Mercurial > prosody-modules

annotate mod_auth_joomla/mod_auth_joomla.lua @ 5616:59d5fc50f602

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Implement refresh token rotation Makes refresh tokens one-time-use, handing out a new refresh token with each access token. Thus if a refresh token is stolen and used by an attacker, the next time the legitimate client tries to use the previous refresh token, it will not work and the attack will be noticed. If the attacker does not use the refresh token, it becomes invalid after the legitimate client uses it. This behavior is recommended by draft-ietf-oauth-security-topics
author Kim Alvefur <zash@zash.se>
date Sun, 23 Jul 2023 02:56:08 +0200
parents 7dbde05b48a9
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
422
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
1 -- Joomla authentication backend for Prosody
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
2 --
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
3 -- Copyright (C) 2011 Waqas Hussain
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
4 --
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
5
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
6 local new_sasl = require "util.sasl".new;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
7 local nodeprep = require "util.encodings".stringprep.nodeprep;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
8 local saslprep = require "util.encodings".stringprep.saslprep;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
9 local DBI = require "DBI"
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
10 local md5 = require "util.hashes".md5;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
11 local uuid_gen = require "util.uuid".generate;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
12
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
13 local connection;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
14 local params = module:get_option("sql");
720
97f6d7c4aaed mod_auth_joomla: Added config option sql.prefix (default = "jos_").
Waqas Hussain <waqas20@gmail.com>
parents: 719
diff changeset
15 local prefix = params and params.prefix or "jos_";
422
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
16
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
17 local resolve_relative_path = require "core.configmanager".resolve_relative_path;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
18
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
19 local function test_connection()
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
20 if not connection then return nil; end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
21 if connection:ping() then
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
22 return true;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
23 else
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
24 module:log("debug", "Database connection closed");
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
25 connection = nil;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
26 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
27 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
28 local function connect()
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
29 if not test_connection() then
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
30 prosody.unlock_globals();
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
31 local dbh, err = DBI.Connect(
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
32 params.driver, params.database,
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
33 params.username, params.password,
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
34 params.host, params.port
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
35 );
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
36 prosody.lock_globals();
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
37 if not dbh then
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
38 module:log("debug", "Database connection failed: %s", tostring(err));
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
39 return nil, err;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
40 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
41 module:log("debug", "Successfully connected to database");
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
42 dbh:autocommit(true); -- don't run in transaction
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
43 connection = dbh;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
44 return connection;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
45 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
46 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
47
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
48 do -- process options to get a db connection
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
49 params = params or { driver = "SQLite3" };
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 814
diff changeset
50
422
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
51 if params.driver == "SQLite3" then
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
52 params.database = resolve_relative_path(prosody.paths.data or ".", params.database or "prosody.sqlite");
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
53 end
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 814
diff changeset
54
422
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
55 assert(params.driver and params.database, "Both the SQL driver and the database need to be specified");
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 814
diff changeset
56
422
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
57 assert(connect());
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
58 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
59
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
60 local function getsql(sql, ...)
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
61 if params.driver == "PostgreSQL" then
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
62 sql = sql:gsub("`", "\"");
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
63 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
64 if not test_connection() then connect(); end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
65 -- do prepared statement stuff
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
66 local stmt, err = connection:prepare(sql);
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
67 if not stmt and not test_connection() then error("connection failed"); end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
68 if not stmt then module:log("error", "QUERY FAILED: %s %s", err, debug.traceback()); return nil, err; end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
69 -- run query
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
70 local ok, err = stmt:execute(...);
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
71 if not ok and not test_connection() then error("connection failed"); end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
72 if not ok then return nil, err; end
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 814
diff changeset
73
422
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
74 return stmt;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
75 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
76 local function setsql(sql, ...)
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
77 local stmt, err = getsql(sql, ...);
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
78 if not stmt then return stmt, err; end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
79 return stmt:affected();
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
80 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
81
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
82 local function get_password(username)
720
97f6d7c4aaed mod_auth_joomla: Added config option sql.prefix (default = "jos_").
Waqas Hussain <waqas20@gmail.com>
parents: 719
diff changeset
83 local stmt, err = getsql("SELECT `password` FROM `"..prefix.."users` WHERE `username`=?", username);
422
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
84 if stmt then
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
85 for row in stmt:rows(true) do
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
86 return row.password;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
87 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
88 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
89 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
90
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
91
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
92 local function getCryptedPassword(plaintext, salt)
719
5e71e24e33fc mod_auth_joomla: Joomla hash should be hex-encoded, not raw binary (thanks Anthony).
Waqas Hussain <waqas20@gmail.com>
parents: 422
diff changeset
93 local salted = plaintext..salt;
5e71e24e33fc mod_auth_joomla: Joomla hash should be hex-encoded, not raw binary (thanks Anthony).
Waqas Hussain <waqas20@gmail.com>
parents: 422
diff changeset
94 return md5(salted, true);
422
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
95 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
96 local function joomlaCheckHash(password, hash)
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
97 local crypt, salt = hash:match("^([^:]*):(.*)$");
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
98 return (crypt or hash) == getCryptedPassword(password, salt or '');
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
99 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
100 local function joomlaCreateHash(password)
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
101 local salt = uuid_gen():gsub("%-", "");
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
102 local crypt = getCryptedPassword(password, salt);
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
103 return crypt..':'..salt;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
104 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
105
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
106
814
881ec9919144 mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.
Waqas Hussain <waqas20@gmail.com>
parents: 720
diff changeset
107 provider = {};
422
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
108
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
109 function provider.test_password(username, password)
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
110 local hash = get_password(username);
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
111 return hash and joomlaCheckHash(password, hash);
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
112 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
113 function provider.user_exists(username)
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
114 module:log("debug", "test user %s existence", username);
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
115 return get_password(username) and true;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
116 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
117
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
118 function provider.get_password(username)
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
119 return nil, "Getting password is not supported.";
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
120 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
121 function provider.set_password(username, password)
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
122 local hash = joomlaCreateHash(password);
720
97f6d7c4aaed mod_auth_joomla: Added config option sql.prefix (default = "jos_").
Waqas Hussain <waqas20@gmail.com>
parents: 719
diff changeset
123 local stmt, err = setsql("UPDATE `"..prefix.."users` SET `password`=? WHERE `username`=?", hash, username);
422
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
124 return stmt and true, err;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
125 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
126 function provider.create_user(username, password)
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
127 return nil, "Account creation/modification not supported.";
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
128 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
129
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
130 local escapes = {
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
131 [" "] = "\\20";
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
132 ['"'] = "\\22";
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
133 ["&"] = "\\26";
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
134 ["'"] = "\\27";
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
135 ["/"] = "\\2f";
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
136 [":"] = "\\3a";
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
137 ["<"] = "\\3c";
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
138 [">"] = "\\3e";
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
139 ["@"] = "\\40";
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
140 ["\\"] = "\\5c";
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
141 };
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
142 local unescapes = {};
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
143 for k,v in pairs(escapes) do unescapes[v] = k; end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
144 local function jid_escape(s) return s and (s:gsub(".", escapes)); end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
145 local function jid_unescape(s) return s and (s:gsub("\\%x%x", unescapes)); end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
146
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
147 function provider.get_sasl_handler()
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
148 local sasl = {};
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
149 function sasl:clean_clone() return provider.get_sasl_handler(); end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
150 function sasl:mechanisms() return { PLAIN = true; }; end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
151 function sasl:select(mechanism)
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
152 if not self.selected and mechanism == "PLAIN" then
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
153 self.selected = mechanism;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
154 return true;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
155 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
156 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
157 function sasl:process(message)
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
158 if not message then return "failure", "malformed-request"; end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
159 local authorization, authentication, password = message:match("^([^%z]*)%z([^%z]+)%z([^%z]+)");
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
160 if not authorization then return "failure", "malformed-request"; end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
161 authentication = saslprep(authentication);
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
162 password = saslprep(password);
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
163 if (not password) or (password == "") or (not authentication) or (authentication == "") then
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
164 return "failure", "malformed-request", "Invalid username or password.";
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
165 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
166 local function test(authentication)
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
167 local prepped = nodeprep(authentication);
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
168 local normalized = jid_unescape(prepped);
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
169 return normalized and provider.test_password(normalized, password) and prepped;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
170 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
171 local username = test(authentication) or test(jid_escape(authentication));
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
172 if username then
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
173 self.username = username;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
174 return "success";
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
175 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
176 return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent.";
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
177 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
178 return sasl;
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
179 end
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
180
814
881ec9919144 mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.
Waqas Hussain <waqas20@gmail.com>
parents: 720
diff changeset
181 module:provides("auth", provider);
422
1082856e4612 mod_auth_joomla: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
182