Mercurial > prosody-modules

view mod_auth_cyrus/mod_auth_cyrus.lua @ 5271:3a1df3adad0c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Allow user to decide which requested scopes to grant These should at the very least be shown to the user, so they can decide whether to grant them. Considered whether to filter the requested scopes down to actually understood scopes that would be granted, but decided that this was a bit complex for a first step, since role role selection and other kinds of scopes are mixed into the same field here.
author Kim Alvefur <zash@zash.se>
date Thu, 23 Mar 2023 16:28:08 +0100
parents b8366e31c829
children
line wrap: on
line source

-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
-- luacheck: ignore 212

local log = require "util.logger".init("auth_cyrus");

local usermanager_user_exists = require "core.usermanager".user_exists;

local cyrus_service_realm = module:get_option("cyrus_service_realm");
local cyrus_service_name = module:get_option("cyrus_service_name");
local cyrus_application_name = module:get_option("cyrus_application_name");
local require_provisioning = module:get_option("cyrus_require_provisioning") or false;
local host_fqdn = module:get_option("cyrus_server_fqdn");

prosody.unlock_globals(); --FIXME: Figure out why this is needed and
						  -- why cyrussasl isn't caught by the sandbox
local cyrus_new = module:require "sasl_cyrus".new;
prosody.lock_globals();
local new_sasl = function(realm)
	return cyrus_new(
		cyrus_service_realm or realm,
		cyrus_service_name or "xmpp",
		cyrus_application_name or "prosody",
		host_fqdn
	);
end

do -- diagnostic
	local list;
	for mechanism in pairs(new_sasl(module.host):mechanisms()) do
		list = (not(list) and mechanism) or (list..", "..mechanism);
	end
	if not list then
		module:log("error", "No Cyrus SASL mechanisms available");
	else
		module:log("debug", "Available Cyrus SASL mechanisms: %s", list);
	end
end

local host = module.host;

-- define auth provider
local provider = {};
log("debug", "initializing default authentication provider for host '%s'", host);

function provider.test_password(username, password)
	return nil, "Legacy auth not supported with Cyrus SASL.";
end

function provider.get_password(username)
	return nil, "Passwords unavailable for Cyrus SASL.";
end

function provider.set_password(username, password)
	return nil, "Passwords unavailable for Cyrus SASL.";
end

function provider.user_exists(username)
	if require_provisioning then
		return usermanager_user_exists(username, host);
	end
	return true;
end

function provider.create_user(username, password)
	return nil, "Account creation/modification not available with Cyrus SASL.";
end

function provider.get_sasl_handler()
	local handler = new_sasl(host);
	if require_provisioning then
		function handler.require_provisioning(username)
			return usermanager_user_exists(username, host);
		end
	end
	return handler;
end

module:provides("auth", provider);