prosody
3bbb1af92514
plugins/mod_auth_internal_hashed.lua
Software / code / prosody
Comparison
plugins/mod_auth_internal_hashed.lua @ 11560:3bbb1af92514
Merge 0.11->trunk
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 13 May 2021 11:17:13 +0100 |
| parent | 10916:c7ed8f754033 |
| parent | 11544:c98aebe601f9 |
| child | 12127:baa7cdde69a6 |
comparison
equal
deleted
inserted
replaced
| 11538:30feeb4d9d0b | 11560:3bbb1af92514 |
|---|---|
| 14 local generate_uuid = require "util.uuid".generate; | 14 local generate_uuid = require "util.uuid".generate; |
| 15 local new_sasl = require "util.sasl".new; | 15 local new_sasl = require "util.sasl".new; |
| 16 local hex = require"util.hex"; | 16 local hex = require"util.hex"; |
| 17 local to_hex, from_hex = hex.to, hex.from; | 17 local to_hex, from_hex = hex.to, hex.from; |
| 18 local saslprep = require "util.encodings".stringprep.saslprep; | 18 local saslprep = require "util.encodings".stringprep.saslprep; |
| 19 local secure_equals = require "util.hashes".equals; | |
| 19 | 20 |
| 20 local log = module._log; | 21 local log = module._log; |
| 21 local host = module.host; | 22 local host = module.host; |
| 22 | 23 |
| 23 local accounts = module:open_store("accounts"); | 24 local accounts = module:open_store("accounts"); |
| 39 if not password then | 40 if not password then |
| 40 return nil, "Password fails SASLprep."; | 41 return nil, "Password fails SASLprep."; |
| 41 end | 42 end |
| 42 | 43 |
| 43 if credentials.password ~= nil and string.len(credentials.password) ~= 0 then | 44 if credentials.password ~= nil and string.len(credentials.password) ~= 0 then |
| 44 if saslprep(credentials.password) ~= password then | 45 if not secure_equals(saslprep(credentials.password), password) then |
| 45 return nil, "Auth failed. Provided password is incorrect."; | 46 return nil, "Auth failed. Provided password is incorrect."; |
| 46 end | 47 end |
| 47 | 48 |
| 48 if provider.set_password(username, credentials.password) == nil then | 49 if provider.set_password(username, credentials.password) == nil then |
| 49 return nil, "Auth failed. Could not set hashed password from plaintext."; | 50 return nil, "Auth failed. Could not set hashed password from plaintext."; |
| 59 local valid, stored_key, server_key = get_auth_db(password, credentials.salt, credentials.iteration_count); | 60 local valid, stored_key, server_key = get_auth_db(password, credentials.salt, credentials.iteration_count); |
| 60 | 61 |
| 61 local stored_key_hex = to_hex(stored_key); | 62 local stored_key_hex = to_hex(stored_key); |
| 62 local server_key_hex = to_hex(server_key); | 63 local server_key_hex = to_hex(server_key); |
| 63 | 64 |
| 64 if valid and stored_key_hex == credentials.stored_key and server_key_hex == credentials.server_key then | 65 if valid and secure_equals(stored_key_hex, credentials.stored_key) and secure_equals(server_key_hex, credentials.server_key) then |
| 65 return true; | 66 return true; |
| 66 else | 67 else |
| 67 return nil, "Auth failed. Invalid username, password, or password hash information."; | 68 return nil, "Auth failed. Invalid username, password, or password hash information."; |
| 68 end | 69 end |
| 69 end | 70 end |
