Mercurial > prosody-modules
view mod_auth_oauthbearer/mod_auth_oauthbearer.lua @ 4565:3b2ae854842c
mod_muc_bot: Save occupant to room
This has some side-effects:
Firstly, the bot shows up in occupant list, which is nice. Secondly, the
bot starts receiving messages from the room which might be wanted, but
it would be better to join the room for real in this case.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 10 Apr 2021 19:23:25 +0200 |
parents | d2bf9c8be3a3 |
children |
line wrap: on
line source
local host = module.host; local log = module._log; local new_sasl = require "util.sasl".new; local base64 = require "util.encodings".base64.encode; local provider = {}; local oauth_client_id = module:get_option_string("oauth_client_id", ""); local oauth_client_secret = module:get_option_string("oauth_client_secret", ""); local oauth_url = module:get_option_string("oauth_url", ""); if oauth_client_id == "" then error("oauth_client_id required") end if oauth_client_secret == "" then error("oauth_client_secret required") end if oauth_url == "" then error("oauth_url required") end -- globals required by socket.http if rawget(_G, "PROXY") == nil then rawset(_G, "PROXY", false) end if rawget(_G, "base_parsed") == nil then rawset(_G, "base_parsed", false) end local function interp(s, tab) -- String interpolation, so that we can make the oauth_url configurable -- e.g. oauth_url = "https://api.github.com/applications/{{oauth_client_id}}/tokens/{{password}}"; -- -- See: http://lua-users.org/wiki/StringInterpolation return (s:gsub('(%b{})', function(w) return tab[w:sub(3, -3)] or w end)) end function provider.test_password(username, password, realm) log("debug", "Testing signed OAuth2 for user %s at realm %s", username, realm); local https = require "ssl.https"; local url = interp(oauth_url, {oauth_client_id = oauth_client_id, password = password}); module:log("debug", "The URL is: "..url); local _, code, headers, status = https.request{ url = url, headers = { Authorization = "Basic "..base64(oauth_client_id..":"..oauth_client_secret); } }; if type(code) == "number" and code >= 200 and code <= 299 then module:log("debug", "OAuth provider confirmed valid password"); return true; else module:log("debug", "OAuth provider returned status code: "..code); end module:log("warn", "Auth failed. Invalid username/password or misconfiguration."); return nil; end function provider.users() return function() return nil; end end function provider.set_password(username, password) return nil, "Changing passwords not supported"; end function provider.user_exists(username) return true; end function provider.create_user(username, password) return nil, "User creation not supported"; end function provider.delete_user(username) return nil , "User deletion not supported"; end function provider.get_sasl_handler() local supported_mechanisms = {}; supported_mechanisms["OAUTHBEARER"] = true; return new_sasl(host, { oauthbearer = function(sasl, username, password, realm) return provider.test_password(username, password, realm), true; end, mechanisms = supported_mechanisms }); end module:provides("auth", provider);