Software / code / prosody
Annotate
plugins/mod_auth_internal_plain.lua @ 13506:1b81a7b7c9b8
mod_auth_internal_{hashed,plain}: Respect flag for disabled accounts in test_password()
This API method is used e.g. in HTTP modules which also should respect
disabled accounts.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 09 Aug 2024 20:23:46 +0200 |
| parent | 12977:74b9e05af71e |
| rev | line source |
|---|---|
| 3162 | 1 -- Prosody IM |
| 2 -- Copyright (C) 2008-2010 Matthew Wild | |
| 3 -- Copyright (C) 2008-2010 Waqas Hussain | |
| 4 -- | |
| 5 -- This project is MIT/X11 licensed. Please see the | |
| 6 -- COPYING file in the source package for more information. | |
| 7 -- | |
| 8 | |
|
12977
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12950
diff
changeset
|
9 local usermanager = require "prosody.core.usermanager"; |
|
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12950
diff
changeset
|
10 local new_sasl = require "prosody.util.sasl".new; |
|
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12950
diff
changeset
|
11 local saslprep = require "prosody.util.encodings".stringprep.saslprep; |
|
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12950
diff
changeset
|
12 local secure_equals = require "prosody.util.hashes".equals; |
| 3162 | 13 |
|
4762
943f9f860ab4
mod_auth_internal_plain: Remove unused imports
Matthew Wild <mwild1@gmail.com>
parents:
4603
diff
changeset
|
14 local log = module._log; |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
15 local host = module.host; |
| 3163 | 16 |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
17 local accounts = module:open_store("accounts"); |
|
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
18 |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
19 -- define auth provider |
|
5117
2c7e1ce8f482
mod_auth_*: Use module:provides().
Waqas Hussain <waqas20@gmail.com>
parents:
5115
diff
changeset
|
20 local provider = {}; |
| 3162 | 21 |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
22 function provider.test_password(username, password) |
|
5779
70bb0df1ffe7
mod_auth_internal_plain: Remove redundant hostname from log messages
Kim Alvefur <zash@zash.se>
parents:
5776
diff
changeset
|
23 log("debug", "test password for user '%s'", username); |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
24 local credentials = accounts:get(username) or {}; |
|
13506
1b81a7b7c9b8
mod_auth_internal_{hashed,plain}: Respect flag for disabled accounts in test_password()
Kim Alvefur <zash@zash.se>
parents:
12977
diff
changeset
|
25 if credentials.disabled then |
|
1b81a7b7c9b8
mod_auth_internal_{hashed,plain}: Respect flag for disabled accounts in test_password()
Kim Alvefur <zash@zash.se>
parents:
12977
diff
changeset
|
26 return nil, "Account disabled."; |
|
1b81a7b7c9b8
mod_auth_internal_{hashed,plain}: Respect flag for disabled accounts in test_password()
Kim Alvefur <zash@zash.se>
parents:
12977
diff
changeset
|
27 end |
|
10914
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8057
diff
changeset
|
28 password = saslprep(password); |
|
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8057
diff
changeset
|
29 if not password then |
|
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8057
diff
changeset
|
30 return nil, "Password fails SASLprep."; |
|
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8057
diff
changeset
|
31 end |
| 3162 | 32 |
|
11544
c98aebe601f9
mod_auth_internal_{plain,hashed}: Use constant-time string comparison for secrets
Matthew Wild <mwild1@gmail.com>
parents:
10914
diff
changeset
|
33 if secure_equals(password, saslprep(credentials.password)) then |
| 3162 | 34 return true; |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
35 else |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
36 return nil, "Auth failed. Invalid username or password."; |
| 3162 | 37 end |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
38 end |
| 3162 | 39 |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
40 function provider.get_password(username) |
|
5779
70bb0df1ffe7
mod_auth_internal_plain: Remove redundant hostname from log messages
Kim Alvefur <zash@zash.se>
parents:
5776
diff
changeset
|
41 log("debug", "get_password for username '%s'", username); |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
42 return (accounts:get(username) or {}).password; |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
43 end |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
44 |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
45 function provider.set_password(username, password) |
|
5780
bc3bf4ded7e4
mod_auth_internal_plain: Log a debug message when changing password to be consistent with the other methods
Kim Alvefur <zash@zash.se>
parents:
5779
diff
changeset
|
46 log("debug", "set_password for username '%s'", username); |
|
10914
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8057
diff
changeset
|
47 password = saslprep(password); |
|
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8057
diff
changeset
|
48 if not password then |
|
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8057
diff
changeset
|
49 return nil, "Password fails SASLprep."; |
|
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8057
diff
changeset
|
50 end |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
51 local account = accounts:get(username); |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
52 if account then |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
53 account.password = password; |
|
12646
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11544
diff
changeset
|
54 account.updated = os.time(); |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
55 return accounts:set(username, account); |
| 3162 | 56 end |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
57 return nil, "Account not available."; |
| 3162 | 58 end |
| 59 | |
|
12646
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11544
diff
changeset
|
60 function provider.get_account_info(username) |
|
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11544
diff
changeset
|
61 local account = accounts:get(username); |
|
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11544
diff
changeset
|
62 if not account then return nil, "Account not available"; end |
|
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11544
diff
changeset
|
63 return { |
|
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11544
diff
changeset
|
64 created = account.created; |
|
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11544
diff
changeset
|
65 password_updated = account.updated; |
|
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11544
diff
changeset
|
66 }; |
|
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11544
diff
changeset
|
67 end |
|
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11544
diff
changeset
|
68 |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
69 function provider.user_exists(username) |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
70 local account = accounts:get(username); |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
71 if not account then |
|
5779
70bb0df1ffe7
mod_auth_internal_plain: Remove redundant hostname from log messages
Kim Alvefur <zash@zash.se>
parents:
5776
diff
changeset
|
72 log("debug", "account not found for username '%s'", username); |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
73 return nil, "Auth failed. Invalid username"; |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
74 end |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
75 return true; |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
76 end |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
77 |
|
5156
6b08c922a2e4
mod_auth_internal_{plain,hashed}: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5117
diff
changeset
|
78 function provider.users() |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
79 return accounts:users(); |
|
5156
6b08c922a2e4
mod_auth_internal_{plain,hashed}: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5117
diff
changeset
|
80 end |
|
6b08c922a2e4
mod_auth_internal_{plain,hashed}: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5117
diff
changeset
|
81 |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
82 function provider.create_user(username, password) |
|
12950
2cb5994e3f94
mod_auth_internal_plain: Fix user creation done via mod_admin_shell
Vitaly Orekhov <vkvo2000@vivaldi.net>
parents:
12646
diff
changeset
|
83 local now = os.time(); |
|
2cb5994e3f94
mod_auth_internal_plain: Fix user creation done via mod_admin_shell
Vitaly Orekhov <vkvo2000@vivaldi.net>
parents:
12646
diff
changeset
|
84 if password == nil then |
|
2cb5994e3f94
mod_auth_internal_plain: Fix user creation done via mod_admin_shell
Vitaly Orekhov <vkvo2000@vivaldi.net>
parents:
12646
diff
changeset
|
85 return accounts:set(username, { created = now, updated = now, disabled = true }); |
|
2cb5994e3f94
mod_auth_internal_plain: Fix user creation done via mod_admin_shell
Vitaly Orekhov <vkvo2000@vivaldi.net>
parents:
12646
diff
changeset
|
86 end |
|
10914
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8057
diff
changeset
|
87 password = saslprep(password); |
|
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8057
diff
changeset
|
88 if not password then |
|
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8057
diff
changeset
|
89 return nil, "Password fails SASLprep."; |
|
0d7d71dee0a0
mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents:
8057
diff
changeset
|
90 end |
|
12646
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11544
diff
changeset
|
91 return accounts:set(username, { |
|
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11544
diff
changeset
|
92 password = password; |
|
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11544
diff
changeset
|
93 created = now, updated = now; |
|
3f38f4735c7a
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
Matthew Wild <mwild1@gmail.com>
parents:
11544
diff
changeset
|
94 }); |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
95 end |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
96 |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
97 function provider.delete_user(username) |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
98 return accounts:set(username, nil); |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
99 end |
| 3162 | 100 |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
101 function provider.get_sasl_handler() |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
102 local getpass_authentication_profile = { |
|
8057
4a9275594981
mod_auth_internal_plain: Rename unused self argument [luacheck]
Kim Alvefur <zash@zash.se>
parents:
5781
diff
changeset
|
103 plain = function(_, username, realm) |
|
5302
52fe5df91c65
mod_auth_internal_plain, mod_auth_internal_hashed: No need to nodeprep here.
Waqas Hussain <waqas20@gmail.com>
parents:
5156
diff
changeset
|
104 local password = usermanager.get_password(username, realm); |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
105 if not password then |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
106 return "", nil; |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
107 end |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
108 return password, true; |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
109 end |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
110 }; |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
111 return new_sasl(host, getpass_authentication_profile); |
|
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
112 end |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5509
diff
changeset
|
113 |
|
5117
2c7e1ce8f482
mod_auth_*: Use module:provides().
Waqas Hussain <waqas20@gmail.com>
parents:
5115
diff
changeset
|
114 module:provides("auth", provider); |
|
5115
3939960b3c07
mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4762
diff
changeset
|
115 |
