prosody
d58925bb74ca
plugins/mod_auth_internal_hashed.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_auth_internal_hashed.lua @ 10219:d58925bb74ca

mod_auth_internal_hashed: Precompute SCRAM authentication profile name (thanks MattJ)
author Kim Alvefur <zash@zash.se>
date Thu, 22 Aug 2019 01:00:31 +0200
parent 10218:e458578ddfd3
child 10563:e8db377a2983
comparison
equal deleted inserted replaced
10218:e458578ddfd3 10219:d58925bb74ca
21 21
22 local accounts = module:open_store("accounts"); 22 local accounts = module:open_store("accounts");
23 23
24 local hash_name = module:get_option_string("password_hash", "SHA-1"); 24 local hash_name = module:get_option_string("password_hash", "SHA-1");
25 local get_auth_db = assert(scram_hashers[hash_name], "SCRAM-"..hash_name.." not supported by SASL library"); 25 local get_auth_db = assert(scram_hashers[hash_name], "SCRAM-"..hash_name.." not supported by SASL library");
26 local scram_name = "scram_"..hash_name:gsub("%-","_"):lower();
26 27
27 -- Default; can be set per-user 28 -- Default; can be set per-user
28 local default_iteration_count = 4096; 29 local default_iteration_count = 4096;
29 30
30 -- define auth provider 31 -- define auth provider
115 function provider.get_sasl_handler() 116 function provider.get_sasl_handler()
116 local testpass_authentication_profile = { 117 local testpass_authentication_profile = {
117 plain_test = function(_, username, password, realm) 118 plain_test = function(_, username, password, realm)
118 return usermanager.test_password(username, realm, password), true; 119 return usermanager.test_password(username, realm, password), true;
119 end, 120 end,
120 ["scram_"..hash_name:gsub("%-","_"):lower()] = function(_, username) 121 [scram_name] = function(_, username)
121 local credentials = accounts:get(username); 122 local credentials = accounts:get(username);
122 if not credentials then return; end 123 if not credentials then return; end
123 if credentials.password then 124 if credentials.password then
124 if provider.set_password(username, credentials.password) == nil then 125 if provider.set_password(username, credentials.password) == nil then
125 return nil, "Auth failed. Could not set hashed password from plaintext."; 126 return nil, "Auth failed. Could not set hashed password from plaintext.";