Comparison

mod_http_oauth2/mod_http_oauth2.lua @ 5266:5943605201ca

mod_http_oauth2: Remove now unused code Was apparently only used in revocation which now uses get_request_credentials() directly
author Kim Alvefur <zash@zash.se>
date Tue, 21 Mar 2023 22:23:28 +0100
parent 5265:f845c218e52c
child 5267:60e0bc35de33
comparison
equal deleted inserted replaced
5265:f845c218e52c 5266:5943605201ca
399 end 399 end
400 400
401 return nil; 401 return nil;
402 end 402 end
403 403
404 local function check_credentials(request, allow_token)
405 local credentials = get_request_credentials(request);
406 if not credentials then return nil; end
407
408 if credentials.username and credentials.password then
409 local username = encodings.stringprep.nodeprep(credentials.username);
410 local password = encodings.stringprep.saslprep(credentials.password);
411 if not (username and password) then return false; end
412 if not usermanager.test_password(username, module.host, password) then
413 return false;
414 end
415 return username;
416 elseif allow_token and credentials.bearer_token then
417 local token_info = tokens.get_token_info(credentials.bearer_token);
418 if not token_info or not token_info.session or token_info.session.host ~= module.host then
419 return false;
420 end
421 return token_info.session.username;
422 end
423 return nil;
424 end
425
426 if module:get_host_type() == "component" then 404 if module:get_host_type() == "component" then
427 local component_secret = assert(module:get_option_string("component_secret"), "'component_secret' is a required setting when loaded on a Component"); 405 local component_secret = assert(module:get_option_string("component_secret"), "'component_secret' is a required setting when loaded on a Component");
428 406
429 function grant_type_handlers.password(params) 407 function grant_type_handlers.password(params)
430 local request_jid = assert(params.username, oauth_error("invalid_request", "missing 'username' (JID)")); 408 local request_jid = assert(params.username, oauth_error("invalid_request", "missing 'username' (JID)"));