Software /
code /
prosody-modules
Comparison
mod_auth_sql/mod_auth_sql.lua @ 455:52f2188ec47d
mod_default_vcard: Sets initial vCard from data enterd on registration
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 15 Oct 2011 13:43:37 +0200 |
parent | 399:4e0d36941ba1 |
child | 461:bbea8081c865 |
comparison
equal
deleted
inserted
replaced
454:3f101f7a26d0 | 455:52f2188ec47d |
---|---|
5 | 5 |
6 local log = require "util.logger".init("auth_sql"); | 6 local log = require "util.logger".init("auth_sql"); |
7 local new_sasl = require "util.sasl".new; | 7 local new_sasl = require "util.sasl".new; |
8 local nodeprep = require "util.encodings".stringprep.nodeprep; | 8 local nodeprep = require "util.encodings".stringprep.nodeprep; |
9 local DBI = require "DBI" | 9 local DBI = require "DBI" |
10 local crypt = require "crypt"; | |
10 | 11 |
11 local connection; | 12 local connection; |
12 local params = module:get_option("sql"); | 13 local params = module:get_option("sql"); |
14 local host = module.host; | |
15 local realm = module:get_option_string("realm", host); | |
16 local mitm_mode = module:get_option_boolean("mitm_mode"); | |
13 | 17 |
14 local resolve_relative_path = require "core.configmanager".resolve_relative_path; | 18 local resolve_relative_path = require "core.configmanager".resolve_relative_path; |
19 local datamanager = require "util.datamanager"; | |
15 | 20 |
16 local function test_connection() | 21 local function test_connection() |
17 if not connection then return nil; end | 22 if not connection then return nil; end |
18 if connection:ping() then | 23 if connection:ping() then |
19 return true; | 24 return true; |
70 | 75 |
71 return stmt; | 76 return stmt; |
72 end | 77 end |
73 | 78 |
74 local function get_password(username) | 79 local function get_password(username) |
75 local stmt, err = getsql("SELECT `password` FROM `authreg` WHERE `username`=? AND `realm`=?", username, module.host); | 80 local stmt, err = getsql("SELECT `password` FROM `users` WHERE `email`=?", username .. "@" .. realm); |
76 if stmt then | 81 if stmt then |
77 for row in stmt:rows(true) do | 82 for row in stmt:rows(true) do |
78 return row.password; | 83 return row.password; |
79 end | 84 end |
80 end | 85 end |
81 end | 86 end |
82 | 87 |
83 | |
84 provider = { name = "sql" }; | 88 provider = { name = "sql" }; |
85 | 89 |
86 function provider.test_password(username, password) | 90 function provider.test_password(username, password) |
87 return password and get_password(username) == password; | 91 local local_data = datamanager.load(username, realm, "accounts") or {}; |
92 if data.password == password then return true end | |
93 local dirty; | |
94 local hash = data.crypted_password; | |
95 if not hash then | |
96 hash = get_password(username); | |
97 if hash then | |
98 data.crypted_password = hash; | |
99 dirty = true; | |
100 else | |
101 return false | |
102 end | |
103 end | |
104 local ok = password and crypt(password, hash) == password; | |
105 if ok and mitm_mode then | |
106 local_data.password = password; | |
107 dirty = true | |
108 end | |
109 if dirty then | |
110 datamanager.store(username, realm, "accounts", local_data); | |
111 end | |
112 return ok | |
88 end | 113 end |
89 function provider.get_password(username) | 114 function provider.get_password(username) |
90 return get_password(username); | 115 return nil, "Getting password is not supported."; |
91 end | 116 end |
92 function provider.set_password(username, password) | 117 function provider.set_password(username, password) |
93 return nil, "Setting password is not supported."; | 118 return nil, "Setting password is not supported."; |
94 end | 119 end |
95 function provider.user_exists(username) | 120 function provider.user_exists(username) |
96 return get_password(username) and true; | 121 return datamanager.load(username, realm, "accounts") or get_password(username) and true; |
97 end | 122 end |
98 function provider.create_user(username, password) | 123 function provider.create_user(username, password) |
99 return nil, "Account creation/modification not supported."; | 124 return nil, "Account creation/modification not supported."; |
100 end | 125 end |
101 function provider.get_sasl_handler() | 126 function provider.get_sasl_handler() |
102 local profile = { | 127 local profile = { |
103 plain = function(sasl, username, realm) | 128 plain_test = function(sasl, username, password, realm) |
104 local prepped_username = nodeprep(username); | 129 local prepped_username = nodeprep(username); |
105 if not prepped_username then | 130 if not prepped_username then |
106 module:log("debug", "NODEprep failed on username: %s", username); | 131 module:log("debug", "NODEprep failed on username: %s", username); |
107 return "", nil; | 132 return nil; |
108 end | 133 end |
109 local password = get_password(prepped_username); | 134 return provider.test_password(prepped_username, password); |
110 if not password then return "", nil; end | |
111 return password, true; | |
112 end | 135 end |
113 }; | 136 }; |
114 return new_sasl(module.host, profile); | 137 return new_sasl(host, profile); |
115 end | 138 end |
116 | 139 |
117 module:add_item("auth-provider", provider); | 140 module:add_item("auth-provider", provider); |