Mercurial > prosody-modules
comparison mod_sasl_oauthbearer/mod_sasl_oauthbearer.lua @ 3114:73ada978dabc
mod_sasl_oauthbearer and mod_auth_oauthbearer
Two new modules for logging in with OAuth tokens.
| author | JC Brand <jc@opkode.com> |
|---|---|
| date | Wed, 13 Jun 2018 17:09:49 +0000 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 3113:8298b06e6603 | 3114:73ada978dabc |
|---|---|
| 1 local s_match = string.match; | |
| 2 local registerMechanism = require "util.sasl".registerMechanism; | |
| 3 local saslprep = require "util.encodings".stringprep.saslprep; | |
| 4 local nodeprep = require "util.encodings".stringprep.nodeprep; | |
| 5 local log = require "util.logger".init("sasl"); | |
| 6 local _ENV = nil; | |
| 7 | |
| 8 | |
| 9 local function oauthbearer(self, message) | |
| 10 if not message then | |
| 11 return "failure", "malformed-request"; | |
| 12 end | |
| 13 | |
| 14 local authorization, password = s_match(message, "^n,a=([^,]*),\1auth=Bearer ([^\1]+)"); | |
| 15 if not authorization then | |
| 16 return "failure", "malformed-request"; | |
| 17 end | |
| 18 | |
| 19 local authentication = s_match(authorization, "(.-)@.*"); | |
| 20 | |
| 21 -- SASLprep password and authentication | |
| 22 authentication = saslprep(authentication); | |
| 23 password = saslprep(password); | |
| 24 | |
| 25 if (not password) or (password == "") or (not authentication) or (authentication == "") then | |
| 26 log("debug", "Username or password violates SASLprep."); | |
| 27 return "failure", "malformed-request", "Invalid username or password."; | |
| 28 end | |
| 29 | |
| 30 local _nodeprep = self.profile.nodeprep; | |
| 31 if _nodeprep ~= false then | |
| 32 authentication = (_nodeprep or nodeprep)(authentication); | |
| 33 if not authentication or authentication == "" then | |
| 34 return "failure", "malformed-request", "Invalid username or password." | |
| 35 end | |
| 36 end | |
| 37 | |
| 38 local correct, state = false, false; | |
| 39 correct, state = self.profile.oauthbearer(self, authentication, password, self.realm); | |
| 40 | |
| 41 self.username = authentication | |
| 42 if state == false then | |
| 43 return "failure", "account-disabled"; | |
| 44 elseif state == nil or not correct then | |
| 45 return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent."; | |
| 46 end | |
| 47 return "success"; | |
| 48 end | |
| 49 | |
| 50 registerMechanism("OAUTHBEARER", {"oauthbearer"}, oauthbearer); |