annotate mod_auth_phpbb3/mod_auth_phpbb3.lua @ 5241:65892dd1d4ae

mod_http_oauth2: Reject insecure redirect URIs Is this enough, or are they going to be using ftp:// and gopher://?
author Kim Alvefur <zash@zash.se>
date Sat, 11 Mar 2023 22:25:50 +0100
parents 28d99ffa3c06
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
1 -- phpbb3 authentication backend for Prosody
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
2 --
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
3 -- Copyright (C) 2011 Waqas Hussain
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
4 --
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
5
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
6 local log = require "util.logger".init("auth_sql");
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
7 local new_sasl = require "util.sasl".new;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
8 local nodeprep = require "util.encodings".stringprep.nodeprep;
419
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
9 local saslprep = require "util.encodings".stringprep.saslprep;
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
10 local DBI = require "DBI"
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
11 local md5 = require "util.hashes".md5;
377
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
12 local uuid_gen = require "util.uuid".generate;
2168
28d99ffa3c06 mod_auth_phpbb3: Add support for verifying bcrypt hashes (thanks bios)
Kim Alvefur <zash@zash.se>
parents: 1343
diff changeset
13 local have_bcrypt, bcrypt = pcall(require, "bcrypt"); -- available from luarocks
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
14
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
15 local connection;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
16 local params = module:get_option("sql");
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
17
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
18 local resolve_relative_path = require "core.configmanager".resolve_relative_path;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
19
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
20 local function test_connection()
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
21 if not connection then return nil; end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
22 if connection:ping() then
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
23 return true;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
24 else
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
25 module:log("debug", "Database connection closed");
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
26 connection = nil;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
27 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
28 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
29 local function connect()
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
30 if not test_connection() then
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
31 prosody.unlock_globals();
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
32 local dbh, err = DBI.Connect(
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
33 params.driver, params.database,
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
34 params.username, params.password,
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
35 params.host, params.port
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
36 );
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
37 prosody.lock_globals();
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
38 if not dbh then
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
39 module:log("debug", "Database connection failed: %s", tostring(err));
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
40 return nil, err;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
41 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
42 module:log("debug", "Successfully connected to database");
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
43 dbh:autocommit(true); -- don't run in transaction
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
44 connection = dbh;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
45 return connection;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
46 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
47 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
48
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
49 do -- process options to get a db connection
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
50 params = params or { driver = "SQLite3" };
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 814
diff changeset
51
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
52 if params.driver == "SQLite3" then
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
53 params.database = resolve_relative_path(prosody.paths.data or ".", params.database or "prosody.sqlite");
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
54 end
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 814
diff changeset
55
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
56 assert(params.driver and params.database, "Both the SQL driver and the database need to be specified");
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 814
diff changeset
57
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
58 assert(connect());
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
59 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
60
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
61 local function getsql(sql, ...)
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
62 if params.driver == "PostgreSQL" then
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
63 sql = sql:gsub("`", "\"");
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
64 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
65 if not test_connection() then connect(); end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
66 -- do prepared statement stuff
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
67 local stmt, err = connection:prepare(sql);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
68 if not stmt and not test_connection() then error("connection failed"); end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
69 if not stmt then module:log("error", "QUERY FAILED: %s %s", err, debug.traceback()); return nil, err; end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
70 -- run query
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
71 local ok, err = stmt:execute(...);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
72 if not ok and not test_connection() then error("connection failed"); end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
73 if not ok then return nil, err; end
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 814
diff changeset
74
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
75 return stmt;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
76 end
377
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
77 local function setsql(sql, ...)
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
78 local stmt, err = getsql(sql, ...);
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
79 if not stmt then return stmt, err; end
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
80 return stmt:affected();
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
81 end
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
82
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
83 local function get_password(username)
419
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
84 local stmt, err = getsql("SELECT `user_password` FROM `phpbb_users` WHERE `username_clean`=?", username);
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
85 if stmt then
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
86 for row in stmt:rows(true) do
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
87 return row.user_password;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
88 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
89 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
90 end
665
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
91 local function check_sessionids(username, session_id)
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
92 -- TODO add session expiration and auto-login check
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
93 local stmt, err = getsql("SELECT phpbb_sessions.session_id FROM phpbb_sessions INNER JOIN phpbb_users ON phpbb_users.user_id = phpbb_sessions.session_user_id WHERE phpbb_users.username_clean =?", username);
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
94 if stmt then
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
95 for row in stmt:rows(true) do
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
96 -- if row.session_id == session_id then return true; end
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
97
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
98 -- workaround for possible LuaDBI bug
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
99 -- The session_id returned by the sql statement has an additional zero at the end. But that is not in the database.
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
100 if row.session_id == session_id or row.session_id == session_id.."0" then return true; end
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
101 end
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
102 end
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
103 end
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
104
421
816d8e3e83a3 mod_auth_phpbb3: A little refactoring.
Waqas Hussain <waqas20@gmail.com>
parents: 420
diff changeset
105
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
106 local itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
377
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
107 local function hashEncode64(input, count)
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
108 local output = "";
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
109 local i, value = 0, 0;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
110
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
111 while true do
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
112 value = input:byte(i+1)
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
113 i = i+1;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
114 local idx = value % 0x40 + 1;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
115 output = output .. itoa64:sub(idx, idx);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
116
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
117 if i < count then
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
118 value = value + input:byte(i+1) * 256;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
119 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
120 local _ = value % (2^6);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
121 local idx = ((value - _) / (2^6)) % 0x40 + 1
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
122 output = output .. itoa64:sub(idx, idx);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
123
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
124 if i >= count then break; end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
125 i = i+1;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
126
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
127 if i < count then
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
128 value = value + input:byte(i+1) * 256 * 256;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
129 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
130 local _ = value % (2^12);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
131 local idx = ((value - _) / (2^12)) % 0x40 + 1
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
132 output = output .. itoa64:sub(idx, idx);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
133
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
134 if i >= count then break; end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
135 i = i+1;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
136
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
137 local _ = value % (2^18);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
138 local idx = ((value - _) / (2^18)) % 0x40 + 1
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
139 output = output .. itoa64:sub(idx, idx);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
140
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
141 if not(i < count) then break; end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
142 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
143 return output;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
144 end
377
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
145 local function hashCryptPrivate(password, genSalt)
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
146 local output = "*";
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
147 if not genSalt:match("^%$H%$") then return output; end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
148
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
149 local count_log2 = itoa64:find(genSalt:sub(4,4)) - 1;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
150 if count_log2 < 7 or count_log2 > 30 then return output; end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
151
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
152 local count = 2 ^ count_log2;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
153 local salt = genSalt:sub(5, 12);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
154
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
155 if #salt ~= 8 then return output; end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
156
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
157 local hash = md5(salt..password);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
158
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
159 while true do
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
160 hash = md5(hash..password);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
161 if not(count > 1) then break; end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
162 count = count-1;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
163 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
164
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
165 output = genSalt:sub(1, 12);
377
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
166 output = output .. hashEncode64(hash, 16);
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
167
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
168 return output;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
169 end
377
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
170 local function hashGensaltPrivate(input)
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
171 local iteration_count_log2 = 6;
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
172 local output = "$H$";
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
173 local idx = math.min(iteration_count_log2 + 5, 30) + 1;
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
174 output = output .. itoa64:sub(idx, idx);
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
175 output = output .. hashEncode64(input, 6);
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
176 return output;
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
177 end
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
178 local function phpbbCheckHash(password, hash)
421
816d8e3e83a3 mod_auth_phpbb3: A little refactoring.
Waqas Hussain <waqas20@gmail.com>
parents: 420
diff changeset
179 if #hash == 32 then return hash == md5(password, true); end -- legacy PHPBB2 hash
2168
28d99ffa3c06 mod_auth_phpbb3: Add support for verifying bcrypt hashes (thanks bios)
Kim Alvefur <zash@zash.se>
parents: 1343
diff changeset
180 if #hash == 34 then return hashCryptPrivate(password, hash) == hash; end
28d99ffa3c06 mod_auth_phpbb3: Add support for verifying bcrypt hashes (thanks bios)
Kim Alvefur <zash@zash.se>
parents: 1343
diff changeset
181 if #hash == 60 and have_bcrypt then return bcrypt.verify(password, hash); end
28d99ffa3c06 mod_auth_phpbb3: Add support for verifying bcrypt hashes (thanks bios)
Kim Alvefur <zash@zash.se>
parents: 1343
diff changeset
182 module:log("error", "Unsupported hash: %s", hash);
28d99ffa3c06 mod_auth_phpbb3: Add support for verifying bcrypt hashes (thanks bios)
Kim Alvefur <zash@zash.se>
parents: 1343
diff changeset
183 return false;
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
184 end
421
816d8e3e83a3 mod_auth_phpbb3: A little refactoring.
Waqas Hussain <waqas20@gmail.com>
parents: 420
diff changeset
185 local function phpbbCreateHash(password)
377
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
186 local random = uuid_gen():sub(-6);
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
187 local salt = hashGensaltPrivate(random);
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
188 local hash = hashCryptPrivate(password, salt);
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
189 if #hash == 34 then return hash; end
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
190 return md5(password, true);
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
191 end
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
192
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
193
814
881ec9919144 mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.
Waqas Hussain <waqas20@gmail.com>
parents: 665
diff changeset
194 provider = {};
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
195
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
196 function provider.test_password(username, password)
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
197 local hash = get_password(username);
375
cac309a3d655 mod_auth_phpbb3: Fixed traceback when logging in as a non-existent user.
Waqas Hussain <waqas20@gmail.com>
parents: 374
diff changeset
198 return hash and phpbbCheckHash(password, hash);
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
199 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
200 function provider.user_exists(username)
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
201 module:log("debug", "test user %s existence", username);
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
202 return get_password(username) and true;
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
203 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
204
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
205 function provider.get_password(username)
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
206 return nil, "Getting password is not supported.";
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
207 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
208 function provider.set_password(username, password)
421
816d8e3e83a3 mod_auth_phpbb3: A little refactoring.
Waqas Hussain <waqas20@gmail.com>
parents: 420
diff changeset
209 local hash = phpbbCreateHash(password);
626
f19f723571d9 mod_auth_phpbb3: Match the username_clean column instead of the username column when updating password.
Waqas Hussain <waqas20@gmail.com>
parents: 421
diff changeset
210 local stmt, err = setsql("UPDATE `phpbb_users` SET `user_password`=? WHERE `username_clean`=?", hash, username);
377
145fa870321c mod_auth_phpbb3: Implement password change.
Waqas Hussain <waqas20@gmail.com>
parents: 376
diff changeset
211 return stmt and true, err;
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
212 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
213 function provider.create_user(username, password)
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
214 return nil, "Account creation/modification not supported.";
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
215 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
216
419
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
217 local escapes = {
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
218 [" "] = "\\20";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
219 ['"'] = "\\22";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
220 ["&"] = "\\26";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
221 ["'"] = "\\27";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
222 ["/"] = "\\2f";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
223 [":"] = "\\3a";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
224 ["<"] = "\\3c";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
225 [">"] = "\\3e";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
226 ["@"] = "\\40";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
227 ["\\"] = "\\5c";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
228 };
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
229 local unescapes = {};
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
230 for k,v in pairs(escapes) do unescapes[v] = k; end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
231 local function jid_escape(s) return s and (s:gsub(".", escapes)); end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
232 local function jid_unescape(s) return s and (s:gsub("\\%x%x", unescapes)); end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
233
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
234 function provider.get_sasl_handler()
419
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
235 local sasl = {};
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
236 function sasl:clean_clone() return provider.get_sasl_handler(); end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
237 function sasl:mechanisms() return { PLAIN = true; }; end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
238 function sasl:select(mechanism)
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
239 if not self.selected and mechanism == "PLAIN" then
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
240 self.selected = mechanism;
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
241 return true;
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
242 end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
243 end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
244 function sasl:process(message)
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
245 if not message then return "failure", "malformed-request"; end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
246 local authorization, authentication, password = message:match("^([^%z]*)%z([^%z]+)%z([^%z]+)");
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
247 if not authorization then return "failure", "malformed-request"; end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
248 authentication = saslprep(authentication);
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
249 password = saslprep(password);
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
250 if (not password) or (password == "") or (not authentication) or (authentication == "") then
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
251 return "failure", "malformed-request", "Invalid username or password.";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
252 end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
253 local function test(authentication)
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
254 local prepped = nodeprep(authentication);
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
255 local normalized = jid_unescape(prepped);
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
256 return normalized and provider.test_password(normalized, password) and prepped;
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
257 end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
258 local username = test(authentication) or test(jid_escape(authentication));
665
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
259 if not username and params.sessionid_as_password then
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
260 local function test(authentication)
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
261 local prepped = nodeprep(authentication);
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
262 local normalized = jid_unescape(prepped);
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
263 return normalized and check_sessionids(normalized, password) and prepped;
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
264 end
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
265 username = test(authentication) or test(jid_escape(authentication));
684cc57a49c1 mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
Waqas Hussain <waqas20@gmail.com>
parents: 626
diff changeset
266 end
419
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
267 if username then
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
268 self.username = username;
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
269 return "success";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
270 end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
271 return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent.";
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
272 end
2a2b70e1a998 mod_auth_phpbb3: Apply stringprep, and try automatic JID escaping to derive username.
Waqas Hussain <waqas20@gmail.com>
parents: 377
diff changeset
273 return sasl;
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
274 end
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
275
814
881ec9919144 mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.
Waqas Hussain <waqas20@gmail.com>
parents: 665
diff changeset
276 module:provides("auth", provider);
373
81c7b36e6cdd mod_auth_phpbb3: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
277