Mercurial > prosody-modules
annotate mod_auth_external_insecure/examples/python/prosody-auth-example.py @ 5404:1087f697c3f3
mod_http_oauth2: Strip unknown extra fields from client registration
We shouldn't sign things we don't understand!
RFC 7591 section-2 states:
> The authorization server MUST ignore any client metadata sent by the
> client that it does not understand (for instance, by silently removing
> unknown metadata from the client's registration record during
> processing).
Prevents grandfathering in of unvalidated data that might become used
later, especially since the 'additionalProperties' schema keyword was
removed in 698fef74ce53
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 02 May 2023 16:23:40 +0200 |
parents | f84ede3e9e3b |
children |
rev | line source |
---|---|
1194
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 #!/usr/bin/env python2 |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 import sys |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 def auth(username, password): |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 if username == "someone": |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 return "1" |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 return "0" |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 def respond(ret): |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 sys.stdout.write(ret+"\n") |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 sys.stdout.flush() |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 methods = { |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 "auth": { "function": auth, "parameters": 2 } |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 } |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 while 1: |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 line = sys.stdin.readline().rstrip("\n") |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 method, sep, data = line.partition(":") |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 if method in methods: |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 method_info = methods[method] |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 split_data = data.split(":", method_info["parameters"]) |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 if len(split_data) == method_info["parameters"]: |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 respond(method_info["function"](*split_data)) |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 else: |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 respond("error: incorrect number of parameters to method '%s'"%method) |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 else: |
f5eadba27120
mod_auth_external: Add example Python script
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 respond("error: method '%s' not implemented"%method) |