Software /
code /
prosody-modules
Changeset
5771:dfbced5e54b9
mod_audit_auth: Ignore FAST authentication events by default
FAST is more like a cookie that allows linking new connections to a previous
(e.g. password) authentication. Since we assume that FAST tokens are secure
(not user generated) and not shareable, it reduces a lot of noise by filtering
out uninteresting authentication events.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Fri, 01 Dec 2023 11:34:52 +0000 |
parents | 5770:111e970213a0 |
children | 5772:238c4ac8b735 |
files | mod_audit_auth/mod_audit_auth.lua |
diffstat | 1 files changed, 5 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_audit_auth/mod_audit_auth.lua Thu Nov 30 18:05:42 2023 +0000 +++ b/mod_audit_auth/mod_audit_auth.lua Fri Dec 01 11:34:52 2023 +0000 @@ -3,6 +3,8 @@ module:depends("audit"); -- luacheck: read globals module.audit +local only_passwords = module:get_option_boolean("audit_auth_passwords_only", true); + module:hook("authentication-failure", function(event) local session = event.session; module:audit(jid.join(session.sasl_handler.username, module.host), "authentication-failure", { @@ -12,6 +14,9 @@ module:hook("authentication-success", function(event) local session = event.session; + if only_passwords and session.sasl_handler.fast then + return; + end module:audit(jid.join(session.sasl_handler.username, module.host), "authentication-success", { session = session, });