prosody
b7dc45d704fa
plugins/mod_saslauth.lua
Software / code / prosody
Comparison
plugins/mod_saslauth.lua @ 13381:b7dc45d704fa
mod_saslauth: Fire event at start of authentication attempt
As extension point for rate limiting and similar checks, so they can
hook a single event instead of <{sasl1}auth> or stream features, which
might not be fired in case of SASL2 or e.g. HTTP based login.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 01 Dec 2023 23:43:18 +0100 |
| parent | 13363:2738dda885bb |
| child | 13386:33e5edbd6a4a |
comparison
equal
deleted
inserted
replaced
| 13380:d53dd83a9944 | 13381:b7dc45d704fa |
|---|---|
| 213 return s2s_external_auth(session, stanza) | 213 return s2s_external_auth(session, stanza) |
| 214 end | 214 end |
| 215 | 215 |
| 216 if session.type ~= "c2s_unauthed" or module:get_host_type() ~= "local" then return; end | 216 if session.type ~= "c2s_unauthed" or module:get_host_type() ~= "local" then return; end |
| 217 | 217 |
| 218 -- event for preemptive checks, rate limiting etc | |
| 219 module:fire_event("authentication-attempt", event); | |
| 220 if event.allowed == false then | |
| 221 session.send(build_reply("failure", event.error_condition or "not-authorized", event.error_text)); | |
| 222 return true; | |
| 223 end | |
| 218 if session.sasl_handler and session.sasl_handler.selected then | 224 if session.sasl_handler and session.sasl_handler.selected then |
| 219 session.sasl_handler = nil; -- allow starting a new SASL negotiation before completing an old one | 225 session.sasl_handler = nil; -- allow starting a new SASL negotiation before completing an old one |
| 220 end | 226 end |
| 221 if not session.sasl_handler then | 227 if not session.sasl_handler then |
| 222 session.sasl_handler = usermanager_get_sasl_handler(module.host, session); | 228 session.sasl_handler = usermanager_get_sasl_handler(module.host, session); |
