Mercurial > prosody-modules
view mod_sasl_oauthbearer/mod_sasl_oauthbearer.lua @ 4629:0e60ce83205c
mod_s2s_keepalive: Ignore errors from the local server
If a stanza can't be delivered and instead an bounce is generated, the
origin of the error, when different from the stanza 'from' should be
indicated in the 'by' attribute of the <error>, which we look for here
so this doesn't count as a successful ping.
An error that does come from the remote means we have connectivity, but
probably no XEP-0199 handling. This is fine. We care about connectivity,
not protocol.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 21 Jul 2021 15:57:13 +0200 |
parents | 73ada978dabc |
children |
line wrap: on
line source
local s_match = string.match; local registerMechanism = require "util.sasl".registerMechanism; local saslprep = require "util.encodings".stringprep.saslprep; local nodeprep = require "util.encodings".stringprep.nodeprep; local log = require "util.logger".init("sasl"); local _ENV = nil; local function oauthbearer(self, message) if not message then return "failure", "malformed-request"; end local authorization, password = s_match(message, "^n,a=([^,]*),\1auth=Bearer ([^\1]+)"); if not authorization then return "failure", "malformed-request"; end local authentication = s_match(authorization, "(.-)@.*"); -- SASLprep password and authentication authentication = saslprep(authentication); password = saslprep(password); if (not password) or (password == "") or (not authentication) or (authentication == "") then log("debug", "Username or password violates SASLprep."); return "failure", "malformed-request", "Invalid username or password."; end local _nodeprep = self.profile.nodeprep; if _nodeprep ~= false then authentication = (_nodeprep or nodeprep)(authentication); if not authentication or authentication == "" then return "failure", "malformed-request", "Invalid username or password." end end local correct, state = false, false; correct, state = self.profile.oauthbearer(self, authentication, password, self.realm); self.username = authentication if state == false then return "failure", "account-disabled"; elseif state == nil or not correct then return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent."; end return "success"; end registerMechanism("OAUTHBEARER", {"oauthbearer"}, oauthbearer);