annotate mod_auth_http_async/mod_auth_http_async.lua @ 1479:9a0a0cfd3710

mod_auth_ldap: Change default for ldap_mode to "bind", everyone seems to be using that
author Kim Alvefur <zash@zash.se>
date Tue, 05 Aug 2014 15:23:35 +0200
parents 295c30e44ba8
children 39a0a35f02bc
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1421
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 -- Prosody IM
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 -- Copyright (C) 2008-2013 Matthew Wild
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 -- Copyright (C) 2008-2013 Waqas Hussain
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 -- Copyright (C) 2014 Kim Alvefur
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 --
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 -- This project is MIT/X11 licensed. Please see the
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 -- COPYING file in the source package for more information.
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 --
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 local usermanager = require "core.usermanager";
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 local new_sasl = require "util.sasl".new;
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 local base64 = require "util.encodings".base64.encode;
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 local waiter =require "util.async".waiter;
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 local http = require "net.http";
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 local log = module._log;
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 local host = module.host;
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 local api_base = module:get_option_string("http_auth_url", ""):gsub("$host", host);
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 if api_base == "" then error("http_auth_url required") end
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 local provider = {};
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 function provider.test_password(username, password)
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 log("debug", "test password for user %s at host %s", username, host);
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 local wait, done = waiter();
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 local code = -1;
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 http.request(api_base:gsub("$user", username), {
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 headers = {
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 Authorization = "Basic "..base64(username..":"..password);
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 };
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 },
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 function(body, _code)
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 code = _code;
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 done();
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 end);
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 wait();
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 if code >= 200 and code <= 299 then
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 return true;
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 else
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 module:log("debug", "HTTP auth provider returned status code %d", code);
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 return nil, "Auth failed. Invalid username or password.";
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 end
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 end
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 function provider.set_password(username, password)
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 return nil, "Changing passwords not supported";
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 end
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 function provider.user_exists(username)
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 return true;
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 end
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58 function provider.create_user(username, password)
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59 return nil, "User creation not supported";
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
60 end
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
61
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
62 function provider.delete_user(username)
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63 return nil , "User deletion not supported";
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
64 end
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
65
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
66 function provider.get_sasl_handler()
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
67 return new_sasl(host, {
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
68 plain_test = function(sasl, username, password, realm)
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
69 return usermanager.test_password(username, realm, password), true;
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
70 end
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
71 });
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
72 end
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
73
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
74 module:provides("auth", provider);
295c30e44ba8 mod_auth_http_async: Async HTTP auth module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
75