Mercurial > prosody-modules
comparison mod_auth_token/mod_auth_token.lua @ 3693:0fb12a4b6106
auth_token: Various updates, see below.
* Defer to usermanager when testing the password
* Because of this, don't assume the realm is available when verifying the token
* Fix linting errors
By using the `usermanager`, other modules can now ask the user manager to verify token credentials.
author | JC Brand <jc@opkode.com> |
---|---|
date | Thu, 03 Oct 2019 12:13:44 +0200 |
parents | d0ca211e1b0e |
children |
comparison
equal
deleted
inserted
replaced
3692:96c6d9b0969f | 3693:0fb12a4b6106 |
---|---|
4 -- | 4 -- |
5 | 5 |
6 local host = module.host; | 6 local host = module.host; |
7 local log = module._log; | 7 local log = module._log; |
8 local new_sasl = require "util.sasl".new; | 8 local new_sasl = require "util.sasl".new; |
9 local usermanager = require "core.usermanager"; | |
9 local verify_token = module:require "token_auth_utils".verify_token; | 10 local verify_token = module:require "token_auth_utils".verify_token; |
10 | 11 |
11 local provider = {}; | 12 local provider = {}; |
12 | 13 |
13 | 14 |
14 function provider.test_password(username, password, realm) | 15 function provider.test_password(username, password) |
15 log("debug", "Testing signed OTP for user %s at host %s", username, host); | 16 log("debug", "Testing signed OTP for user %s at host %s", username, host); |
16 return verify_token( | 17 return verify_token( |
17 username, | 18 username, |
18 password, | 19 password, |
19 realm, | |
20 module:get_option_string("otp_seed"), | 20 module:get_option_string("otp_seed"), |
21 module:get_option_string("token_secret"), | 21 module:get_option_string("token_secret"), |
22 log | 22 log |
23 ); | 23 ); |
24 end | 24 end |
48 function provider.get_sasl_handler() | 48 function provider.get_sasl_handler() |
49 local supported_mechanisms = {}; | 49 local supported_mechanisms = {}; |
50 supported_mechanisms["X-TOKEN"] = true; | 50 supported_mechanisms["X-TOKEN"] = true; |
51 return new_sasl(host, { | 51 return new_sasl(host, { |
52 token = function(sasl, username, password, realm) | 52 token = function(sasl, username, password, realm) |
53 return provider.test_password(username, password, realm), true; | 53 return usermanager.test_password(username, realm, password), true; |
54 end, | 54 end, |
55 mechanisms = supported_mechanisms | 55 mechanisms = supported_mechanisms |
56 }); | 56 }); |
57 end | 57 end |
58 | 58 |