Mercurial > prosody-modules
comparison mod_auth_internal_yubikey/mod_auth_internal_yubikey.lua @ 816:960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
| author | Waqas Hussain <waqas20@gmail.com> |
|---|---|
| date | Thu, 13 Sep 2012 00:17:42 +0500 |
| parents | 881ec9919144 |
| children | 490cb9161c81 |
comparison
equal
deleted
inserted
replaced
| 815:b16b291d68c3 | 816:960007b0901e |
|---|---|
| 43 end; | 43 end; |
| 44 }); | 44 }); |
| 45 | 45 |
| 46 local global_yubikey_key = module:get_option_string("yubikey_key"); | 46 local global_yubikey_key = module:get_option_string("yubikey_key"); |
| 47 | 47 |
| 48 function new_default_provider(host) | 48 local host = module.host; |
| 49 local provider = {}; | 49 local provider = {}; |
| 50 log("debug", "initializing default authentication provider for host '%s'", host); | 50 log("debug", "initializing default authentication provider for host '%s'", host); |
| 51 | 51 |
| 52 function provider.test_password(username, password) | 52 function provider.test_password(username, password) |
| 53 log("debug", "test password '%s' for user %s at host %s", password, username, module.host); | 53 log("debug", "test password '%s' for user %s at host %s", password, username, module.host); |
| 54 | |
| 55 local account_info = datamanager.load(username, host, "accounts") or {}; | |
| 56 local yubikey_key = account_info.yubikey_key or global_yubikey_key; | |
| 57 if account_info.yubikey_key then | |
| 58 log("debug", "Authenticating Yubikey OTP for %s", username); | |
| 59 local authed, err = yubikey:authenticate(password, account_info.yubikey_key, account_info.yubikey_state or {}, { account = account_info, username = username, host = host }); | |
| 60 if not authed then | |
| 61 log("debug", "Failed to authenticate %s via OTP: %s", username, err); | |
| 62 return authed, err; | |
| 63 end | |
| 64 return authed; | |
| 65 elseif account_info.password and password == account_info.password then | |
| 66 -- No yubikey configured for this user, treat as normal password | |
| 67 log("debug", "No yubikey configured for %s, successful login using password auth", username); | |
| 68 return true; | |
| 69 else | |
| 70 return nil, "Auth failed. Invalid username or password."; | |
| 71 end | |
| 72 end | |
| 73 | |
| 74 function provider.get_password(username) | |
| 75 log("debug", "get_password for username '%s' at host '%s'", username, module.host); | |
| 76 return (datamanager.load(username, host, "accounts") or {}).password; | |
| 77 end | |
| 78 | |
| 79 function provider.set_password(username, password) | |
| 80 local account = datamanager.load(username, host, "accounts"); | |
| 81 if account then | |
| 82 account.password = password; | |
| 83 return datamanager.store(username, host, "accounts", account); | |
| 84 end | |
| 85 return nil, "Account not available."; | |
| 86 end | |
| 87 | |
| 88 function provider.user_exists(username) | |
| 89 local account = datamanager.load(username, host, "accounts"); | |
| 90 if not account then | |
| 91 log("debug", "account not found for username '%s' at host '%s'", username, module.host); | |
| 92 return nil, "Auth failed. Invalid username"; | |
| 93 end | |
| 94 return true; | |
| 95 end | |
| 96 | |
| 97 function provider.create_user(username, password) | |
| 98 return datamanager.store(username, host, "accounts", {password = password}); | |
| 99 end | |
| 100 | |
| 101 function provider.delete_user(username) | |
| 102 return datamanager.store(username, host, "accounts", nil); | |
| 103 end | |
| 104 | |
| 105 function provider.get_sasl_handler() | |
| 106 local realm = module:get_option("sasl_realm") or module.host; | |
| 107 local getpass_authentication_profile = { | |
| 108 plain_test = function(sasl, username, password, realm) | |
| 109 local prepped_username = nodeprep(username); | |
| 110 if not prepped_username then | |
| 111 log("debug", "NODEprep failed on username: %s", username); | |
| 112 return false, nil; | |
| 113 end | |
| 114 | |
| 115 return usermanager.test_password(username, realm, password), true; | |
| 116 end | |
| 117 }; | |
| 118 return new_sasl(realm, getpass_authentication_profile); | |
| 119 end | |
| 54 | 120 |
| 55 local account_info = datamanager.load(username, host, "accounts") or {}; | 121 module:provides("auth", provider); |
| 56 local yubikey_key = account_info.yubikey_key or global_yubikey_key; | |
| 57 if account_info.yubikey_key then | |
| 58 log("debug", "Authenticating Yubikey OTP for %s", username); | |
| 59 local authed, err = yubikey:authenticate(password, account_info.yubikey_key, account_info.yubikey_state or {}, { account = account_info, username = username, host = host }); | |
| 60 if not authed then | |
| 61 log("debug", "Failed to authenticate %s via OTP: %s", username, err); | |
| 62 return authed, err; | |
| 63 end | |
| 64 return authed; | |
| 65 elseif account_info.password and password == account_info.password then | |
| 66 -- No yubikey configured for this user, treat as normal password | |
| 67 log("debug", "No yubikey configured for %s, successful login using password auth", username); | |
| 68 return true; | |
| 69 else | |
| 70 return nil, "Auth failed. Invalid username or password."; | |
| 71 end | |
| 72 end | |
| 73 | |
| 74 function provider.get_password(username) | |
| 75 log("debug", "get_password for username '%s' at host '%s'", username, module.host); | |
| 76 return (datamanager.load(username, host, "accounts") or {}).password; | |
| 77 end | |
| 78 | |
| 79 function provider.set_password(username, password) | |
| 80 local account = datamanager.load(username, host, "accounts"); | |
| 81 if account then | |
| 82 account.password = password; | |
| 83 return datamanager.store(username, host, "accounts", account); | |
| 84 end | |
| 85 return nil, "Account not available."; | |
| 86 end | |
| 87 | |
| 88 function provider.user_exists(username) | |
| 89 local account = datamanager.load(username, host, "accounts"); | |
| 90 if not account then | |
| 91 log("debug", "account not found for username '%s' at host '%s'", username, module.host); | |
| 92 return nil, "Auth failed. Invalid username"; | |
| 93 end | |
| 94 return true; | |
| 95 end | |
| 96 | |
| 97 function provider.create_user(username, password) | |
| 98 return datamanager.store(username, host, "accounts", {password = password}); | |
| 99 end | |
| 100 | |
| 101 function provider.delete_user(username) | |
| 102 return datamanager.store(username, host, "accounts", nil); | |
| 103 end | |
| 104 | |
| 105 function provider.get_sasl_handler() | |
| 106 local realm = module:get_option("sasl_realm") or module.host; | |
| 107 local getpass_authentication_profile = { | |
| 108 plain_test = function(sasl, username, password, realm) | |
| 109 local prepped_username = nodeprep(username); | |
| 110 if not prepped_username then | |
| 111 log("debug", "NODEprep failed on username: %s", username); | |
| 112 return false, nil; | |
| 113 end | |
| 114 | |
| 115 return usermanager.test_password(username, realm, password), true; | |
| 116 end | |
| 117 }; | |
| 118 return new_sasl(realm, getpass_authentication_profile); | |
| 119 end | |
| 120 | |
| 121 return provider; | |
| 122 end | |
| 123 | |
| 124 module:provides("auth", new_default_provider(module.host)); | |
| 125 | 122 |
| 126 function module.command(arg) | 123 function module.command(arg) |
| 127 local command = arg[1]; | 124 local command = arg[1]; |
| 128 table.remove(arg, 1); | 125 table.remove(arg, 1); |
| 129 if command == "associate" then | 126 if command == "associate" then |