Software /
code /
prosody-modules
File
mod_auth_token/mod_sasl_token.lua @ 5931:d194d1012fd3
Updating dox for mod_rest. Ideas expressed / clarified:
1) Making clear that mod_rest isn't to be installed under VirtualHosts AND as a component.
2) Understanding some of the implications of this choice:
A) Changes to user authentication
B) How it affects subdomains
3) More consistent use of domain names for clarity.
4) Using different heading sizes to show scope of section.
Essentially, I added all the tidbits I had to clarify in getting this to work in my
own example.
author | Ben Smith <bens@effortlessis.com> |
---|---|
date | Mon, 13 May 2024 13:25:13 -0700 |
parent | 2956:d0ca211e1b0e |
line wrap: on
line source
-- Copyright (C) 2018 Minddistrict -- -- This file is MIT/X11 licensed. -- local s_match = string.match; local registerMechanism = require "util.sasl".registerMechanism; local saslprep = require "util.encodings".stringprep.saslprep; local nodeprep = require "util.encodings".stringprep.nodeprep; local log = require "util.logger".init("sasl"); local _ENV = nil; local function token_auth(self, message) if not message then return "failure", "malformed-request"; end local authorization, authentication, password = s_match(message, "^([^%z]*)%z([^%z]+)%z([^%z]+)"); if not authorization then return "failure", "malformed-request"; end -- SASLprep password and authentication authentication = saslprep(authentication); password = saslprep(password); if (not password) or (password == "") or (not authentication) or (authentication == "") then log("debug", "Username or password violates SASLprep."); return "failure", "malformed-request", "Invalid username or password."; end local _nodeprep = self.profile.nodeprep; if _nodeprep ~= false then authentication = (_nodeprep or nodeprep)(authentication); if not authentication or authentication == "" then return "failure", "malformed-request", "Invalid username or password." end end local correct, state = false, false; correct, state = self.profile.token(self, authentication, password, self.realm); self.username = authentication if state == false then return "failure", "account-disabled"; elseif state == nil or not correct then return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent."; end return "success"; end registerMechanism("X-TOKEN", {"token"}, token_auth);