Diff

mod_http_oauth2/mod_http_oauth2.lua @ 5266:5943605201ca

mod_http_oauth2: Remove now unused code Was apparently only used in revocation which now uses get_request_credentials() directly
author Kim Alvefur <zash@zash.se>
date Tue, 21 Mar 2023 22:23:28 +0100
parent 5265:f845c218e52c
child 5267:60e0bc35de33
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Tue Mar 21 22:02:38 2023 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Tue Mar 21 22:23:28 2023 +0100
@@ -401,28 +401,6 @@
 	return nil;
 end
 
-local function check_credentials(request, allow_token)
-	local credentials = get_request_credentials(request);
-	if not credentials then return nil; end
-
-	if credentials.username and credentials.password then
-		local username = encodings.stringprep.nodeprep(credentials.username);
-		local password = encodings.stringprep.saslprep(credentials.password);
-		if not (username and password) then return false; end
-		if not usermanager.test_password(username, module.host, password) then
-			return false;
-		end
-		return username;
-	elseif allow_token and credentials.bearer_token then
-		local token_info = tokens.get_token_info(credentials.bearer_token);
-		if not token_info or not token_info.session or token_info.session.host ~= module.host then
-			return false;
-		end
-		return token_info.session.username;
-	end
-	return nil;
-end
-
 if module:get_host_type() == "component" then
 	local component_secret = assert(module:get_option_string("component_secret"), "'component_secret' is a required setting when loaded on a Component");