prosody
0d7d71dee0a0
plugins/mod_auth_internal_plain.lua
Software / code / prosody
Comparison
plugins/mod_auth_internal_plain.lua @ 10914:0d7d71dee0a0 0.11
mod_auth_internal_*: Apply saslprep to passwords
Related to #1560
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 23 May 2020 14:17:04 +0200 |
| parent | 8057:4a9275594981 |
| child | 11544:c98aebe601f9 |
comparison
equal
deleted
inserted
replaced
| 10913:54953b5a214b | 10914:0d7d71dee0a0 |
|---|---|
| 6 -- COPYING file in the source package for more information. | 6 -- COPYING file in the source package for more information. |
| 7 -- | 7 -- |
| 8 | 8 |
| 9 local usermanager = require "core.usermanager"; | 9 local usermanager = require "core.usermanager"; |
| 10 local new_sasl = require "util.sasl".new; | 10 local new_sasl = require "util.sasl".new; |
| 11 local saslprep = require "util.encodings".stringprep.saslprep; | |
| 11 | 12 |
| 12 local log = module._log; | 13 local log = module._log; |
| 13 local host = module.host; | 14 local host = module.host; |
| 14 | 15 |
| 15 local accounts = module:open_store("accounts"); | 16 local accounts = module:open_store("accounts"); |
| 18 local provider = {}; | 19 local provider = {}; |
| 19 | 20 |
| 20 function provider.test_password(username, password) | 21 function provider.test_password(username, password) |
| 21 log("debug", "test password for user '%s'", username); | 22 log("debug", "test password for user '%s'", username); |
| 22 local credentials = accounts:get(username) or {}; | 23 local credentials = accounts:get(username) or {}; |
| 24 password = saslprep(password); | |
| 25 if not password then | |
| 26 return nil, "Password fails SASLprep."; | |
| 27 end | |
| 23 | 28 |
| 24 if password == credentials.password then | 29 if password == saslprep(credentials.password) then |
| 25 return true; | 30 return true; |
| 26 else | 31 else |
| 27 return nil, "Auth failed. Invalid username or password."; | 32 return nil, "Auth failed. Invalid username or password."; |
| 28 end | 33 end |
| 29 end | 34 end |
| 33 return (accounts:get(username) or {}).password; | 38 return (accounts:get(username) or {}).password; |
| 34 end | 39 end |
| 35 | 40 |
| 36 function provider.set_password(username, password) | 41 function provider.set_password(username, password) |
| 37 log("debug", "set_password for username '%s'", username); | 42 log("debug", "set_password for username '%s'", username); |
| 43 password = saslprep(password); | |
| 44 if not password then | |
| 45 return nil, "Password fails SASLprep."; | |
| 46 end | |
| 38 local account = accounts:get(username); | 47 local account = accounts:get(username); |
| 39 if account then | 48 if account then |
| 40 account.password = password; | 49 account.password = password; |
| 41 return accounts:set(username, account); | 50 return accounts:set(username, account); |
| 42 end | 51 end |
| 55 function provider.users() | 64 function provider.users() |
| 56 return accounts:users(); | 65 return accounts:users(); |
| 57 end | 66 end |
| 58 | 67 |
| 59 function provider.create_user(username, password) | 68 function provider.create_user(username, password) |
| 69 password = saslprep(password); | |
| 70 if not password then | |
| 71 return nil, "Password fails SASLprep."; | |
| 72 end | |
| 60 return accounts:set(username, {password = password}); | 73 return accounts:set(username, {password = password}); |
| 61 end | 74 end |
| 62 | 75 |
| 63 function provider.delete_user(username) | 76 function provider.delete_user(username) |
| 64 return accounts:set(username, nil); | 77 return accounts:set(username, nil); |
