prosody
c98aebe601f9
plugins/mod_auth_internal_hashed.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Annotate

plugins/mod_auth_internal_hashed.lua @ 11544:c98aebe601f9 0.11

mod_auth_internal_{plain,hashed}: Use constant-time string comparison for secrets
author Matthew Wild <mwild1@gmail.com>
date Mon, 10 May 2021 16:50:24 +0100
parent 10914:0d7d71dee0a0
child 11560:3bbb1af92514
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3164
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
1 -- Prosody IM
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
2 -- Copyright (C) 2008-2010 Matthew Wild
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
3 -- Copyright (C) 2008-2010 Waqas Hussain
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
4 -- Copyright (C) 2010 Jeff Mitchell
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
5 --
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
6 -- This project is MIT/X11 licensed. Please see the
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
7 -- COPYING file in the source package for more information.
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
8 --
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
9
6019
e9147a16059d mod_auth_interal_hashed: Update salt and iteration count when setting a new password
Florian Zeitz <florob@babelmonkeys.de>
parents: 5784
diff changeset
10 local max = math.max;
e9147a16059d mod_auth_interal_hashed: Update salt and iteration count when setting a new password
Florian Zeitz <florob@babelmonkeys.de>
parents: 5784
diff changeset
11
3205
2dcd826bbbc6 mod_auth_internal_hashed: Store StoredKey and ServerKey instead of salted hashed password.
Tobias Markmann <tm@ayena.de>
parents: 3189
diff changeset
12 local getAuthenticationDatabaseSHA1 = require "util.sasl.scram".getAuthenticationDatabaseSHA1;
3164
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
13 local usermanager = require "core.usermanager";
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
14 local generate_uuid = require "util.uuid".generate;
3186
b5f261123013 mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents: 3180
diff changeset
15 local new_sasl = require "util.sasl".new;
6707
06cdd4afaaf9 mod_auth_internal_hashed: Use util.hex
Kim Alvefur <zash@zash.se>
parents: 6019
diff changeset
16 local hex = require"util.hex";
06cdd4afaaf9 mod_auth_internal_hashed: Use util.hex
Kim Alvefur <zash@zash.se>
parents: 6019
diff changeset
17 local to_hex, from_hex = hex.to, hex.from;
10914
0d7d71dee0a0 mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents: 10522
diff changeset
18 local saslprep = require "util.encodings".stringprep.saslprep;
11544
c98aebe601f9 mod_auth_internal_{plain,hashed}: Use constant-time string comparison for secrets
Matthew Wild <mwild1@gmail.com>
parents: 10914
diff changeset
19 local secure_equals = require "util.hashes".equals;
3164
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
20
5783
3a81e3b0ea4f mod_auth_internal_hashed: Use logger setup by moduleapi instead of going for util.logger directly
Kim Alvefur <zash@zash.se>
parents: 5782
diff changeset
21 local log = module._log;
5784
02217725454b mod_auth_internal_hashed: Log calls to provider methods and be consistent with mod_auth_internal_plain
Kim Alvefur <zash@zash.se>
parents: 5783
diff changeset
22 local host = module.host;
5783
3a81e3b0ea4f mod_auth_internal_hashed: Use logger setup by moduleapi instead of going for util.logger directly
Kim Alvefur <zash@zash.se>
parents: 5782
diff changeset
23
5500
eeea0eb2602a mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents: 5302
diff changeset
24 local accounts = module:open_store("accounts");
eeea0eb2602a mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents: 5302
diff changeset
25
3288
1a84d7d6f667 mod_auth_internal_hashed: Remove far too many instances of inline hex conversion using gsub, which was creating useless closures and what-not
Matthew Wild <mwild1@gmail.com>
parents: 3287
diff changeset
26
1a84d7d6f667 mod_auth_internal_hashed: Remove far too many instances of inline hex conversion using gsub, which was creating useless closures and what-not
Matthew Wild <mwild1@gmail.com>
parents: 3287
diff changeset
27
3164
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
28 -- Default; can be set per-user
6019
e9147a16059d mod_auth_interal_hashed: Update salt and iteration count when setting a new password
Florian Zeitz <florob@babelmonkeys.de>
parents: 5784
diff changeset
29 local default_iteration_count = 4096;
3164
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
30
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
31 -- define auth provider
5117
2c7e1ce8f482 mod_auth_*: Use module:provides().
Waqas Hussain <waqas20@gmail.com>
parents: 5116
diff changeset
32 local provider = {};
3164
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
33
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
34 function provider.test_password(username, password)
5784
02217725454b mod_auth_internal_hashed: Log calls to provider methods and be consistent with mod_auth_internal_plain
Kim Alvefur <zash@zash.se>
parents: 5783
diff changeset
35 log("debug", "test password for user '%s'", username);
5500
eeea0eb2602a mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents: 5302
diff changeset
36 local credentials = accounts:get(username) or {};
10914
0d7d71dee0a0 mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents: 10522
diff changeset
37 password = saslprep(password);
0d7d71dee0a0 mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents: 10522
diff changeset
38 if not password then
0d7d71dee0a0 mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents: 10522
diff changeset
39 return nil, "Password fails SASLprep.";
0d7d71dee0a0 mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents: 10522
diff changeset
40 end
3166
3c46cb94caed Add mechanism for upgrading to hashed passwords from default. Remove some extra debug.
Jeff Mitchell <jeff@jefferai.org>
parents: 3164
diff changeset
41
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
42 if credentials.password ~= nil and string.len(credentials.password) ~= 0 then
11544
c98aebe601f9 mod_auth_internal_{plain,hashed}: Use constant-time string comparison for secrets
Matthew Wild <mwild1@gmail.com>
parents: 10914
diff changeset
43 if not secure_equals(saslprep(credentials.password), password) then
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
44 return nil, "Auth failed. Provided password is incorrect.";
3164
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
45 end
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
46
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
47 if provider.set_password(username, credentials.password) == nil then
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
48 return nil, "Auth failed. Could not set hashed password from plaintext.";
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
49 else
3164
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
50 return true;
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
51 end
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
52 end
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
53
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
54 if credentials.iteration_count == nil or credentials.salt == nil or string.len(credentials.salt) == 0 then
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
55 return nil, "Auth failed. Stored salt and iteration count information is not complete.";
3164
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
56 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5500
diff changeset
57
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
58 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count);
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5500
diff changeset
59
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
60 local stored_key_hex = to_hex(stored_key);
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
61 local server_key_hex = to_hex(server_key);
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5500
diff changeset
62
11544
c98aebe601f9 mod_auth_internal_{plain,hashed}: Use constant-time string comparison for secrets
Matthew Wild <mwild1@gmail.com>
parents: 10914
diff changeset
63 if valid and secure_equals(stored_key_hex, credentials.stored_key) and secure_equals(server_key_hex, credentials.server_key) then
3164
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
64 return true;
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
65 else
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
66 return nil, "Auth failed. Invalid username, password, or password hash information.";
3164
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
67 end
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
68 end
3164
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
69
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
70 function provider.set_password(username, password)
5784
02217725454b mod_auth_internal_hashed: Log calls to provider methods and be consistent with mod_auth_internal_plain
Kim Alvefur <zash@zash.se>
parents: 5783
diff changeset
71 log("debug", "set_password for username '%s'", username);
5500
eeea0eb2602a mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents: 5302
diff changeset
72 local account = accounts:get(username);
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
73 if account then
6019
e9147a16059d mod_auth_interal_hashed: Update salt and iteration count when setting a new password
Florian Zeitz <florob@babelmonkeys.de>
parents: 5784
diff changeset
74 account.salt = generate_uuid();
e9147a16059d mod_auth_interal_hashed: Update salt and iteration count when setting a new password
Florian Zeitz <florob@babelmonkeys.de>
parents: 5784
diff changeset
75 account.iteration_count = max(account.iteration_count or 0, default_iteration_count);
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
76 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count);
10522
b1ca849b8e3a mod_auth_internal_hashed: Pass on errors from password hash function (fixes #1477)
Kim Alvefur <zash@zash.se>
parents: 8192
diff changeset
77 if not valid then
b1ca849b8e3a mod_auth_internal_hashed: Pass on errors from password hash function (fixes #1477)
Kim Alvefur <zash@zash.se>
parents: 8192
diff changeset
78 return valid, stored_key;
b1ca849b8e3a mod_auth_internal_hashed: Pass on errors from password hash function (fixes #1477)
Kim Alvefur <zash@zash.se>
parents: 8192
diff changeset
79 end
3288
1a84d7d6f667 mod_auth_internal_hashed: Remove far too many instances of inline hex conversion using gsub, which was creating useless closures and what-not
Matthew Wild <mwild1@gmail.com>
parents: 3287
diff changeset
80 local stored_key_hex = to_hex(stored_key);
1a84d7d6f667 mod_auth_internal_hashed: Remove far too many instances of inline hex conversion using gsub, which was creating useless closures and what-not
Matthew Wild <mwild1@gmail.com>
parents: 3287
diff changeset
81 local server_key_hex = to_hex(server_key);
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5500
diff changeset
82
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
83 account.stored_key = stored_key_hex
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
84 account.server_key = server_key_hex
3164
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
85
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
86 account.password = nil;
5500
eeea0eb2602a mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents: 5302
diff changeset
87 return accounts:set(username, account);
3994
42899d5efe3b mod_auth_internal_*: Support for delete_user method
Matthew Wild <mwild1@gmail.com>
parents: 3981
diff changeset
88 end
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
89 return nil, "Account not available.";
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
90 end
3994
42899d5efe3b mod_auth_internal_*: Support for delete_user method
Matthew Wild <mwild1@gmail.com>
parents: 3981
diff changeset
91
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
92 function provider.user_exists(username)
5500
eeea0eb2602a mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents: 5302
diff changeset
93 local account = accounts:get(username);
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
94 if not account then
5784
02217725454b mod_auth_internal_hashed: Log calls to provider methods and be consistent with mod_auth_internal_plain
Kim Alvefur <zash@zash.se>
parents: 5783
diff changeset
95 log("debug", "account not found for username '%s'", username);
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
96 return nil, "Auth failed. Invalid username";
3164
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
97 end
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
98 return true;
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
99 end
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
100
5156
6b08c922a2e4 mod_auth_internal_{plain,hashed}: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents: 5117
diff changeset
101 function provider.users()
5500
eeea0eb2602a mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents: 5302
diff changeset
102 return accounts:users();
5156
6b08c922a2e4 mod_auth_internal_{plain,hashed}: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents: 5117
diff changeset
103 end
6b08c922a2e4 mod_auth_internal_{plain,hashed}: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents: 5117
diff changeset
104
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
105 function provider.create_user(username, password)
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
106 if password == nil then
5500
eeea0eb2602a mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents: 5302
diff changeset
107 return accounts:set(username, {});
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
108 end
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
109 local salt = generate_uuid();
6019
e9147a16059d mod_auth_interal_hashed: Update salt and iteration count when setting a new password
Florian Zeitz <florob@babelmonkeys.de>
parents: 5784
diff changeset
110 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, default_iteration_count);
10522
b1ca849b8e3a mod_auth_internal_hashed: Pass on errors from password hash function (fixes #1477)
Kim Alvefur <zash@zash.se>
parents: 8192
diff changeset
111 if not valid then
b1ca849b8e3a mod_auth_internal_hashed: Pass on errors from password hash function (fixes #1477)
Kim Alvefur <zash@zash.se>
parents: 8192
diff changeset
112 return valid, stored_key;
b1ca849b8e3a mod_auth_internal_hashed: Pass on errors from password hash function (fixes #1477)
Kim Alvefur <zash@zash.se>
parents: 8192
diff changeset
113 end
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
114 local stored_key_hex = to_hex(stored_key);
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
115 local server_key_hex = to_hex(server_key);
8056
cacf14c218ab mod_auth_internal_hashed: Split long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents: 8055
diff changeset
116 return accounts:set(username, {
cacf14c218ab mod_auth_internal_hashed: Split long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents: 8055
diff changeset
117 stored_key = stored_key_hex, server_key = server_key_hex,
cacf14c218ab mod_auth_internal_hashed: Split long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents: 8055
diff changeset
118 salt = salt, iteration_count = default_iteration_count
cacf14c218ab mod_auth_internal_hashed: Split long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents: 8055
diff changeset
119 });
3164
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
120 end
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
121
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
122 function provider.delete_user(username)
5500
eeea0eb2602a mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents: 5302
diff changeset
123 return accounts:set(username, nil);
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
124 end
3164
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
diff changeset
125
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
126 function provider.get_sasl_handler()
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
127 local testpass_authentication_profile = {
8055
b08d9295f036 mod_auth_internal_hashed: Rename unused 'self' to _ [luacheck]
Kim Alvefur <zash@zash.se>
parents: 6707
diff changeset
128 plain_test = function(_, username, password, realm)
5302
52fe5df91c65 mod_auth_internal_plain, mod_auth_internal_hashed: No need to nodeprep here.
Waqas Hussain <waqas20@gmail.com>
parents: 5156
diff changeset
129 return usermanager.test_password(username, realm, password), true;
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
130 end,
8055
b08d9295f036 mod_auth_internal_hashed: Rename unused 'self' to _ [luacheck]
Kim Alvefur <zash@zash.se>
parents: 6707
diff changeset
131 scram_sha_1 = function(_, username)
5500
eeea0eb2602a mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents: 5302
diff changeset
132 local credentials = accounts:get(username);
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
133 if not credentials then return; end
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
134 if credentials.password then
8192
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 8056
diff changeset
135 if provider.set_password(username, credentials.password) == nil then
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 8056
diff changeset
136 return nil, "Auth failed. Could not set hashed password from plaintext.";
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 8056
diff changeset
137 end
5500
eeea0eb2602a mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()
Kim Alvefur <zash@zash.se>
parents: 5302
diff changeset
138 credentials = accounts:get(username);
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
139 if not credentials then return; end
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
140 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5500
diff changeset
141
8056
cacf14c218ab mod_auth_internal_hashed: Split long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents: 8055
diff changeset
142 local stored_key, server_key = credentials.stored_key, credentials.server_key;
cacf14c218ab mod_auth_internal_hashed: Split long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents: 8055
diff changeset
143 local iteration_count, salt = credentials.iteration_count, credentials.salt;
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
144 stored_key = stored_key and from_hex(stored_key);
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
145 server_key = server_key and from_hex(server_key);
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
146 return stored_key, server_key, iteration_count, salt, true;
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
147 end
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
148 };
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
149 return new_sasl(host, testpass_authentication_profile);
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
150 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5500
diff changeset
151
5117
2c7e1ce8f482 mod_auth_*: Use module:provides().
Waqas Hussain <waqas20@gmail.com>
parents: 5116
diff changeset
152 module:provides("auth", provider);
5116
5f9066db1b4d mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 4764
diff changeset
153