Mercurial > prosody-modules
view mod_sasl_oauthbearer/mod_sasl_oauthbearer.lua @ 5951:d6a695abb33c
mod_ping_muc: Delay ping a configurable amount of time
If a server is restarting, checking immediately before it has a chance
to complete its restart and get ready would often fail, preventing the
possibility of transparent restarts as supported by Prosody's mod_muc.
Reconnecting immediately when a connection is closed for being idle, or
because the remote server is trying to reclaim some resources, is also
counter-productive as the connection may fail.
Also, if there is some Internet routing problem affecting s2s, it may
help to wait a bit before checking, in case the problem resolved itself
in the mean time.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 11 Aug 2024 16:10:24 +0200 |
parents | 73ada978dabc |
children |
line wrap: on
line source
local s_match = string.match; local registerMechanism = require "util.sasl".registerMechanism; local saslprep = require "util.encodings".stringprep.saslprep; local nodeprep = require "util.encodings".stringprep.nodeprep; local log = require "util.logger".init("sasl"); local _ENV = nil; local function oauthbearer(self, message) if not message then return "failure", "malformed-request"; end local authorization, password = s_match(message, "^n,a=([^,]*),\1auth=Bearer ([^\1]+)"); if not authorization then return "failure", "malformed-request"; end local authentication = s_match(authorization, "(.-)@.*"); -- SASLprep password and authentication authentication = saslprep(authentication); password = saslprep(password); if (not password) or (password == "") or (not authentication) or (authentication == "") then log("debug", "Username or password violates SASLprep."); return "failure", "malformed-request", "Invalid username or password."; end local _nodeprep = self.profile.nodeprep; if _nodeprep ~= false then authentication = (_nodeprep or nodeprep)(authentication); if not authentication or authentication == "" then return "failure", "malformed-request", "Invalid username or password." end end local correct, state = false, false; correct, state = self.profile.oauthbearer(self, authentication, password, self.realm); self.username = authentication if state == false then return "failure", "account-disabled"; elseif state == nil or not correct then return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent."; end return "success"; end registerMechanism("OAUTHBEARER", {"oauthbearer"}, oauthbearer);