Mercurial > prosody-modules
annotate mod_auth_custom_http/mod_auth_custom_http.lua @ 5425:3b30635d215c
mod_http_oauth2: Support granting zero role-scopes
It seems Very Bad that if you uncheck all roles on the consent page, you
get the default scopes, which seems the opposite of what you probably
intended. Currently, mod_tokenauth will do the same thing, so work is
needed there too to allow issuing tokens without roles.
A token without a role could be used for OIDC login, and not much else.
This seems like a valuable thing to support.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 07 May 2023 19:29:15 +0200 |
| parents | 32d7f05e062f |
| children |
| rev | line source |
|---|---|
|
1043
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
1 -- Prosody IM |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
2 -- Copyright (C) 2008-2010 Waqas Hussain |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
3 -- |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
4 -- This project is MIT/X11 licensed. Please see the |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
5 -- COPYING file in the source package for more information. |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
6 -- |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
7 |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
8 local new_sasl = require "util.sasl".new; |
|
2867
94d8960385aa
mod_auth_custom_http: Fix json.encode impoper reference
Senya <senya@kinetiksoft.com>
parents:
1343
diff
changeset
|
9 local json = require "util.json"; |
|
3989
32d7f05e062f
mod_auth_custom_http: Unlock globals while loading socket.http
Matthew Wild <mwild1@gmail.com>
parents:
2867
diff
changeset
|
10 prosody.unlock_globals(); |
|
1046
b9d47487d550
mod_auth_custom_http: Organize imports, and make the URL a config option.
Waqas Hussain <waqas20@gmail.com>
parents:
1045
diff
changeset
|
11 local http = require "socket.http"; |
|
3989
32d7f05e062f
mod_auth_custom_http: Unlock globals while loading socket.http
Matthew Wild <mwild1@gmail.com>
parents:
2867
diff
changeset
|
12 prosody.lock_globals(); |
|
1046
b9d47487d550
mod_auth_custom_http: Organize imports, and make the URL a config option.
Waqas Hussain <waqas20@gmail.com>
parents:
1045
diff
changeset
|
13 |
|
b9d47487d550
mod_auth_custom_http: Organize imports, and make the URL a config option.
Waqas Hussain <waqas20@gmail.com>
parents:
1045
diff
changeset
|
14 local options = module:get_option("auth_custom_http"); |
|
b9d47487d550
mod_auth_custom_http: Organize imports, and make the URL a config option.
Waqas Hussain <waqas20@gmail.com>
parents:
1045
diff
changeset
|
15 local post_url = options and options.post_url; |
|
b9d47487d550
mod_auth_custom_http: Organize imports, and make the URL a config option.
Waqas Hussain <waqas20@gmail.com>
parents:
1045
diff
changeset
|
16 assert(post_url, "No HTTP POST URL provided"); |
|
1043
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
17 |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
18 local provider = {}; |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
19 |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
20 function provider.test_password(username, password) |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
21 return nil, "Not supported" |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
22 end |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
23 |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
24 function provider.get_password(username) |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
25 return nil, "Not supported" |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
26 end |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
27 |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
28 function provider.set_password(username, password) |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
29 return nil, "Not supported" |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
30 end |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
31 |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
32 function provider.user_exists(username) |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
33 return true; |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
34 end |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
35 |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
36 function provider.create_user(username, password) |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
37 return nil, "Not supported" |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
38 end |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
39 |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
40 function provider.delete_user(username) |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
41 return nil, "Not supported" |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
42 end |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
43 |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
44 function provider.get_sasl_handler() |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
45 local getpass_authentication_profile = { |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
46 plain_test = function(sasl, username, password, realm) |
|
2867
94d8960385aa
mod_auth_custom_http: Fix json.encode impoper reference
Senya <senya@kinetiksoft.com>
parents:
1343
diff
changeset
|
47 local postdata = json.encode({ username = username, password = password }); |
|
1046
b9d47487d550
mod_auth_custom_http: Organize imports, and make the URL a config option.
Waqas Hussain <waqas20@gmail.com>
parents:
1045
diff
changeset
|
48 local result = http.request(post_url, postdata); |
|
1043
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
49 return result == "true", true; |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
50 end, |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
51 }; |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
52 return new_sasl(module.host, getpass_authentication_profile); |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
53 end |
|
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1046
diff
changeset
|
54 |
|
1043
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
55 |
|
809f7d46ad5c
mod_auth_custom_http: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
56 module:provides("auth", provider); |