Software /
code /
prosody-modules
Comparison
mod_adhoc_oauth2_client/mod_adhoc_oauth2_client.lua @ 4263:d3af5f94d6df
mod_http_oauth2: Improve storage of client secret
Note well: This is still a thing for developers, do not panic!
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 22 Nov 2020 01:32:09 +0100 |
parent | 4262:6d7fb22c0440 |
child | 4266:b43c6d614d22 |
comparison
equal
deleted
inserted
replaced
4262:6d7fb22c0440 | 4263:d3af5f94d6df |
---|---|
1 local adhoc = require "util.adhoc"; | 1 local adhoc = require "util.adhoc"; |
2 local dataforms = require "util.dataforms"; | 2 local dataforms = require "util.dataforms"; |
3 local errors = require "util.error"; | 3 local errors = require "util.error"; |
4 local hashes = require "util.hashes"; | |
4 local id = require "util.id"; | 5 local id = require "util.id"; |
5 local jid = require "util.jid"; | 6 local jid = require "util.jid"; |
7 local base64 = require"util.encodings".base64; | |
6 | 8 |
7 local clients = module:open_store("oauth2_clients", "map"); | 9 local clients = module:open_store("oauth2_clients", "map"); |
10 | |
11 local iteration_count = module:get_option_number("oauth2_client_iteration_count", 10000); | |
12 local pepper = module:get_option_string("oauth2_client_pepper", ""); | |
8 | 13 |
9 local new_client = dataforms.new({ | 14 local new_client = dataforms.new({ |
10 title = "Create OAuth2 client"; | 15 title = "Create OAuth2 client"; |
11 {var = "FORM_TYPE"; type = "hidden"; value = "urn:uuid:ff0d55ed-2187-4ee0-820a-ab633a911c14#create"}; | 16 {var = "FORM_TYPE"; type = "hidden"; value = "urn:uuid:ff0d55ed-2187-4ee0-820a-ab633a911c14#create"}; |
12 {name = "name"; type = "text-single"; label = "Client name"; required = true}; | 17 {name = "name"; type = "text-single"; label = "Client name"; required = true}; |
30 return {status = "error"; error = {message = table.concat(errmsg, "\n")}}; | 35 return {status = "error"; error = {message = table.concat(errmsg, "\n")}}; |
31 end | 36 end |
32 | 37 |
33 local creator = jid.split(data.from); | 38 local creator = jid.split(data.from); |
34 local client_id = id.short(); | 39 local client_id = id.short(); |
40 local client_secret = id.long(); | |
41 local salt = id.medium(); | |
42 local i = iteration_count; | |
35 | 43 |
36 client.client_id = jid.join(creator, module.host, client_id); | 44 client.secret_hash = base64.encode(hashes.pbkdf2_hmac_sha256(client_secret, salt .. pepper, i)); |
37 client.client_secret = id.long(); | 45 client.iteration_count = i; |
46 client.salt = salt; | |
38 | 47 |
39 local ok, err = errors.coerce(clients:set(creator, client_id, client)); | 48 local ok, err = errors.coerce(clients:set(creator, client_id, client)); |
40 module:log("info", "OAuth2 client %q created by %s", client_id, data.from); | 49 module:log("info", "OAuth2 client %q created by %s", client_id, data.from); |
41 if not ok then return {status = "error"; error = {message = err}}; end | 50 if not ok then return {status = "error"; error = {message = err}}; end |
42 | 51 |
43 return {status = "completed"; result = {layout = client_created; values = client}}; | 52 return {status = "completed"; result = {layout = client_created; values = {client_id = client.client_id; client_secret = client_secret}}}; |
44 end | 53 end |
45 | 54 |
46 local handler = adhoc.new_simple_form(new_client, create_client); | 55 local handler = adhoc.new_simple_form(new_client, create_client); |
47 | 56 |
48 module:provides("adhoc", module:require "adhoc".new(new_client.title, new_client[1].value, handler, "local_user")); | 57 module:provides("adhoc", module:require "adhoc".new(new_client.title, new_client[1].value, handler, "local_user")); |