Mercurial > prosody-modules
comparison mod_auth_phpbb3/mod_auth_phpbb3.lua @ 665:684cc57a49c1
mod_auth_phpbb3: Optionally allow using PHPBB3 session ID as password ( sql = { sessionid_as_password = true, ... } ).
| author | Waqas Hussain <waqas20@gmail.com> |
|---|---|
| date | Wed, 16 May 2012 17:34:47 +0500 |
| parents | f19f723571d9 |
| children | 881ec9919144 |
comparison
equal
deleted
inserted
replaced
| 664:2f11d2473afd | 665:684cc57a49c1 |
|---|---|
| 82 local function get_password(username) | 82 local function get_password(username) |
| 83 local stmt, err = getsql("SELECT `user_password` FROM `phpbb_users` WHERE `username_clean`=?", username); | 83 local stmt, err = getsql("SELECT `user_password` FROM `phpbb_users` WHERE `username_clean`=?", username); |
| 84 if stmt then | 84 if stmt then |
| 85 for row in stmt:rows(true) do | 85 for row in stmt:rows(true) do |
| 86 return row.user_password; | 86 return row.user_password; |
| 87 end | |
| 88 end | |
| 89 end | |
| 90 local function check_sessionids(username, session_id) | |
| 91 -- TODO add session expiration and auto-login check | |
| 92 local stmt, err = getsql("SELECT phpbb_sessions.session_id FROM phpbb_sessions INNER JOIN phpbb_users ON phpbb_users.user_id = phpbb_sessions.session_user_id WHERE phpbb_users.username_clean =?", username); | |
| 93 if stmt then | |
| 94 for row in stmt:rows(true) do | |
| 95 -- if row.session_id == session_id then return true; end | |
| 96 | |
| 97 -- workaround for possible LuaDBI bug | |
| 98 -- The session_id returned by the sql statement has an additional zero at the end. But that is not in the database. | |
| 99 if row.session_id == session_id or row.session_id == session_id.."0" then return true; end | |
| 87 end | 100 end |
| 88 end | 101 end |
| 89 end | 102 end |
| 90 | 103 |
| 91 | 104 |
| 237 local prepped = nodeprep(authentication); | 250 local prepped = nodeprep(authentication); |
| 238 local normalized = jid_unescape(prepped); | 251 local normalized = jid_unescape(prepped); |
| 239 return normalized and provider.test_password(normalized, password) and prepped; | 252 return normalized and provider.test_password(normalized, password) and prepped; |
| 240 end | 253 end |
| 241 local username = test(authentication) or test(jid_escape(authentication)); | 254 local username = test(authentication) or test(jid_escape(authentication)); |
| 255 if not username and params.sessionid_as_password then | |
| 256 local function test(authentication) | |
| 257 local prepped = nodeprep(authentication); | |
| 258 local normalized = jid_unescape(prepped); | |
| 259 return normalized and check_sessionids(normalized, password) and prepped; | |
| 260 end | |
| 261 username = test(authentication) or test(jid_escape(authentication)); | |
| 262 end | |
| 242 if username then | 263 if username then |
| 243 self.username = username; | 264 self.username = username; |
| 244 return "success"; | 265 return "success"; |
| 245 end | 266 end |
| 246 return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent."; | 267 return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent."; |