Changeset

5437:49306afbf722

mod_auth_oauth_external: Expect XEP-0106 escaped username in PLAIN This allows entering an email address as username in some clients by escaping the @ as \40, enabling authentication against Mastodon
author Kim Alvefur <zash@zash.se>
date Wed, 10 May 2023 12:55:13 +0200
parents 5436:e7d99bacd0e8
children 5438:53f34e17d590
files mod_auth_oauth_external/mod_auth_oauth_external.lua
diffstat 1 files changed, 1 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mod_auth_oauth_external/mod_auth_oauth_external.lua	Wed May 10 12:39:05 2023 +0200
+++ b/mod_auth_oauth_external/mod_auth_oauth_external.lua	Wed May 10 12:55:13 2023 +0200
@@ -37,6 +37,7 @@
 	if token_endpoint and allow_plain then
 		local map_username = function (username, _realm) return username; end; --jid.join; -- TODO configurable
 		function profile:plain_test(username, password, realm)
+			username = jid.unescape(username); -- COMPAT Mastodon
 			local tok, err = async.wait_for(self.profile.http_client:request(token_endpoint, {
 				headers = { ["Content-Type"] = "application/x-www-form-urlencoded; charset=utf-8"; ["Accept"] = "application/json" };
 				body = http.formencode({