changeset 4828:56eba4bca28f

mod_password_policy: Allow check_password() to indicate the policy that failed
author Matthew Wild <mwild1@gmail.com>
date Wed, 22 Dec 2021 14:01:53 +0000 (2021-12-22)
parents fe5303da99cb
children caf7e88dc9e5
files mod_password_policy/mod_password_policy.lua
diffstat 1 files changed, 8 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/mod_password_policy/mod_password_policy.lua	Sun Dec 19 01:33:34 2021 +0100
+++ b/mod_password_policy/mod_password_policy.lua	Wed Dec 22 14:01:53 2021 +0000
@@ -18,7 +18,7 @@
 
 function check_password(password)
 	if #password < options.length then
-		return nil, ("Password is too short (minimum %d characters)"):format(options.length);
+		return nil, ("Password is too short (minimum %d characters)"):format(options.length), "length";
 	end
 	return true;
 end
@@ -47,9 +47,13 @@
 		table.insert(passwords, query:get_child_text("password"));
 
 		for _,password in ipairs(passwords) do
-			if password and not check_password(password) then
-				origin.send(st.error_reply(stanza, "cancel", "not-acceptable", "Please use a longer password."));
-				return true;
+			if password then
+				local pw_ok, pw_err, pw_failed_policy = check_password(password);
+				if not pw_ok then
+					module:log("debug", "Password failed check against '%s' policy", pw_failed_policy);
+					origin.send(st.error_reply(stanza, "cancel", "not-acceptable", pw_err));
+					return true;
+				end
 			end
 		end
 	end