diff mod_auth_http_async/mod_auth_http_async.lua @ 1421:295c30e44ba8

mod_auth_http_async: Async HTTP auth module
author Kim Alvefur <zash@zash.se>
date Thu, 29 May 2014 17:46:42 +0200
parents
children 39a0a35f02bc
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_auth_http_async/mod_auth_http_async.lua	Thu May 29 17:46:42 2014 +0200
@@ -0,0 +1,75 @@
+-- Prosody IM
+-- Copyright (C) 2008-2013 Matthew Wild
+-- Copyright (C) 2008-2013 Waqas Hussain
+-- Copyright (C) 2014 Kim Alvefur
+--
+-- This project is MIT/X11 licensed. Please see the
+-- COPYING file in the source package for more information.
+--
+
+local usermanager = require "core.usermanager";
+local new_sasl = require "util.sasl".new;
+local base64 = require "util.encodings".base64.encode;
+local waiter =require "util.async".waiter;
+local http = require "net.http";
+
+local log = module._log;
+local host = module.host;
+
+local api_base = module:get_option_string("http_auth_url",  ""):gsub("$host", host);
+if api_base == "" then error("http_auth_url required") end
+
+local provider = {};
+
+function provider.test_password(username, password)
+	log("debug", "test password for user %s at host %s", username, host);
+
+	local wait, done = waiter();
+
+	local code = -1;
+	http.request(api_base:gsub("$user", username), {
+		headers = {
+			Authorization = "Basic "..base64(username..":"..password);
+		};
+	},
+	function(body, _code)
+		code = _code;
+		done();
+	end);
+
+	wait();
+
+	if code >= 200 and code <= 299 then
+		return true;
+	else
+		module:log("debug", "HTTP auth provider returned status code %d", code);
+		return nil, "Auth failed. Invalid username or password.";
+	end
+end
+
+function provider.set_password(username, password)
+	return nil, "Changing passwords not supported";
+end
+
+function provider.user_exists(username)
+	return true;
+end
+
+function provider.create_user(username, password)
+	return nil, "User creation not supported";
+end
+
+function provider.delete_user(username)
+	return nil , "User deletion not supported";
+end
+
+function provider.get_sasl_handler()
+	return new_sasl(host, {
+		plain_test = function(sasl, username, password, realm)
+			return usermanager.test_password(username, realm, password), true;
+		end
+	});
+end
+	
+module:provides("auth", provider);
+