comparison mod_sasl_oauthbearer/mod_sasl_oauthbearer.lua @ 3114:73ada978dabc

mod_sasl_oauthbearer and mod_auth_oauthbearer Two new modules for logging in with OAuth tokens.
author JC Brand <jc@opkode.com>
date Wed, 13 Jun 2018 17:09:49 +0000
parents
children
comparison
equal deleted inserted replaced
3113:8298b06e6603 3114:73ada978dabc
1 local s_match = string.match;
2 local registerMechanism = require "util.sasl".registerMechanism;
3 local saslprep = require "util.encodings".stringprep.saslprep;
4 local nodeprep = require "util.encodings".stringprep.nodeprep;
5 local log = require "util.logger".init("sasl");
6 local _ENV = nil;
7
8
9 local function oauthbearer(self, message)
10 if not message then
11 return "failure", "malformed-request";
12 end
13
14 local authorization, password = s_match(message, "^n,a=([^,]*),\1auth=Bearer ([^\1]+)");
15 if not authorization then
16 return "failure", "malformed-request";
17 end
18
19 local authentication = s_match(authorization, "(.-)@.*");
20
21 -- SASLprep password and authentication
22 authentication = saslprep(authentication);
23 password = saslprep(password);
24
25 if (not password) or (password == "") or (not authentication) or (authentication == "") then
26 log("debug", "Username or password violates SASLprep.");
27 return "failure", "malformed-request", "Invalid username or password.";
28 end
29
30 local _nodeprep = self.profile.nodeprep;
31 if _nodeprep ~= false then
32 authentication = (_nodeprep or nodeprep)(authentication);
33 if not authentication or authentication == "" then
34 return "failure", "malformed-request", "Invalid username or password."
35 end
36 end
37
38 local correct, state = false, false;
39 correct, state = self.profile.oauthbearer(self, authentication, password, self.realm);
40
41 self.username = authentication
42 if state == false then
43 return "failure", "account-disabled";
44 elseif state == nil or not correct then
45 return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent.";
46 end
47 return "success";
48 end
49
50 registerMechanism("OAUTHBEARER", {"oauthbearer"}, oauthbearer);