prosody-modules: mod_sasl_oauthbearer/mod_sasl

annotate mod_sasl_oauthbearer/mod_sasl_oauthbearer.lua @ 4738:5aee8d86629a

mod_bookmarks2: Fix handling of nick and password elements This form of child retrieval fails when the stanza elements internally don't have an 'xmlns' attribute, which can happen sometimes for some reason, including when they have been constructed via the stanza builder API. When that is the case then the explicit namespace arguemnt does not match the nil value of the internal attribute. Calling `:get_child()` without the namespace argument does the right thing here, with both nil and the parent namespace as valid values for the internal attribute.

author	Kim Alvefur <zash@zash.se>
date	Wed, 03 Nov 2021 21:11:55 +0100
parents	73ada978dabc
children

rev	line source
3114 73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	1 local s_match = string.match;
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	2 local registerMechanism = require "util.sasl".registerMechanism;
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	3 local saslprep = require "util.encodings".stringprep.saslprep;
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	4 local nodeprep = require "util.encodings".stringprep.nodeprep;
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	5 local log = require "util.logger".init("sasl");
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	6 local _ENV = nil;
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	7
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	8
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	9 local function oauthbearer(self, message)
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	10 if not message then
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	11 return "failure", "malformed-request";
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	12 end
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	13
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	14 local authorization, password = s_match(message, "^n,a=([^,]*),\1auth=Bearer ([^\1]+)");
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	15 if not authorization then
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	16 return "failure", "malformed-request";
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	17 end
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	18
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	19 local authentication = s_match(authorization, "(.-)@.*");
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	20
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	21 -- SASLprep password and authentication
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	22 authentication = saslprep(authentication);
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	23 password = saslprep(password);
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	24
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	25 if (not password) or (password == "") or (not authentication) or (authentication == "") then
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	26 log("debug", "Username or password violates SASLprep.");
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	27 return "failure", "malformed-request", "Invalid username or password.";
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	28 end
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	29
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	30 local _nodeprep = self.profile.nodeprep;
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	31 if _nodeprep ~= false then
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	32 authentication = (_nodeprep or nodeprep)(authentication);
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	33 if not authentication or authentication == "" then
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	34 return "failure", "malformed-request", "Invalid username or password."
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	35 end
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	36 end
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	37
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	38 local correct, state = false, false;
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	39 correct, state = self.profile.oauthbearer(self, authentication, password, self.realm);
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	40
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	41 self.username = authentication
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	42 if state == false then
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	43 return "failure", "account-disabled";
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	44 elseif state == nil or not correct then
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	45 return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent.";
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	46 end
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	47 return "success";
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	48 end
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	49
73ada978dabc mod_sasl_oauthbearer and mod_auth_oauthbearer JC Brand <jc@opkode.com> parents: diff changeset	50 registerMechanism("OAUTHBEARER", {"oauthbearer"}, oauthbearer);

Mercurial > prosody-modules

annotate mod_sasl_oauthbearer/mod_sasl_oauthbearer.lua @ 4738:5aee8d86629a