prosody-modules
c6afc572e316
mod_auth_token/mod_sasl_token.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_auth_token/mod_sasl_token.lua @ 6250:c6afc572e316

mod_warn_legacy_tls: update Compability diff --git a/mod_warn_legacy_tls/README.md b/mod_warn_legacy_tls/README.md --- a/mod_warn_legacy_tls/README.md +++ b/mod_warn_legacy_tls/README.md @@ -43,5 +43,6 @@ legacy_tls_versions = { "TLSv1", "TLSv1. Prosody-Version Status --------------- --------------------- -trunk Works as of 24-12-16 +trunk Works as of 25-05-25 +0.13 Works 0.12 Works
author Menel <menel@snikket.de>
date Mon, 12 May 2025 11:00:48 +0200
parent 2956:d0ca211e1b0e
line wrap: on
line source

-- Copyright (C) 2018 Minddistrict
--
-- This file is MIT/X11 licensed.
--

local s_match = string.match;
local registerMechanism = require "util.sasl".registerMechanism;
local saslprep = require "util.encodings".stringprep.saslprep;
local nodeprep = require "util.encodings".stringprep.nodeprep;
local log = require "util.logger".init("sasl");
local _ENV = nil;


local function token_auth(self, message)
	if not message then
		return "failure", "malformed-request";
	end

	local authorization, authentication, password = s_match(message, "^([^%z]*)%z([^%z]+)%z([^%z]+)");

	if not authorization then
		return "failure", "malformed-request";
	end

	-- SASLprep password and authentication
	authentication = saslprep(authentication);
	password = saslprep(password);

	if (not password) or (password == "") or (not authentication) or (authentication == "") then
		log("debug", "Username or password violates SASLprep.");
		return "failure", "malformed-request", "Invalid username or password.";
	end

	local _nodeprep = self.profile.nodeprep;
	if _nodeprep ~= false then
		authentication = (_nodeprep or nodeprep)(authentication);
		if not authentication or authentication == "" then
			return "failure", "malformed-request", "Invalid username or password."
		end
	end

	local correct, state = false, false;
    correct, state = self.profile.token(self, authentication, password, self.realm);

	self.username = authentication
	if state == false then
		return "failure", "account-disabled";
	elseif state == nil or not correct then
		return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent.";
	end
	return "success";
end

registerMechanism("X-TOKEN", {"token"}, token_auth);