prosody-modules
7e4238d2989c
mod_http_oauth2/mod_http_oauth2.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Comparison

mod_http_oauth2/mod_http_oauth2.lua @ 6289:7e4238d2989c

mod_http_oauth2: Fire authentication events in password grant Allows for e.g. audit logging and rate limiting modules to catch login attempts, successful or otherwise, that come through here.
author Kim Alvefur <zash@zash.se>
date Wed, 04 Jun 2025 17:32:19 +0200
parent 6288:b7eb7d256939
child 6291:7cf1fcac9b94
comparison
equal deleted inserted replaced
6288:b7eb7d256939 6289:7e4238d2989c
431 local request_password = params.password; 431 local request_password = params.password;
432 if not request_password then 432 if not request_password then
433 return oauth_error("invalid_request", "missing 'password'"); 433 return oauth_error("invalid_request", "missing 'password'");
434 end 434 end
435 435
436 local auth_event = {
437 session = {
438 type = "oauth2";
439 ip = "::";
440 username = request_username;
441 host = module.host;
442 log = module._log;
443 sasl_handler = { username = request_username; selected = "x-oauth2-password" };
444 client_id = client.client_name;
445 };
446 };
447
436 if not usermanager.test_password(request_username, module.host, request_password) then 448 if not usermanager.test_password(request_username, module.host, request_password) then
449 module:fire_event("authentication-failure", auth_event);
437 return oauth_error("invalid_grant", "incorrect credentials"); 450 return oauth_error("invalid_grant", "incorrect credentials");
438 end 451 end
452
453 module:fire_event("authentication-success", auth_event);
439 454
440 local granted_jid = jid.join(request_username, module.host); 455 local granted_jid = jid.join(request_username, module.host);
441 local granted_scopes, granted_role = filter_scopes(request_username, params.scope); 456 local granted_scopes, granted_role = filter_scopes(request_username, params.scope);
442 return json.encode(new_access_token(granted_jid, granted_role, granted_scopes, client)); 457 return json.encode(new_access_token(granted_jid, granted_role, granted_scopes, client));
443 end 458 end