Software /
code /
prosody-modules
File
mod_http_auth_check/mod_http_auth_check.lua @ 4210:a0937b5cfdcb
mod_invites_page: Remove preauth URI button
This button is incompatible with the majority of XMPP clients around, yet based
on feedback from users, many are drawn to click it when they have any XMPP client
installed already.
In the case where the user already has software installed, we would prefer them to
select it from the software list so they can follow the setup process suited to
their specific client (we already track which software supports preauth URIs). If
their client is not listed, they can still use the manual registration link instead.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Fri, 16 Oct 2020 11:03:38 +0100 |
parent | 2886:5ca6d53d3186 |
line wrap: on
line source
-- HTTP Is User Valid -- By Nicolas Cedilnik <nicoco@nicoco.fr> local jid_prep = require "util.jid".prep; local jid_split = require "util.jid".split; local test_password = require "core.usermanager".test_password; local b64_decode = require "util.encodings".base64.decode; local saslprep = require "util.encodings".stringprep.saslprep; local realm = module:get_host() .. "/" .. module:get_name(); module:depends"http"; local function authenticate (event, path) local request = event.request; local response = event.response; local headers = request.headers; if not headers.authorization then response.headers.www_authenticate = ("Basic realm=%q"):format(realm); return 401 end local from_jid, password = b64_decode(headers.authorization:match"[^ ]*$"):match"([^:]*):(.*)"; from_jid = jid_prep(from_jid); password = saslprep(password); if from_jid and password then local user, host = jid_split(from_jid); local ok, err = test_password(user, host, password); if ok and user and host then return 200 elseif err then return 401 end end end module:provides("http", { route = { GET = authenticate }; });