Software /
code /
prosody-modules
Annotate
mod_password_policy/mod_password_policy.lua @ 4558:8e58a1b78336
mod_auth_external_insecure: Wrap warning in scary div
To make it harder to miss
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 16 May 2021 18:39:22 +0200 |
parent | 3351:662f2722f745 |
child | 4828:56eba4bca28f |
rev | line source |
---|---|
841
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
1 -- Password policy enforcement for Prosody |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
2 -- |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
3 -- Copyright (C) 2012 Waqas Hussain |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
4 -- |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
5 -- |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
6 -- Configuration: |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
7 -- password_policy = { |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
8 -- length = 8; |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
9 -- } |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
10 |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
11 |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
12 local options = module:get_option("password_policy"); |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
13 |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
14 options = options or {}; |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
15 options.length = options.length or 8; |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
16 |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
17 local st = require "util.stanza"; |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
18 |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
19 function check_password(password) |
3350
cb26d04b391c
mod_password_policy: Return error as second result explaining failure reason
Matthew Wild <mwild1@gmail.com>
parents:
845
diff
changeset
|
20 if #password < options.length then |
cb26d04b391c
mod_password_policy: Return error as second result explaining failure reason
Matthew Wild <mwild1@gmail.com>
parents:
845
diff
changeset
|
21 return nil, ("Password is too short (minimum %d characters)"):format(options.length); |
cb26d04b391c
mod_password_policy: Return error as second result explaining failure reason
Matthew Wild <mwild1@gmail.com>
parents:
845
diff
changeset
|
22 end |
cb26d04b391c
mod_password_policy: Return error as second result explaining failure reason
Matthew Wild <mwild1@gmail.com>
parents:
845
diff
changeset
|
23 return true; |
841
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
24 end |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
25 |
3351
662f2722f745
mod_password_policy: Export function to get policy in use by the module
Matthew Wild <mwild1@gmail.com>
parents:
3350
diff
changeset
|
26 function get_policy() |
662f2722f745
mod_password_policy: Export function to get policy in use by the module
Matthew Wild <mwild1@gmail.com>
parents:
3350
diff
changeset
|
27 return options; |
662f2722f745
mod_password_policy: Export function to get policy in use by the module
Matthew Wild <mwild1@gmail.com>
parents:
3350
diff
changeset
|
28 end |
662f2722f745
mod_password_policy: Export function to get policy in use by the module
Matthew Wild <mwild1@gmail.com>
parents:
3350
diff
changeset
|
29 |
841
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
30 function handler(event) |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
31 local origin, stanza = event.origin, event.stanza; |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
32 |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
33 if stanza.attr.type == "set" then |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
34 local query = stanza.tags[1]; |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
35 |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
36 local passwords = {}; |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
37 |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
38 local dataform = query:get_child("x", "jabber:x:data"); |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
39 if dataform then |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
40 for _,tag in ipairs(dataform.tags) do |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
41 if tag.attr.var == "password" then |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
42 table.insert(passwords, tag:get_child_text("value")); |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
43 end |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
44 end |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
45 end |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
46 |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
47 table.insert(passwords, query:get_child_text("password")); |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
48 |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
49 for _,password in ipairs(passwords) do |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
50 if password and not check_password(password) then |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
51 origin.send(st.error_reply(stanza, "cancel", "not-acceptable", "Please use a longer password.")); |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
52 return true; |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
53 end |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
54 end |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
55 end |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
56 end |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
57 |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
58 module:hook("iq/self/jabber:iq:register:query", handler, 10); |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
59 module:hook("iq/host/jabber:iq:register:query", handler, 10); |
0649883de4d3
mod_password_policy: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
60 module:hook("stanza/iq/jabber:iq:register:query", handler, 10); |