Diff

mod_auth_token/mod_auth_token.lua @ 2956:d0ca211e1b0e

New HMAC token authentication module for Prosody.
author JC Brand <jc@opkode.com>
date Tue, 27 Mar 2018 10:48:04 +0200
child 3693:0fb12a4b6106
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_auth_token/mod_auth_token.lua	Tue Mar 27 10:48:04 2018 +0200
@@ -0,0 +1,59 @@
+-- Copyright (C) 2018 Minddistrict
+--
+-- This file is MIT/X11 licensed.
+--
+
+local host = module.host;
+local log = module._log;
+local new_sasl = require "util.sasl".new;
+local verify_token = module:require "token_auth_utils".verify_token;
+
+local provider = {};
+
+
+function provider.test_password(username, password, realm)
+	log("debug", "Testing signed OTP for user %s at host %s", username, host);
+	return verify_token(
+		username,
+		password,
+		realm,
+		module:get_option_string("otp_seed"),
+		module:get_option_string("token_secret"),
+		log
+	);
+end
+
+function provider.users()
+	return function()
+		return nil;
+	end
+end
+
+function provider.set_password(username, password)
+	return nil, "Changing passwords not supported";
+end
+
+function provider.user_exists(username)
+	return true;
+end
+
+function provider.create_user(username, password)
+	return nil, "User creation not supported";
+end
+
+function provider.delete_user(username)
+	return nil , "User deletion not supported";
+end
+
+function provider.get_sasl_handler()
+	local supported_mechanisms = {};
+	supported_mechanisms["X-TOKEN"] = true;
+	return new_sasl(host, {
+		token = function(sasl, username, password, realm)
+			return provider.test_password(username, password, realm), true;
+		end,
+        mechanisms = supported_mechanisms
+	});
+end
+
+module:provides("auth", provider);