prosody-modules
32d1abb89dfe
mod_rest/mod_rest.lua
Software / code / prosody-modules
Comparison
mod_rest/mod_rest.lua @ 5953:32d1abb89dfe
mod_rest: Reject password that fails saslprep earlier (thanks tgy)
Prevents an error later if/when passing the password through saslprep a
second time in the authentication module, since the prep functions now
reject nil
The error reporting could be improved but that would involve adding a
way to pass errors back out of the check_credentials() function.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 04 Jul 2024 16:06:32 +0200 |
| parent | 5701:0cffeff2cd1d |
| child | 5954:9bcc26406b47 |
comparison
equal
deleted
inserted
replaced
| 5952:2b80188448d1 | 5953:32d1abb89dfe |
|---|---|
| 44 local creds = base64.decode(auth_data); | 44 local creds = base64.decode(auth_data); |
| 45 if not creds then return false; end | 45 if not creds then return false; end |
| 46 local username, password = string.match(creds, "^([^:]+):(.*)$"); | 46 local username, password = string.match(creds, "^([^:]+):(.*)$"); |
| 47 if not username then return false; end | 47 if not username then return false; end |
| 48 username, password = encodings.stringprep.nodeprep(username), encodings.stringprep.saslprep(password); | 48 username, password = encodings.stringprep.nodeprep(username), encodings.stringprep.saslprep(password); |
| 49 if not username then return false; end | 49 if not username or not password then return false; end |
| 50 if not um.test_password(username, module.host, password) then | 50 if not um.test_password(username, module.host, password) then |
| 51 return false; | 51 return false; |
| 52 end | 52 end |
| 53 return { username = username, host = module.host }; | 53 return { username = username, host = module.host }; |
| 54 elseif auth_type == "Bearer" then | 54 elseif auth_type == "Bearer" then |
