comparison mod_auth_token/mod_auth_token.lua @ 2956:d0ca211e1b0e

New HMAC token authentication module for Prosody.
author JC Brand <jc@opkode.com>
date Tue, 27 Mar 2018 10:48:04 +0200
parents
children 0fb12a4b6106
comparison
equal deleted inserted replaced
2938:f000ba14d531 2956:d0ca211e1b0e
1 -- Copyright (C) 2018 Minddistrict
2 --
3 -- This file is MIT/X11 licensed.
4 --
5
6 local host = module.host;
7 local log = module._log;
8 local new_sasl = require "util.sasl".new;
9 local verify_token = module:require "token_auth_utils".verify_token;
10
11 local provider = {};
12
13
14 function provider.test_password(username, password, realm)
15 log("debug", "Testing signed OTP for user %s at host %s", username, host);
16 return verify_token(
17 username,
18 password,
19 realm,
20 module:get_option_string("otp_seed"),
21 module:get_option_string("token_secret"),
22 log
23 );
24 end
25
26 function provider.users()
27 return function()
28 return nil;
29 end
30 end
31
32 function provider.set_password(username, password)
33 return nil, "Changing passwords not supported";
34 end
35
36 function provider.user_exists(username)
37 return true;
38 end
39
40 function provider.create_user(username, password)
41 return nil, "User creation not supported";
42 end
43
44 function provider.delete_user(username)
45 return nil , "User deletion not supported";
46 end
47
48 function provider.get_sasl_handler()
49 local supported_mechanisms = {};
50 supported_mechanisms["X-TOKEN"] = true;
51 return new_sasl(host, {
52 token = function(sasl, username, password, realm)
53 return provider.test_password(username, password, realm), true;
54 end,
55 mechanisms = supported_mechanisms
56 });
57 end
58
59 module:provides("auth", provider);