Software /
code /
prosody-modules
Diff
mod_auth_internal_yubikey/mod_auth_internal_yubikey.lua @ 816:960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
author | Waqas Hussain <waqas20@gmail.com> |
---|---|
date | Thu, 13 Sep 2012 00:17:42 +0500 |
parent | 814:881ec9919144 |
child | 902:490cb9161c81 |
line wrap: on
line diff
--- a/mod_auth_internal_yubikey/mod_auth_internal_yubikey.lua Wed Sep 12 19:15:45 2012 +0000 +++ b/mod_auth_internal_yubikey/mod_auth_internal_yubikey.lua Thu Sep 13 00:17:42 2012 +0500 @@ -45,83 +45,80 @@ local global_yubikey_key = module:get_option_string("yubikey_key"); -function new_default_provider(host) - local provider = {}; - log("debug", "initializing default authentication provider for host '%s'", host); +local host = module.host; +local provider = {}; +log("debug", "initializing default authentication provider for host '%s'", host); + +function provider.test_password(username, password) + log("debug", "test password '%s' for user %s at host %s", password, username, module.host); - function provider.test_password(username, password) - log("debug", "test password '%s' for user %s at host %s", password, username, module.host); - - local account_info = datamanager.load(username, host, "accounts") or {}; - local yubikey_key = account_info.yubikey_key or global_yubikey_key; - if account_info.yubikey_key then - log("debug", "Authenticating Yubikey OTP for %s", username); - local authed, err = yubikey:authenticate(password, account_info.yubikey_key, account_info.yubikey_state or {}, { account = account_info, username = username, host = host }); - if not authed then - log("debug", "Failed to authenticate %s via OTP: %s", username, err); - return authed, err; - end - return authed; - elseif account_info.password and password == account_info.password then - -- No yubikey configured for this user, treat as normal password - log("debug", "No yubikey configured for %s, successful login using password auth", username); - return true; - else - return nil, "Auth failed. Invalid username or password."; - end - end - - function provider.get_password(username) - log("debug", "get_password for username '%s' at host '%s'", username, module.host); - return (datamanager.load(username, host, "accounts") or {}).password; - end - - function provider.set_password(username, password) - local account = datamanager.load(username, host, "accounts"); - if account then - account.password = password; - return datamanager.store(username, host, "accounts", account); + local account_info = datamanager.load(username, host, "accounts") or {}; + local yubikey_key = account_info.yubikey_key or global_yubikey_key; + if account_info.yubikey_key then + log("debug", "Authenticating Yubikey OTP for %s", username); + local authed, err = yubikey:authenticate(password, account_info.yubikey_key, account_info.yubikey_state or {}, { account = account_info, username = username, host = host }); + if not authed then + log("debug", "Failed to authenticate %s via OTP: %s", username, err); + return authed, err; end - return nil, "Account not available."; - end - - function provider.user_exists(username) - local account = datamanager.load(username, host, "accounts"); - if not account then - log("debug", "account not found for username '%s' at host '%s'", username, module.host); - return nil, "Auth failed. Invalid username"; - end + return authed; + elseif account_info.password and password == account_info.password then + -- No yubikey configured for this user, treat as normal password + log("debug", "No yubikey configured for %s, successful login using password auth", username); return true; - end - - function provider.create_user(username, password) - return datamanager.store(username, host, "accounts", {password = password}); - end - - function provider.delete_user(username) - return datamanager.store(username, host, "accounts", nil); + else + return nil, "Auth failed. Invalid username or password."; end +end - function provider.get_sasl_handler() - local realm = module:get_option("sasl_realm") or module.host; - local getpass_authentication_profile = { - plain_test = function(sasl, username, password, realm) - local prepped_username = nodeprep(username); - if not prepped_username then - log("debug", "NODEprep failed on username: %s", username); - return false, nil; - end - - return usermanager.test_password(username, realm, password), true; - end - }; - return new_sasl(realm, getpass_authentication_profile); - end - - return provider; +function provider.get_password(username) + log("debug", "get_password for username '%s' at host '%s'", username, module.host); + return (datamanager.load(username, host, "accounts") or {}).password; end -module:provides("auth", new_default_provider(module.host)); +function provider.set_password(username, password) + local account = datamanager.load(username, host, "accounts"); + if account then + account.password = password; + return datamanager.store(username, host, "accounts", account); + end + return nil, "Account not available."; +end + +function provider.user_exists(username) + local account = datamanager.load(username, host, "accounts"); + if not account then + log("debug", "account not found for username '%s' at host '%s'", username, module.host); + return nil, "Auth failed. Invalid username"; + end + return true; +end + +function provider.create_user(username, password) + return datamanager.store(username, host, "accounts", {password = password}); +end + +function provider.delete_user(username) + return datamanager.store(username, host, "accounts", nil); +end + +function provider.get_sasl_handler() + local realm = module:get_option("sasl_realm") or module.host; + local getpass_authentication_profile = { + plain_test = function(sasl, username, password, realm) + local prepped_username = nodeprep(username); + if not prepped_username then + log("debug", "NODEprep failed on username: %s", username); + return false, nil; + end + + return usermanager.test_password(username, realm, password), true; + end + }; + return new_sasl(realm, getpass_authentication_profile); +end + +module:provides("auth", provider); function module.command(arg) local command = arg[1];