Mercurial > prosody-modules
comparison mod_auth_token/mod_auth_token.lua @ 3693:0fb12a4b6106
auth_token: Various updates, see below.
* Defer to usermanager when testing the password
* Because of this, don't assume the realm is available when verifying the token
* Fix linting errors
By using the `usermanager`, other modules can now ask the user manager to verify token credentials.
| author | JC Brand <jc@opkode.com> |
|---|---|
| date | Thu, 03 Oct 2019 12:13:44 +0200 |
| parents | d0ca211e1b0e |
| children |
comparison
equal
deleted
inserted
replaced
| 3692:96c6d9b0969f | 3693:0fb12a4b6106 |
|---|---|
| 4 -- | 4 -- |
| 5 | 5 |
| 6 local host = module.host; | 6 local host = module.host; |
| 7 local log = module._log; | 7 local log = module._log; |
| 8 local new_sasl = require "util.sasl".new; | 8 local new_sasl = require "util.sasl".new; |
| 9 local usermanager = require "core.usermanager"; | |
| 9 local verify_token = module:require "token_auth_utils".verify_token; | 10 local verify_token = module:require "token_auth_utils".verify_token; |
| 10 | 11 |
| 11 local provider = {}; | 12 local provider = {}; |
| 12 | 13 |
| 13 | 14 |
| 14 function provider.test_password(username, password, realm) | 15 function provider.test_password(username, password) |
| 15 log("debug", "Testing signed OTP for user %s at host %s", username, host); | 16 log("debug", "Testing signed OTP for user %s at host %s", username, host); |
| 16 return verify_token( | 17 return verify_token( |
| 17 username, | 18 username, |
| 18 password, | 19 password, |
| 19 realm, | |
| 20 module:get_option_string("otp_seed"), | 20 module:get_option_string("otp_seed"), |
| 21 module:get_option_string("token_secret"), | 21 module:get_option_string("token_secret"), |
| 22 log | 22 log |
| 23 ); | 23 ); |
| 24 end | 24 end |
| 48 function provider.get_sasl_handler() | 48 function provider.get_sasl_handler() |
| 49 local supported_mechanisms = {}; | 49 local supported_mechanisms = {}; |
| 50 supported_mechanisms["X-TOKEN"] = true; | 50 supported_mechanisms["X-TOKEN"] = true; |
| 51 return new_sasl(host, { | 51 return new_sasl(host, { |
| 52 token = function(sasl, username, password, realm) | 52 token = function(sasl, username, password, realm) |
| 53 return provider.test_password(username, password, realm), true; | 53 return usermanager.test_password(username, realm, password), true; |
| 54 end, | 54 end, |
| 55 mechanisms = supported_mechanisms | 55 mechanisms = supported_mechanisms |
| 56 }); | 56 }); |
| 57 end | 57 end |
| 58 | 58 |