prosody-modules: mod_sasl_oauthbearer/mod_sasl

annotate mod_sasl_oauthbearer/mod_sasl_oauthbearer.lua @ 5627:3a5cf8d80089

mod_http_oauth2: Tweak method of centering the UI The percentage here was relative to the viewport width, which on some very wide screens may put the UI slightly outside of the view, requiring scrolling to see. By using a unit relative to the height of the viewport, this is avoided and should work better. But no guarantees, it's still possible to resize the browser or adjust font sizes so that the UI goes out of view.

author	Kim Alvefur <zash@zash.se>
date	Mon, 31 Jul 2023 07:28:09 +0200
parents	73ada978dabc
children

rev	line source
3114 73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	1 local s_match = string.match;
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	2 local registerMechanism = require "util.sasl".registerMechanism;
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	3 local saslprep = require "util.encodings".stringprep.saslprep;
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	4 local nodeprep = require "util.encodings".stringprep.nodeprep;
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	5 local log = require "util.logger".init("sasl");
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	6 local _ENV = nil;
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	7
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	8
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	9 local function oauthbearer(self, message)
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	10 if not message then
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	11 return "failure", "malformed-request";
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	12 end
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	13
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	14 local authorization, password = s_match(message, "^n,a=([^,]*),\1auth=Bearer ([^\1]+)");
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	15 if not authorization then
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	16 return "failure", "malformed-request";
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	17 end
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	18
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	19 local authentication = s_match(authorization, "(.-)@.*");
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	20
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	21 -- SASLprep password and authentication
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	22 authentication = saslprep(authentication);
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	23 password = saslprep(password);
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	24
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	25 if (not password) or (password == "") or (not authentication) or (authentication == "") then
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	26 log("debug", "Username or password violates SASLprep.");
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	27 return "failure", "malformed-request", "Invalid username or password.";
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	28 end
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	29
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	30 local _nodeprep = self.profile.nodeprep;
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	31 if _nodeprep ~= false then
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	32 authentication = (_nodeprep or nodeprep)(authentication);
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	33 if not authentication or authentication == "" then
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	34 return "failure", "malformed-request", "Invalid username or password."
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	35 end
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	36 end
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	37
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	38 local correct, state = false, false;
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	39 correct, state = self.profile.oauthbearer(self, authentication, password, self.realm);
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	40
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	41 self.username = authentication
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	42 if state == false then
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	43 return "failure", "account-disabled";
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	44 elseif state == nil or not correct then
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	45 return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent.";
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	46 end
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	47 return "success";
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	48 end
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	49
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	50 registerMechanism("OAUTHBEARER", {"oauthbearer"}, oauthbearer);

Mercurial > prosody-modules

annotate mod_sasl_oauthbearer/mod_sasl_oauthbearer.lua @ 5627:3a5cf8d80089