Mercurial > prosody-modules

diff mod_auth_sql/mod_auth_sql.lua @ 455:52f2188ec47d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_default_vcard: Sets initial vCard from data enterd on registration
author Kim Alvefur <zash@zash.se>
date Sat, 15 Oct 2011 13:43:37 +0200
parents 4e0d36941ba1
children bbea8081c865
line wrap: on
line diff
--- a/mod_auth_sql/mod_auth_sql.lua	Tue Oct 11 01:42:31 2011 +0100
+++ b/mod_auth_sql/mod_auth_sql.lua	Sat Oct 15 13:43:37 2011 +0200
@@ -7,11 +7,16 @@
 local new_sasl = require "util.sasl".new;
 local nodeprep = require "util.encodings".stringprep.nodeprep;
 local DBI = require "DBI"
+local crypt = require "crypt";
 
 local connection;
 local params = module:get_option("sql");
+local host = module.host;
+local realm = module:get_option_string("realm", host);
+local mitm_mode = module:get_option_boolean("mitm_mode");
 
 local resolve_relative_path = require "core.configmanager".resolve_relative_path;
+local datamanager = require "util.datamanager";
 
 local function test_connection()
 	if not connection then return nil; end
@@ -72,7 +77,7 @@
 end
 
 local function get_password(username)
-	local stmt, err = getsql("SELECT `password` FROM `authreg` WHERE `username`=? AND `realm`=?", username, module.host);
+	local stmt, err = getsql("SELECT `password` FROM `users` WHERE `email`=?", username .. "@" .. realm);
 	if stmt then
 		for row in stmt:rows(true) do
 			return row.password;
@@ -80,38 +85,56 @@
 	end
 end
 
-
 provider = { name = "sql" };
 
 function provider.test_password(username, password)
-	return password and get_password(username) == password;
+	local local_data = datamanager.load(username, realm, "accounts") or {};
+	if data.password == password then return true end
+	local dirty;
+	local hash = data.crypted_password;
+	if not hash then
+		hash = get_password(username);
+		if hash then
+			data.crypted_password = hash;
+			dirty = true;
+		else
+			return false
+		end
+	end
+	local ok = password and crypt(password, hash) == password;
+	if ok and mitm_mode then
+		local_data.password = password;
+		dirty = true
+	end
+	if dirty then
+		datamanager.store(username, realm, "accounts", local_data);
+	end
+	return ok
 end
 function provider.get_password(username)
-	return get_password(username);
+	return nil, "Getting password is not supported.";
 end
 function provider.set_password(username, password)
 	return nil, "Setting password is not supported.";
 end
 function provider.user_exists(username)
-	return get_password(username) and true;
+	return datamanager.load(username, realm, "accounts") or get_password(username) and true;
 end
 function provider.create_user(username, password)
 	return nil, "Account creation/modification not supported.";
 end
 function provider.get_sasl_handler()
 	local profile = {
-		plain = function(sasl, username, realm)
+		plain_test = function(sasl, username, password, realm)
 			local prepped_username = nodeprep(username);
 			if not prepped_username then
 				module:log("debug", "NODEprep failed on username: %s", username);
-				return "", nil;
+				return nil;
 			end
-			local password = get_password(prepped_username);
-			if not password then return "", nil; end
-			return password, true;
+			return provider.test_password(prepped_username, password);
 		end
 	};
-	return new_sasl(module.host, profile);
+	return new_sasl(host, profile);
 end
 
 module:add_item("auth-provider", provider);