Mercurial > prosody-modules

comparison mod_audit_auth/mod_audit_auth.lua @ 5748:dfbced5e54b9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_audit_auth: Ignore FAST authentication events by default FAST is more like a cookie that allows linking new connections to a previous (e.g. password) authentication. Since we assume that FAST tokens are secure (not user generated) and not shareable, it reduces a lot of noise by filtering out uninteresting authentication events.
author Matthew Wild <mwild1@gmail.com>
date Fri, 01 Dec 2023 11:34:52 +0000
parents b357ff3d0c8a
children 238c4ac8b735
comparison
equal deleted inserted replaced
5747:111e970213a0 5748:dfbced5e54b9
1 local jid = require"util.jid"; 1 local jid = require"util.jid";
2 2
3 module:depends("audit"); 3 module:depends("audit");
4 -- luacheck: read globals module.audit 4 -- luacheck: read globals module.audit
5
6 local only_passwords = module:get_option_boolean("audit_auth_passwords_only", true);
5 7
6 module:hook("authentication-failure", function(event) 8 module:hook("authentication-failure", function(event)
7 local session = event.session; 9 local session = event.session;
8 module:audit(jid.join(session.sasl_handler.username, module.host), "authentication-failure", { 10 module:audit(jid.join(session.sasl_handler.username, module.host), "authentication-failure", {
9 session = session, 11 session = session,
10 }); 12 });
11 end) 13 end)
12 14
13 module:hook("authentication-success", function(event) 15 module:hook("authentication-success", function(event)
14 local session = event.session; 16 local session = event.session;
17 if only_passwords and session.sasl_handler.fast then
18 return;
19 end
15 module:audit(jid.join(session.sasl_handler.username, module.host), "authentication-success", { 20 module:audit(jid.join(session.sasl_handler.username, module.host), "authentication-success", {
16 session = session, 21 session = session,
17 }); 22 });
18 end) 23 end)