Software /
code /
prosody-modules
Comparison
mod_auth_token/token_auth_utils.lib.lua @ 3472:ac1f63cdb6d6
mod_auth_token: Check realm against module.host
author | JC Brand <jc@opkode.com> |
---|---|
date | Thu, 28 Feb 2019 12:31:54 +0100 |
parent | 2956:d0ca211e1b0e |
child | 3568:6b3181fe5617 |
comparison
equal
deleted
inserted
replaced
3471:b4bcb84997e7 | 3472:ac1f63cdb6d6 |
---|---|
34 end | 34 end |
35 end | 35 end |
36 | 36 |
37 | 37 |
38 function verify_token(username, password, realm, otp_seed, token_secret, log) | 38 function verify_token(username, password, realm, otp_seed, token_secret, log) |
39 if (realm ~= module.host) then | |
40 log("debug", "Verification failed: realm ~= module.host"); | |
41 return false; | |
42 end | |
43 | |
39 local totp = otp.new_totp_from_key(otp_seed, OTP_DIGITS, OTP_INTERVAL) | 44 local totp = otp.new_totp_from_key(otp_seed, OTP_DIGITS, OTP_INTERVAL) |
40 local token = string.match(password, "(%d+) ") | 45 local token = string.match(password, "(%d+) ") |
41 local otp = token:sub(1,8) | 46 local otp = token:sub(1,8) |
42 local nonce = token:sub(9) | 47 local nonce = token:sub(9) |
43 local signature = base64.decode(string.match(password, " (.+)")) | 48 local signature = base64.decode(string.match(password, " (.+)")) |
44 local jid = username.."@"..realm | 49 local jid = username.."@"..realm |
45 | 50 |
46 if totp:verify(otp, OTP_DEVIATION, luatz.gmtime(luatz.time())) then | 51 if totp:verify(otp, OTP_DEVIATION, luatz.gmtime(luatz.time())) then |
47 -- log("debug", "**** THE OTP WAS VERIFIED ****** "); | 52 log("debug", "The TOTP was verified"); |
48 local hmac_ctx = hmac.new(token_secret, DIGEST_TYPE) | 53 local hmac_ctx = hmac.new(token_secret, DIGEST_TYPE) |
49 if signature == hmac_ctx:final(otp..nonce..jid) then | 54 if signature == hmac_ctx:final(otp..nonce..jid) then |
50 -- log("debug", "**** THE KEY WAS VERIFIED ****** "); | 55 log("debug", "The key was verified"); |
51 if check_nonce(jid, otp, nonce) then | 56 if check_nonce(jid, otp, nonce) then |
52 -- log("debug", "**** THE NONCE WAS VERIFIED ****** "); | 57 log("debug", "The nonce was verified"); |
53 return true; | 58 return true; |
54 end | 59 end |
55 end | 60 end |
56 end | 61 end |
57 -- log("debug", "**** VERIFICATION FAILED ****** "); | 62 log("debug", "Verification failed"); |
58 return false; | 63 return false; |
59 end | 64 end |
60 | 65 |
61 return { | 66 return { |
62 OTP_DEVIATION = OTP_DIGITS, | 67 OTP_DEVIATION = OTP_DIGITS, |