prosody-modules
4c0e3fe57e92
mod_auth_token/token_auth_utils.lib.lua
Software / code / prosody-modules
File
mod_auth_token/token_auth_utils.lib.lua @ 6112:4c0e3fe57e92
mod_compliance_latest: Gracefull error logging on missing dependency.
diff --git a/mod_compliance_latest/README.md b/mod_compliance_latest/README.md
--- a/mod_compliance_latest/README.md
+++ b/mod_compliance_latest/README.md
@@ -9,13 +9,15 @@ rockspec:
# Introduction
-This module will always require and load to the lastest compliance tester we have in the community modules.
-Currently this is [mod_compliance_2023].
+This meta-module will always `require` (and therefore auto-load) the lastest compliance tester we have in the community modules.
+Currently this is [mod_compliance_2023]. See the linked module for further details.
+
+If you do not use the *Prosody plugin installer* this module will likely have limited value to you.
+You can also just install the current compliance tester manually.
# Configuration
-Just load this module as any other module and it will automatically install [mod_compliance_2023] if you use the Prosody plugin installer.
-See the linked module for further details.
+Just load this module as any other module and it will automatically install and load [mod_compliance_2023] if you use the *Prosody plugin installer*.
# Compatibility
diff --git a/mod_compliance_latest/mod_compliance_latest.lua b/mod_compliance_latest/mod_compliance_latest.lua
--- a/mod_compliance_latest/mod_compliance_latest.lua
+++ b/mod_compliance_latest/mod_compliance_latest.lua
@@ -1,1 +1,6 @@
-module:depends("compliance_2023");
+local success, err = pcall(function() module:depends("compliance_2023") end)
+
+if not success then
+ module:log("error", "Error, can't load module: mod_compliance_2023. Is this module downloaded in a folder readable by prosody?")
+ return 1, "Error: Couldn't load dependency mod_compliance_2023."
+end
| author | Menel <menel@snikket.de> |
|---|---|
| date | Mon, 23 Dec 2024 12:58:03 +0100 |
| parent | 3693:0fb12a4b6106 |
line wrap: on
line source
local base64 = require "util.encodings".base64; local hmac = require "openssl.hmac"; local luatz = require "luatz"; local otp = require "otp"; local DIGEST_TYPE = "SHA256"; local OTP_DEVIATION = 1; local OTP_DIGITS = 8; local OTP_INTERVAL = 30; local nonce_cache = {}; local function check_nonce(jid, otp_value, nonce) -- We cache all nonces used per OTP, to ensure that a token cannot be used -- more than once. -- -- We assume that the OTP is valid in the current time window. This is the -- case because we only call check_nonce *after* the OTP has been verified. -- -- We only store one OTP per JID, so if a new OTP comes in, we wipe the -- previous OTP and its cached nonces. if nonce_cache[jid] == nil or nonce_cache[jid][otp_value] == nil then nonce_cache[jid] = {} nonce_cache[jid][otp_value] = {} nonce_cache[jid][otp_value][nonce] = true return true; end if nonce_cache[jid][otp_value][nonce] == true then return false; else nonce_cache[jid][otp_value][nonce] = true; return true; end end local function verify_token(username, password, otp_seed, token_secret, log) local totp = otp.new_totp_from_key(otp_seed, OTP_DIGITS, OTP_INTERVAL) local token = string.match(password, "(%d+) ") local otp_value = token:sub(1,8) local nonce = token:sub(9) local signature = base64.decode(string.match(password, " (.+)")) local jid = username.."@"..module.host if totp:verify(otp_value, OTP_DEVIATION, luatz.time()) then log("debug", "The TOTP was verified"); local hmac_ctx = hmac.new(token_secret, DIGEST_TYPE) if signature == hmac_ctx:final(otp_value..nonce..jid) then log("debug", "The key was verified"); if check_nonce(jid, otp_value, nonce) then log("debug", "The nonce was verified"); return true; end end end log("debug", "Verification failed"); return false; end return { OTP_DEVIATION = OTP_DIGITS, OTP_DIGITS = OTP_DIGITS, OTP_INTERVAL = OTP_INTERVAL, DIGEST_TYPE = DIGEST_TYPE, verify_token = verify_token; }
