prosody-modules
8e1f1eb00b58
mod_audit_auth/mod_audit_auth.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Annotate

mod_audit_auth/mod_audit_auth.lua @ 5285:8e1f1eb00b58

mod_sasl2_fast: Fix harmless off-by-one error (invalidates existing tokens!) Problem: This was causing the key to become "<token>--cur" instead of the expected "<token>-cur". As the same key was used by the code to both set and get, it still worked. Rationale for change: Although it worked, it's unintended, inconsistent and messy. It increases the chances of future bugs due to the unexpected format. Side-effects of change: Existing '--cur' entries will not be checked after this change, and therefore existing FAST clients will fail to authenticate until they attempt password auth and obtain a new FAST token. Existing '--cur' entries in storage will not be cleaned up by this commit, but this is considered a minor issue, and okay for the relatively few FAST deployments.
author Matthew Wild <mwild1@gmail.com>
date Wed, 29 Mar 2023 16:12:15 +0100
parent 4933:08dea42a302a
child 5735:b357ff3d0c8a
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4932
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
1 module:depends("audit");
4933
08dea42a302a mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents: 4932
diff changeset
2 -- luacheck: read globals module.audit
4932
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
3
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
4 module:hook("authentication-failure", function(event)
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
5 local session = event.session;
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
6 module:audit(session.sasl_handler.username, "authentication-failure", {
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
7 session = session,
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
8 });
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
9 end)
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
10
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
11 module:hook("authentication-success", function(event)
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
12 local session = event.session;
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
13 module:audit(session.sasl_handler.username, "authentication-success", {
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
14 session = session,
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
15 });
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
16 end)