie_auth_url = cookie_auth_url:gsub("$host", host);
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	24 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	25
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	26 local external_needs_authzid = cookie_auth_url and cookie_auth_url:match("$user");
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	27
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	28 if password_auth_url == "" and not cookie_auth_url then error("http_auth_url or http_cookie_auth_url required") end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	29
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	30
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	31 local provider = {};
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	32
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	33 -- globals required by socket.http
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	34 if rawget(_G, "PROXY") == nil then
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	35 rawset(_G, "PROXY", false)
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	36 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	37 if rawget(_G, "base_parsed") == nil then
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	38 rawset(_G, "base_parsed", false)
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	39 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	40 if not have_async then -- FINE! Set your globals then
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	41 prosody.unlock_globals()
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	42 require "ltn12"
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	43 require "socket"
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	44 require "socket.http"
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	45 require "ssl.https"
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	46 prosody.lock_globals()
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	47 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	48
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	49 local function async_http_request(url, headers)
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	50 module:log("debug", "async_http_auth()");
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	51 local http = require "net.http";
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	52 local wait, done = async.waiter();
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	53 local content, code, request, response;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	54 local ex = {
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	55 headers = headers;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	56 }
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	57 local function cb(content_, code_, request_, response_)
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	58 content, code, request, response = content_, code_, request_, response_;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	59 done();
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	60 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	61 http.request(url, ex, cb);
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	62 wait();
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	63 log("debug", "response code %s", tostring(code));
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	64 if code >= 200 and code <= 299 then
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	65 return true, content;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	66 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	67 return nil;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	68 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	69
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	70 local function sync_http_request(url, headers)
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	71 module:log("debug", "sync_http_auth()");
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	72 require "ltn12";
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	73 local http = require "socket.http";
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	74 local https = require "ssl.https";
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	75 local request;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	76 if string.sub(url, 1, string.len('https')) == 'https' then
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	77 request = https.request;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	78 else
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	79 request = http.request;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	80 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	81 local body_chunks = {};
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	82 local _, code, headers, status = request{
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	83 url = url,
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	84 headers = headers;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	85 sink = ltn12.sink.table(body_chunks);
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	86 };
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	87 log("debug", "response code %s %s", type(code), tostring(code));
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	88 if type(code) == "number" and code >= 200 and code <= 299 then
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	89 log("debug", "success")
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	90 return true, table.concat(body_chunks);
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	91 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	92 return nil;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	93 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	94
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	95 local http_request = have_async and async_http_request or sync_http_request;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	96
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	97 function http_test_password(username, password)
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	98 local url = password_auth_url:gsub("$user", username):gsub("$password", password);
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	99 log("debug", "Testing password for user %s at host %s with URL %s", username, host, url);
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	100 local ok = (http_request(url, { Authorization = "Basic "..base64(username..":"..password); }));
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	101 if not ok then
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	102 return nil, "not authorized";
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	103 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	104 return true;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	105 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	106
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	107 function http_test_cookie(cookie, username)
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	108 local url = external_needs_authzid and cookie_auth_url:gsub("$user", username) or cookie_auth_url;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	109 log("debug", "Testing cookie auth for user %s at host %s with URL %s", username or "<unknown>", host, url);
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	110 local ok, resp = http_request(url, { Cookie = cookie; });
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	111 if not ok then
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	112 return nil, "not authorized";
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	113 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	114
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	115 return external_needs_authzid or resp;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	116 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	117
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	118 function provider.test_password(username, password)
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	119 return http_test_password(username, password);
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	120 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	121
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	122 function provider.users()
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	123 return function()
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	124 return nil;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	125 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	126 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	127
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	128 function provider.set_password(username, password)
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	129 return nil, "Changing passwords not supported";
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	130 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	131
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	132 function provider.user_exists(username)
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	133 return true;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	134 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	135
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	136 function provider.create_user(username, password)
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	137 return nil, "User creation not supported";
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	138 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	139
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	140 function provider.delete_user(username)
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	141 return nil , "User deletion not supported";
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	142 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	143
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	144 local function get_session_cookies(session)
3224 b7aa8630438e mod_auth_http_cookie: Also try to get HTTP request from WebSocket session Kim Alvefur <zash@zash.se> parents: 3223 diff changeset	145 local request = session.websocket_request; -- WebSockets
b7aa8630438e mod_auth_http_cookie: Also try to get HTTP request from WebSocket session Kim Alvefur <zash@zash.se> parents: 3223 diff changeset	146 if not request and session.requests then -- BOSH
b7aa8630438e mod_auth_http_cookie: Also try to get HTTP request from WebSocket session Kim Alvefur <zash@zash.se> parents: 3223 diff changeset	147 request = session.requests[1];
3223 9a89ec5030b5 mod_auth_http_cookie: Try to get HTTP request from array on BOSH sessions Kim Alvefur <zash@zash.se> parents: 3037 diff changeset	148 end
9a89ec5030b5 mod_auth_http_cookie: Try to get HTTP request from array on BOSH sessions Kim Alvefur <zash@zash.se> parents: 3037 diff changeset	149 if not request and session.conn._http_open_response then -- Fallback BOSH
9a89ec5030b5 mod_auth_http_cookie: Try to get HTTP request from array on BOSH sessions Kim Alvefur <zash@zash.se> parents: 3037 diff changeset	150 local response = session.conn._http_open_response;
9a89ec5030b5 mod_auth_http_cookie: Try to get HTTP request from array on BOSH sessions Kim Alvefur <zash@zash.se> parents: 3037 diff changeset	151 request = response and response.request;
9a89ec5030b5 mod_auth_http_cookie: Try to get HTTP request from array on BOSH sessions Kim Alvefur <zash@zash.se> parents: 3037 diff changeset	152 end
3037 bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	153 if request then
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	154 return request.headers.cookie;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	155 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	156 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	157
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	158 function provider.get_sasl_handler(session)
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	159 local cookie = cookie_auth_url and get_session_cookies(session);
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	160 log("debug", "Request cookie: %s", cookie);
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	161 return new_sasl(host, {
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	162 plain_test = function(sasl, username, password, realm)
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	163 return provider.test_password(username, password), true;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	164 end;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	165 external = cookie and function (authzid)
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	166 if external_needs_authzid then
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	167 -- Authorize the username provided by the client, using request cookie
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	168 if authzid ~= "" then
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	169 module:log("warn", "Client requested authzid, but cookie auth URL does not contain $user variable");
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	170 return nil;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	171 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	172 local success = http_test_cookie(cookie);
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	173 if not success then
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	174 return nil;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	175 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	176 return nodeprep(authzid), true;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	177 else
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	178 -- Authorize client using request cookie, username comes from auth server
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	179 if authzid == "" then
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	180 module:log("warn", "Client did not provide authzid, but cookie auth URL contains $user variable");
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	181 return nil;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	182 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	183 local unprepped_username = http_test_cookie(cookie, nodeprep(authzid));
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	184 local username = nodeprep(unprepped_username);
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	185 if not username then
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	186 if unprepped_username then
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	187 log("warn", "Username supplied by cookie_auth_url is not valid for XMPP");
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	188 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	189 return nil;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	190 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	191 return username, true;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	192 end;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	193 end;
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	194 });
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	195 end
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	196
bae7b0a002ef mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support Matthew Wild <mwild1@gmail.com> parents: diff changeset	197 module:provides("auth", provider);

Mercurial > prosody-modules

annotate mod_auth_http_cookie/mod_auth_http_cookie.lua @ 4813:0a257d1402c3