annotate mod_auth_custom_http/mod_auth_custom_http.lua @ 5425:3b30635d215c

mod_http_oauth2: Support granting zero role-scopes It seems Very Bad that if you uncheck all roles on the consent page, you get the default scopes, which seems the opposite of what you probably intended. Currently, mod_tokenauth will do the same thing, so work is needed there too to allow issuing tokens without roles. A token without a role could be used for OIDC login, and not much else. This seems like a valuable thing to support.
author Kim Alvefur <zash@zash.se>
date Sun, 07 May 2023 19:29:15 +0200
parents 32d7f05e062f
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1043
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
1 -- Prosody IM
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
2 -- Copyright (C) 2008-2010 Waqas Hussain
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
3 --
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
4 -- This project is MIT/X11 licensed. Please see the
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
5 -- COPYING file in the source package for more information.
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
6 --
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
7
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
8 local new_sasl = require "util.sasl".new;
2867
94d8960385aa mod_auth_custom_http: Fix json.encode impoper reference
Senya <senya@kinetiksoft.com>
parents: 1343
diff changeset
9 local json = require "util.json";
3989
32d7f05e062f mod_auth_custom_http: Unlock globals while loading socket.http
Matthew Wild <mwild1@gmail.com>
parents: 2867
diff changeset
10 prosody.unlock_globals();
1046
b9d47487d550 mod_auth_custom_http: Organize imports, and make the URL a config option.
Waqas Hussain <waqas20@gmail.com>
parents: 1045
diff changeset
11 local http = require "socket.http";
3989
32d7f05e062f mod_auth_custom_http: Unlock globals while loading socket.http
Matthew Wild <mwild1@gmail.com>
parents: 2867
diff changeset
12 prosody.lock_globals();
1046
b9d47487d550 mod_auth_custom_http: Organize imports, and make the URL a config option.
Waqas Hussain <waqas20@gmail.com>
parents: 1045
diff changeset
13
b9d47487d550 mod_auth_custom_http: Organize imports, and make the URL a config option.
Waqas Hussain <waqas20@gmail.com>
parents: 1045
diff changeset
14 local options = module:get_option("auth_custom_http");
b9d47487d550 mod_auth_custom_http: Organize imports, and make the URL a config option.
Waqas Hussain <waqas20@gmail.com>
parents: 1045
diff changeset
15 local post_url = options and options.post_url;
b9d47487d550 mod_auth_custom_http: Organize imports, and make the URL a config option.
Waqas Hussain <waqas20@gmail.com>
parents: 1045
diff changeset
16 assert(post_url, "No HTTP POST URL provided");
1043
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
17
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
18 local provider = {};
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
19
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
20 function provider.test_password(username, password)
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
21 return nil, "Not supported"
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
22 end
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
23
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
24 function provider.get_password(username)
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
25 return nil, "Not supported"
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
26 end
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
27
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
28 function provider.set_password(username, password)
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
29 return nil, "Not supported"
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
30 end
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
31
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
32 function provider.user_exists(username)
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
33 return true;
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
34 end
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
35
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
36 function provider.create_user(username, password)
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
37 return nil, "Not supported"
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
38 end
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
39
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
40 function provider.delete_user(username)
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
41 return nil, "Not supported"
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
42 end
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
43
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
44 function provider.get_sasl_handler()
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
45 local getpass_authentication_profile = {
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
46 plain_test = function(sasl, username, password, realm)
2867
94d8960385aa mod_auth_custom_http: Fix json.encode impoper reference
Senya <senya@kinetiksoft.com>
parents: 1343
diff changeset
47 local postdata = json.encode({ username = username, password = password });
1046
b9d47487d550 mod_auth_custom_http: Organize imports, and make the URL a config option.
Waqas Hussain <waqas20@gmail.com>
parents: 1045
diff changeset
48 local result = http.request(post_url, postdata);
1043
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
49 return result == "true", true;
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
50 end,
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
51 };
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
52 return new_sasl(module.host, getpass_authentication_profile);
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
53 end
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 1046
diff changeset
54
1043
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
55
809f7d46ad5c mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
56 module:provides("auth", provider);