Mercurial > prosody-modules
view mod_auth_token/mod_auth_token.lua @ 5265:f845c218e52c
mod_http_oauth2: Allow revoking a token without OAuth client credentials
If you have a valid token, and you're not supposed to have it, revoking
it seems the most responsible thing to do with it, so it should be
allowed, while if you are supposed to have it, you should also be
allowed to revoke it.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 21 Mar 2023 22:02:38 +0100 |
parents | 0fb12a4b6106 |
children |
line wrap: on
line source
-- Copyright (C) 2018 Minddistrict -- -- This file is MIT/X11 licensed. -- local host = module.host; local log = module._log; local new_sasl = require "util.sasl".new; local usermanager = require "core.usermanager"; local verify_token = module:require "token_auth_utils".verify_token; local provider = {}; function provider.test_password(username, password) log("debug", "Testing signed OTP for user %s at host %s", username, host); return verify_token( username, password, module:get_option_string("otp_seed"), module:get_option_string("token_secret"), log ); end function provider.users() return function() return nil; end end function provider.set_password(username, password) return nil, "Changing passwords not supported"; end function provider.user_exists(username) return true; end function provider.create_user(username, password) return nil, "User creation not supported"; end function provider.delete_user(username) return nil , "User deletion not supported"; end function provider.get_sasl_handler() local supported_mechanisms = {}; supported_mechanisms["X-TOKEN"] = true; return new_sasl(host, { token = function(sasl, username, password, realm) return usermanager.test_password(username, realm, password), true; end, mechanisms = supported_mechanisms }); end module:provides("auth", provider);