Software / code / prosody
Annotate
plugins/mod_auth_internal_hashed.lua @ 10367:649acbfbf7fe
util.prosodyctl: Enforce strict JID validation on user creation
This is where 64ddcbc9a328 should have started. By preventing creation
of users with invalid JIDs, it will slowly become safer to enforce
strict validation on everything.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 01 Nov 2019 22:53:14 +0100 |
| parent | 10219:d58925bb74ca |
| child | 10563:e8db377a2983 |
| rev | line source |
|---|---|
|
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
1 -- Prosody IM |
|
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
|
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
|
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
4 -- Copyright (C) 2010 Jeff Mitchell |
|
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
5 -- |
|
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
6 -- This project is MIT/X11 licensed. Please see the |
|
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
7 -- COPYING file in the source package for more information. |
|
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
8 -- |
|
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
9 |
|
6019
e9147a16059d
mod_auth_interal_hashed: Update salt and iteration count when setting a new password
Florian Zeitz <florob@babelmonkeys.de>
parents:
5784
diff
changeset
|
10 local max = math.max; |
|
e9147a16059d
mod_auth_interal_hashed: Update salt and iteration count when setting a new password
Florian Zeitz <florob@babelmonkeys.de>
parents:
5784
diff
changeset
|
11 |
|
10218
e458578ddfd3
mod_auth_internal_hashed: Add support for optionally using SCRAM-SHA-256 instead of SHA-1
Kim Alvefur <zash@zash.se>
parents:
8192
diff
changeset
|
12 local scram_hashers = require "util.sasl.scram".hashers; |
|
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
13 local usermanager = require "core.usermanager"; |
|
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
14 local generate_uuid = require "util.uuid".generate; |
|
3186
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
15 local new_sasl = require "util.sasl".new; |
|
6707
06cdd4afaaf9
mod_auth_internal_hashed: Use util.hex
Kim Alvefur <zash@zash.se>
parents:
6019
diff
changeset
|
16 local hex = require"util.hex"; |
|
06cdd4afaaf9
mod_auth_internal_hashed: Use util.hex
Kim Alvefur <zash@zash.se>
parents:
6019
diff
changeset
|
17 local to_hex, from_hex = hex.to, hex.from; |
|
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
18 |
|
5783
3a81e3b0ea4f
mod_auth_internal_hashed: Use logger setup by moduleapi instead of going for util.logger directly
Kim Alvefur <zash@zash.se>
parents:
5782
diff
changeset
|
19 local log = module._log; |
|
5784
02217725454b
mod_auth_internal_hashed: Log calls to provider methods and be consistent with mod_auth_internal_plain
Kim Alvefur <zash@zash.se>
parents:
5783
diff
changeset
|
20 local host = module.host; |
|
5783
3a81e3b0ea4f
mod_auth_internal_hashed: Use logger setup by moduleapi instead of going for util.logger directly
Kim Alvefur <zash@zash.se>
parents:
5782
diff
changeset
|
21 |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
22 local accounts = module:open_store("accounts"); |
|
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
23 |
|
10218
e458578ddfd3
mod_auth_internal_hashed: Add support for optionally using SCRAM-SHA-256 instead of SHA-1
Kim Alvefur <zash@zash.se>
parents:
8192
diff
changeset
|
24 local hash_name = module:get_option_string("password_hash", "SHA-1"); |
|
e458578ddfd3
mod_auth_internal_hashed: Add support for optionally using SCRAM-SHA-256 instead of SHA-1
Kim Alvefur <zash@zash.se>
parents:
8192
diff
changeset
|
25 local get_auth_db = assert(scram_hashers[hash_name], "SCRAM-"..hash_name.." not supported by SASL library"); |
|
10219
d58925bb74ca
mod_auth_internal_hashed: Precompute SCRAM authentication profile name (thanks MattJ)
Kim Alvefur <zash@zash.se>
parents:
10218
diff
changeset
|
26 local scram_name = "scram_"..hash_name:gsub("%-","_"):lower(); |
|
3288
1a84d7d6f667
mod_auth_internal_hashed: Remove far too many instances of inline hex conversion using gsub, which was creating useless closures and what-not
Matthew Wild <mwild1@gmail.com>
parents:
3287
diff
changeset
|
27 |
|
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
28 -- Default; can be set per-user |
|
6019
e9147a16059d
mod_auth_interal_hashed: Update salt and iteration count when setting a new password
Florian Zeitz <florob@babelmonkeys.de>
parents:
5784
diff
changeset
|
29 local default_iteration_count = 4096; |
|
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
30 |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
31 -- define auth provider |
|
5117
2c7e1ce8f482
mod_auth_*: Use module:provides().
Waqas Hussain <waqas20@gmail.com>
parents:
5116
diff
changeset
|
32 local provider = {}; |
|
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
33 |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
34 function provider.test_password(username, password) |
|
5784
02217725454b
mod_auth_internal_hashed: Log calls to provider methods and be consistent with mod_auth_internal_plain
Kim Alvefur <zash@zash.se>
parents:
5783
diff
changeset
|
35 log("debug", "test password for user '%s'", username); |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
36 local credentials = accounts:get(username) or {}; |
|
3166
3c46cb94caed
Add mechanism for upgrading to hashed passwords from default. Remove some extra debug.
Jeff Mitchell <jeff@jefferai.org>
parents:
3164
diff
changeset
|
37 |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
38 if credentials.password ~= nil and string.len(credentials.password) ~= 0 then |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
39 if credentials.password ~= password then |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
40 return nil, "Auth failed. Provided password is incorrect."; |
|
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
41 end |
|
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
42 |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
43 if provider.set_password(username, credentials.password) == nil then |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
44 return nil, "Auth failed. Could not set hashed password from plaintext."; |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
45 else |
|
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
46 return true; |
|
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
47 end |
|
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
48 end |
|
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
49 |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
50 if credentials.iteration_count == nil or credentials.salt == nil or string.len(credentials.salt) == 0 then |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
51 return nil, "Auth failed. Stored salt and iteration count information is not complete."; |
|
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
52 end |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5500
diff
changeset
|
53 |
|
10218
e458578ddfd3
mod_auth_internal_hashed: Add support for optionally using SCRAM-SHA-256 instead of SHA-1
Kim Alvefur <zash@zash.se>
parents:
8192
diff
changeset
|
54 local valid, stored_key, server_key = get_auth_db(password, credentials.salt, credentials.iteration_count); |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5500
diff
changeset
|
55 |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
56 local stored_key_hex = to_hex(stored_key); |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
57 local server_key_hex = to_hex(server_key); |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5500
diff
changeset
|
58 |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
59 if valid and stored_key_hex == credentials.stored_key and server_key_hex == credentials.server_key then |
|
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
60 return true; |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
61 else |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
62 return nil, "Auth failed. Invalid username, password, or password hash information."; |
|
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
63 end |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
64 end |
|
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
65 |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
66 function provider.set_password(username, password) |
|
5784
02217725454b
mod_auth_internal_hashed: Log calls to provider methods and be consistent with mod_auth_internal_plain
Kim Alvefur <zash@zash.se>
parents:
5783
diff
changeset
|
67 log("debug", "set_password for username '%s'", username); |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
68 local account = accounts:get(username); |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
69 if account then |
|
6019
e9147a16059d
mod_auth_interal_hashed: Update salt and iteration count when setting a new password
Florian Zeitz <florob@babelmonkeys.de>
parents:
5784
diff
changeset
|
70 account.salt = generate_uuid(); |
|
e9147a16059d
mod_auth_interal_hashed: Update salt and iteration count when setting a new password
Florian Zeitz <florob@babelmonkeys.de>
parents:
5784
diff
changeset
|
71 account.iteration_count = max(account.iteration_count or 0, default_iteration_count); |
|
10218
e458578ddfd3
mod_auth_internal_hashed: Add support for optionally using SCRAM-SHA-256 instead of SHA-1
Kim Alvefur <zash@zash.se>
parents:
8192
diff
changeset
|
72 local valid, stored_key, server_key = get_auth_db(password, account.salt, account.iteration_count); |
|
3288
1a84d7d6f667
mod_auth_internal_hashed: Remove far too many instances of inline hex conversion using gsub, which was creating useless closures and what-not
Matthew Wild <mwild1@gmail.com>
parents:
3287
diff
changeset
|
73 local stored_key_hex = to_hex(stored_key); |
|
1a84d7d6f667
mod_auth_internal_hashed: Remove far too many instances of inline hex conversion using gsub, which was creating useless closures and what-not
Matthew Wild <mwild1@gmail.com>
parents:
3287
diff
changeset
|
74 local server_key_hex = to_hex(server_key); |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5500
diff
changeset
|
75 |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
76 account.stored_key = stored_key_hex |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
77 account.server_key = server_key_hex |
|
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
78 |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
79 account.password = nil; |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
80 return accounts:set(username, account); |
|
3994
42899d5efe3b
mod_auth_internal_*: Support for delete_user method
Matthew Wild <mwild1@gmail.com>
parents:
3981
diff
changeset
|
81 end |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
82 return nil, "Account not available."; |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
83 end |
|
3994
42899d5efe3b
mod_auth_internal_*: Support for delete_user method
Matthew Wild <mwild1@gmail.com>
parents:
3981
diff
changeset
|
84 |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
85 function provider.user_exists(username) |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
86 local account = accounts:get(username); |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
87 if not account then |
|
5784
02217725454b
mod_auth_internal_hashed: Log calls to provider methods and be consistent with mod_auth_internal_plain
Kim Alvefur <zash@zash.se>
parents:
5783
diff
changeset
|
88 log("debug", "account not found for username '%s'", username); |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
89 return nil, "Auth failed. Invalid username"; |
|
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
90 end |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
91 return true; |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
92 end |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
93 |
|
5156
6b08c922a2e4
mod_auth_internal_{plain,hashed}: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5117
diff
changeset
|
94 function provider.users() |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
95 return accounts:users(); |
|
5156
6b08c922a2e4
mod_auth_internal_{plain,hashed}: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5117
diff
changeset
|
96 end |
|
6b08c922a2e4
mod_auth_internal_{plain,hashed}: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5117
diff
changeset
|
97 |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
98 function provider.create_user(username, password) |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
99 if password == nil then |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
100 return accounts:set(username, {}); |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
101 end |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
102 local salt = generate_uuid(); |
|
10218
e458578ddfd3
mod_auth_internal_hashed: Add support for optionally using SCRAM-SHA-256 instead of SHA-1
Kim Alvefur <zash@zash.se>
parents:
8192
diff
changeset
|
103 local valid, stored_key, server_key = get_auth_db(password, salt, default_iteration_count); |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
104 local stored_key_hex = to_hex(stored_key); |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
105 local server_key_hex = to_hex(server_key); |
|
8056
cacf14c218ab
mod_auth_internal_hashed: Split long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8055
diff
changeset
|
106 return accounts:set(username, { |
|
cacf14c218ab
mod_auth_internal_hashed: Split long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8055
diff
changeset
|
107 stored_key = stored_key_hex, server_key = server_key_hex, |
|
cacf14c218ab
mod_auth_internal_hashed: Split long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8055
diff
changeset
|
108 salt = salt, iteration_count = default_iteration_count |
|
cacf14c218ab
mod_auth_internal_hashed: Split long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8055
diff
changeset
|
109 }); |
|
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
110 end |
|
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
111 |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
112 function provider.delete_user(username) |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
113 return accounts:set(username, nil); |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
114 end |
|
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff
changeset
|
115 |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
116 function provider.get_sasl_handler() |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
117 local testpass_authentication_profile = { |
|
8055
b08d9295f036
mod_auth_internal_hashed: Rename unused 'self' to _ [luacheck]
Kim Alvefur <zash@zash.se>
parents:
6707
diff
changeset
|
118 plain_test = function(_, username, password, realm) |
|
5302
52fe5df91c65
mod_auth_internal_plain, mod_auth_internal_hashed: No need to nodeprep here.
Waqas Hussain <waqas20@gmail.com>
parents:
5156
diff
changeset
|
119 return usermanager.test_password(username, realm, password), true; |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
120 end, |
|
10219
d58925bb74ca
mod_auth_internal_hashed: Precompute SCRAM authentication profile name (thanks MattJ)
Kim Alvefur <zash@zash.se>
parents:
10218
diff
changeset
|
121 [scram_name] = function(_, username) |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
122 local credentials = accounts:get(username); |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
123 if not credentials then return; end |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
124 if credentials.password then |
|
8192
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
8056
diff
changeset
|
125 if provider.set_password(username, credentials.password) == nil then |
|
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
8056
diff
changeset
|
126 return nil, "Auth failed. Could not set hashed password from plaintext."; |
|
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
8056
diff
changeset
|
127 end |
|
5500
eeea0eb2602a
mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents:
5302
diff
changeset
|
128 credentials = accounts:get(username); |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
129 if not credentials then return; end |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
130 end |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5500
diff
changeset
|
131 |
|
8056
cacf14c218ab
mod_auth_internal_hashed: Split long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8055
diff
changeset
|
132 local stored_key, server_key = credentials.stored_key, credentials.server_key; |
|
cacf14c218ab
mod_auth_internal_hashed: Split long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8055
diff
changeset
|
133 local iteration_count, salt = credentials.iteration_count, credentials.salt; |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
134 stored_key = stored_key and from_hex(stored_key); |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
135 server_key = server_key and from_hex(server_key); |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
136 return stored_key, server_key, iteration_count, salt, true; |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
137 end |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
138 }; |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
139 return new_sasl(host, testpass_authentication_profile); |
|
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
140 end |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5500
diff
changeset
|
141 |
|
5117
2c7e1ce8f482
mod_auth_*: Use module:provides().
Waqas Hussain <waqas20@gmail.com>
parents:
5116
diff
changeset
|
142 module:provides("auth", provider); |
|
5116
5f9066db1b4d
mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents:
4764
diff
changeset
|
143 |
