# HG changeset patch
# User JC Brand <jc@opkode.com>
# Date 1551353514 -3600
# Node ID ac1f63cdb6d6d56e604514595c5a532c76abee2f
# Parent  b4bcb84997e714edcc9166ee6f2d52d3ec3414d8
mod_auth_token: Check realm against module.host

diff -r b4bcb84997e7 -r ac1f63cdb6d6 mod_auth_token/token_auth_utils.lib.lua
--- a/mod_auth_token/token_auth_utils.lib.lua	Tue Feb 26 15:58:58 2019 +0100
+++ b/mod_auth_token/token_auth_utils.lib.lua	Thu Feb 28 12:31:54 2019 +0100
@@ -36,6 +36,11 @@
 
 
 function verify_token(username, password, realm, otp_seed, token_secret, log)
+	if (realm ~= module.host) then
+		log("debug", "Verification failed: realm ~= module.host");
+		return false;
+	end
+
 	local totp = otp.new_totp_from_key(otp_seed, OTP_DIGITS, OTP_INTERVAL)
 	local token = string.match(password, "(%d+) ")
 	local otp = token:sub(1,8)
@@ -44,17 +49,17 @@
 	local jid = username.."@"..realm
 
 	if totp:verify(otp, OTP_DEVIATION, luatz.gmtime(luatz.time())) then
-		-- log("debug", "**** THE OTP WAS VERIFIED ****** ");
+		log("debug", "The TOTP was verified");
 		local hmac_ctx = hmac.new(token_secret, DIGEST_TYPE)
 		if signature == hmac_ctx:final(otp..nonce..jid) then
-			-- log("debug", "**** THE KEY WAS VERIFIED ****** ");
+			log("debug", "The key was verified");
 			if check_nonce(jid, otp, nonce) then
-				-- log("debug", "**** THE NONCE WAS VERIFIED ****** ");
+				log("debug", "The nonce was verified");
 				return true;
 			end
 		end
 	end
-	-- log("debug", "**** VERIFICATION FAILED ****** ");
+	log("debug", "Verification failed");
 	return false;
 end