Mercurial > prosody-modules
changeset 3472:ac1f63cdb6d6
mod_auth_token: Check realm against module.host
author | JC Brand <jc@opkode.com> |
---|---|
date | Thu, 28 Feb 2019 12:31:54 +0100 (2019-02-28) |
parents | b4bcb84997e7 |
children | fd889eb16541 |
files | mod_auth_token/token_auth_utils.lib.lua |
diffstat | 1 files changed, 9 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_auth_token/token_auth_utils.lib.lua Tue Feb 26 15:58:58 2019 +0100 +++ b/mod_auth_token/token_auth_utils.lib.lua Thu Feb 28 12:31:54 2019 +0100 @@ -36,6 +36,11 @@ function verify_token(username, password, realm, otp_seed, token_secret, log) + if (realm ~= module.host) then + log("debug", "Verification failed: realm ~= module.host"); + return false; + end + local totp = otp.new_totp_from_key(otp_seed, OTP_DIGITS, OTP_INTERVAL) local token = string.match(password, "(%d+) ") local otp = token:sub(1,8) @@ -44,17 +49,17 @@ local jid = username.."@"..realm if totp:verify(otp, OTP_DEVIATION, luatz.gmtime(luatz.time())) then - -- log("debug", "**** THE OTP WAS VERIFIED ****** "); + log("debug", "The TOTP was verified"); local hmac_ctx = hmac.new(token_secret, DIGEST_TYPE) if signature == hmac_ctx:final(otp..nonce..jid) then - -- log("debug", "**** THE KEY WAS VERIFIED ****** "); + log("debug", "The key was verified"); if check_nonce(jid, otp, nonce) then - -- log("debug", "**** THE NONCE WAS VERIFIED ****** "); + log("debug", "The nonce was verified"); return true; end end end - -- log("debug", "**** VERIFICATION FAILED ****** "); + log("debug", "Verification failed"); return false; end