view mod_auth_token/mod_auth_token.lua @ 3640:b2f32b3c6ec1

mod_smacks: fix bug in bad client handling introduced by last commit Use absolute h-values instead of queue-count to determine if a new request should be sent out or if we are looping instead.
author tmolitor <thilo@eightysoft.de>
date Fri, 02 Aug 2019 18:26:06 +0200
parents d0ca211e1b0e
children 0fb12a4b6106
line wrap: on
line source

-- Copyright (C) 2018 Minddistrict
--
-- This file is MIT/X11 licensed.
--

local host = module.host;
local log = module._log;
local new_sasl = require "util.sasl".new;
local verify_token = module:require "token_auth_utils".verify_token;

local provider = {};


function provider.test_password(username, password, realm)
	log("debug", "Testing signed OTP for user %s at host %s", username, host);
	return verify_token(
		username,
		password,
		realm,
		module:get_option_string("otp_seed"),
		module:get_option_string("token_secret"),
		log
	);
end

function provider.users()
	return function()
		return nil;
	end
end

function provider.set_password(username, password)
	return nil, "Changing passwords not supported";
end

function provider.user_exists(username)
	return true;
end

function provider.create_user(username, password)
	return nil, "User creation not supported";
end

function provider.delete_user(username)
	return nil , "User deletion not supported";
end

function provider.get_sasl_handler()
	local supported_mechanisms = {};
	supported_mechanisms["X-TOKEN"] = true;
	return new_sasl(host, {
		token = function(sasl, username, password, realm)
			return provider.test_password(username, password, realm), true;
		end,
        mechanisms = supported_mechanisms
	});
end

module:provides("auth", provider);