Software / code / prosody-modules
Changeset
6289:7e4238d2989c
mod_http_oauth2: Fire authentication events in password grant
Allows for e.g. audit logging and rate limiting modules to catch login
attempts, successful or otherwise, that come through here.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 04 Jun 2025 17:32:19 +0200 |
| parents | 6288:b7eb7d256939 |
| children | 6290:5955ec5c173e |
| files | mod_http_oauth2/mod_http_oauth2.lua |
| diffstat | 1 files changed, 15 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Tue Jun 03 17:20:52 2025 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Wed Jun 04 17:32:19 2025 +0200 @@ -433,10 +433,25 @@ return oauth_error("invalid_request", "missing 'password'"); end + local auth_event = { + session = { + type = "oauth2"; + ip = "::"; + username = request_username; + host = module.host; + log = module._log; + sasl_handler = { username = request_username; selected = "x-oauth2-password" }; + client_id = client.client_name; + }; + }; + if not usermanager.test_password(request_username, module.host, request_password) then + module:fire_event("authentication-failure", auth_event); return oauth_error("invalid_grant", "incorrect credentials"); end + module:fire_event("authentication-success", auth_event); + local granted_jid = jid.join(request_username, module.host); local granted_scopes, granted_role = filter_scopes(request_username, params.scope); return json.encode(new_access_token(granted_jid, granted_role, granted_scopes, client));
