prosody
70f6a8dceb1d
plugins/mod_tokenauth.lua
Software / code / prosody
Comparison
plugins/mod_tokenauth.lua @ 12915:70f6a8dceb1d
mod_tokenauth: Add SASL handler backend that can accept and verify tokens
This is designed for use by other modules that want to accept tokens issued
by mod_tokenauth, without duplicating all the necessary logic.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Wed, 01 Mar 2023 13:04:36 +0000 |
| parent | 12914:2b4661bd39e2 |
| child | 12917:e4de42495fb7 |
comparison
equal
deleted
inserted
replaced
| 12914:2b4661bd39e2 | 12915:70f6a8dceb1d |
|---|---|
| 120 if token_host ~= module.host then | 120 if token_host ~= module.host then |
| 121 return nil, "invalid-host"; | 121 return nil, "invalid-host"; |
| 122 end | 122 end |
| 123 return token_store:set(token_user, token_id, nil); | 123 return token_store:set(token_user, token_id, nil); |
| 124 end | 124 end |
| 125 | |
| 126 function sasl_handler(auth_provider, purpose, extra) | |
| 127 return function (_, username, token, realm) | |
| 128 local token_info, err = get_token_info(token); | |
| 129 if not token_info then | |
| 130 module:log("debug", "SASL handler failed to verify token: %s", err); | |
| 131 return nil, nil, extra; | |
| 132 end | |
| 133 local token_user, token_host = jid.split(token_info.jid); | |
| 134 if username ~= token_user or realm ~= token_host or (purpose and token_info.purpose ~= purpose) then | |
| 135 return nil, nil, extra; | |
| 136 end | |
| 137 if auth_provider.is_enabled and not auth_provider.is_enabled(username) then | |
| 138 return true, false, token_info; | |
| 139 end | |
| 140 return true, true, token_info; | |
| 141 end; | |
| 142 end |
