prosody-modules
ac1f63cdb6d6
mod_auth_token/token_auth_utils.lib.lua
Software / code / prosody-modules
Comparison
mod_auth_token/token_auth_utils.lib.lua @ 3472:ac1f63cdb6d6
mod_auth_token: Check realm against module.host
| author | JC Brand <jc@opkode.com> |
|---|---|
| date | Thu, 28 Feb 2019 12:31:54 +0100 |
| parent | 2956:d0ca211e1b0e |
| child | 3568:6b3181fe5617 |
comparison
equal
deleted
inserted
replaced
| 3471:b4bcb84997e7 | 3472:ac1f63cdb6d6 |
|---|---|
| 34 end | 34 end |
| 35 end | 35 end |
| 36 | 36 |
| 37 | 37 |
| 38 function verify_token(username, password, realm, otp_seed, token_secret, log) | 38 function verify_token(username, password, realm, otp_seed, token_secret, log) |
| 39 if (realm ~= module.host) then | |
| 40 log("debug", "Verification failed: realm ~= module.host"); | |
| 41 return false; | |
| 42 end | |
| 43 | |
| 39 local totp = otp.new_totp_from_key(otp_seed, OTP_DIGITS, OTP_INTERVAL) | 44 local totp = otp.new_totp_from_key(otp_seed, OTP_DIGITS, OTP_INTERVAL) |
| 40 local token = string.match(password, "(%d+) ") | 45 local token = string.match(password, "(%d+) ") |
| 41 local otp = token:sub(1,8) | 46 local otp = token:sub(1,8) |
| 42 local nonce = token:sub(9) | 47 local nonce = token:sub(9) |
| 43 local signature = base64.decode(string.match(password, " (.+)")) | 48 local signature = base64.decode(string.match(password, " (.+)")) |
| 44 local jid = username.."@"..realm | 49 local jid = username.."@"..realm |
| 45 | 50 |
| 46 if totp:verify(otp, OTP_DEVIATION, luatz.gmtime(luatz.time())) then | 51 if totp:verify(otp, OTP_DEVIATION, luatz.gmtime(luatz.time())) then |
| 47 -- log("debug", "**** THE OTP WAS VERIFIED ****** "); | 52 log("debug", "The TOTP was verified"); |
| 48 local hmac_ctx = hmac.new(token_secret, DIGEST_TYPE) | 53 local hmac_ctx = hmac.new(token_secret, DIGEST_TYPE) |
| 49 if signature == hmac_ctx:final(otp..nonce..jid) then | 54 if signature == hmac_ctx:final(otp..nonce..jid) then |
| 50 -- log("debug", "**** THE KEY WAS VERIFIED ****** "); | 55 log("debug", "The key was verified"); |
| 51 if check_nonce(jid, otp, nonce) then | 56 if check_nonce(jid, otp, nonce) then |
| 52 -- log("debug", "**** THE NONCE WAS VERIFIED ****** "); | 57 log("debug", "The nonce was verified"); |
| 53 return true; | 58 return true; |
| 54 end | 59 end |
| 55 end | 60 end |
| 56 end | 61 end |
| 57 -- log("debug", "**** VERIFICATION FAILED ****** "); | 62 log("debug", "Verification failed"); |
| 58 return false; | 63 return false; |
| 59 end | 64 end |
| 60 | 65 |
| 61 return { | 66 return { |
| 62 OTP_DEVIATION = OTP_DIGITS, | 67 OTP_DEVIATION = OTP_DIGITS, |
