prosody-modules
1fbc8718bed6
mod_http_auth_check/mod_http_auth_check.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_http_auth_check/mod_http_auth_check.lua @ 5512:1fbc8718bed6

mod_http_oauth2: Bind refresh tokens to client Prevent one OAuth client from using the refresh tokens issued to another client as required by RFC 6819 section 5.2.2.2 See also draft-ietf-oauth-security-topics-22 section 2.2.2 Thanks to OAuch for pointing out this issue
author Kim Alvefur <zash@zash.se>
date Fri, 02 Jun 2023 10:40:48 +0200
parent 2886:5ca6d53d3186
line wrap: on
line source

-- HTTP Is User Valid
-- By Nicolas Cedilnik <nicoco@nicoco.fr>

local jid_prep = require "util.jid".prep;
local jid_split = require "util.jid".split;
local test_password = require "core.usermanager".test_password;
local b64_decode = require "util.encodings".base64.decode;
local saslprep = require "util.encodings".stringprep.saslprep;
local realm = module:get_host() .. "/" .. module:get_name();
module:depends"http";

local function authenticate (event, path)
	local request = event.request;
	local response = event.response;
	local headers = request.headers;
	if not headers.authorization then
		response.headers.www_authenticate = ("Basic realm=%q"):format(realm);
		return 401
	end
	local from_jid, password = b64_decode(headers.authorization:match"[^ ]*$"):match"([^:]*):(.*)";
	from_jid = jid_prep(from_jid);
	password = saslprep(password);
	if from_jid and password then
		local user, host = jid_split(from_jid);
		local ok, err = test_password(user, host, password);
		if ok and user and host then
			return 200
		elseif err then
			return 401
		end
	end
end

module:provides("http", {
	route = {
		GET = authenticate
	};
});