Comparison

mod_auth_token/mod_sasl_token.lua @ 2956:d0ca211e1b0e

New HMAC token authentication module for Prosody.
author JC Brand <jc@opkode.com>
date Tue, 27 Mar 2018 10:48:04 +0200
comparison
equal deleted inserted replaced
2938:f000ba14d531 2956:d0ca211e1b0e
1 -- Copyright (C) 2018 Minddistrict
2 --
3 -- This file is MIT/X11 licensed.
4 --
5
6 local s_match = string.match;
7 local registerMechanism = require "util.sasl".registerMechanism;
8 local saslprep = require "util.encodings".stringprep.saslprep;
9 local nodeprep = require "util.encodings".stringprep.nodeprep;
10 local log = require "util.logger".init("sasl");
11 local _ENV = nil;
12
13
14 local function token_auth(self, message)
15 if not message then
16 return "failure", "malformed-request";
17 end
18
19 local authorization, authentication, password = s_match(message, "^([^%z]*)%z([^%z]+)%z([^%z]+)");
20
21 if not authorization then
22 return "failure", "malformed-request";
23 end
24
25 -- SASLprep password and authentication
26 authentication = saslprep(authentication);
27 password = saslprep(password);
28
29 if (not password) or (password == "") or (not authentication) or (authentication == "") then
30 log("debug", "Username or password violates SASLprep.");
31 return "failure", "malformed-request", "Invalid username or password.";
32 end
33
34 local _nodeprep = self.profile.nodeprep;
35 if _nodeprep ~= false then
36 authentication = (_nodeprep or nodeprep)(authentication);
37 if not authentication or authentication == "" then
38 return "failure", "malformed-request", "Invalid username or password."
39 end
40 end
41
42 local correct, state = false, false;
43 correct, state = self.profile.token(self, authentication, password, self.realm);
44
45 self.username = authentication
46 if state == false then
47 return "failure", "account-disabled";
48 elseif state == nil or not correct then
49 return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent.";
50 end
51 return "success";
52 end
53
54 registerMechanism("X-TOKEN", {"token"}, token_auth);