changeset 3472:ac1f63cdb6d6

mod_auth_token: Check realm against module.host
author JC Brand <jc@opkode.com>
date Thu, 28 Feb 2019 12:31:54 +0100 (2019-02-28)
parents b4bcb84997e7
children fd889eb16541
files mod_auth_token/token_auth_utils.lib.lua
diffstat 1 files changed, 9 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/mod_auth_token/token_auth_utils.lib.lua	Tue Feb 26 15:58:58 2019 +0100
+++ b/mod_auth_token/token_auth_utils.lib.lua	Thu Feb 28 12:31:54 2019 +0100
@@ -36,6 +36,11 @@
 
 
 function verify_token(username, password, realm, otp_seed, token_secret, log)
+	if (realm ~= module.host) then
+		log("debug", "Verification failed: realm ~= module.host");
+		return false;
+	end
+
 	local totp = otp.new_totp_from_key(otp_seed, OTP_DIGITS, OTP_INTERVAL)
 	local token = string.match(password, "(%d+) ")
 	local otp = token:sub(1,8)
@@ -44,17 +49,17 @@
 	local jid = username.."@"..realm
 
 	if totp:verify(otp, OTP_DEVIATION, luatz.gmtime(luatz.time())) then
-		-- log("debug", "**** THE OTP WAS VERIFIED ****** ");
+		log("debug", "The TOTP was verified");
 		local hmac_ctx = hmac.new(token_secret, DIGEST_TYPE)
 		if signature == hmac_ctx:final(otp..nonce..jid) then
-			-- log("debug", "**** THE KEY WAS VERIFIED ****** ");
+			log("debug", "The key was verified");
 			if check_nonce(jid, otp, nonce) then
-				-- log("debug", "**** THE NONCE WAS VERIFIED ****** ");
+				log("debug", "The nonce was verified");
 				return true;
 			end
 		end
 	end
-	-- log("debug", "**** VERIFICATION FAILED ****** ");
+	log("debug", "Verification failed");
 	return false;
 end