prosody
e27adbf4e743
util/sasl/plain.lua
Software / code / prosody
Comparison
util/sasl/plain.lua @ 4920:e27adbf4e743
util.sasl.plain: make it return "not-authorized" in case of non-existant accounts instead of "account-disabled" to avoid enumeration.
| author | Marco Cirillo <maranda@lightwitch.org> |
|---|---|
| date | Mon, 28 May 2012 15:59:10 +0000 |
| parent | 4113:65482a852c4d |
| child | 5240:864b27ddaa10 |
comparison
equal
deleted
inserted
replaced
| 4919:6cbc35cdefaf | 4920:e27adbf4e743 |
|---|---|
| 62 elseif self.profile.plain_test then | 62 elseif self.profile.plain_test then |
| 63 correct, state = self.profile.plain_test(self, authentication, password, self.realm); | 63 correct, state = self.profile.plain_test(self, authentication, password, self.realm); |
| 64 end | 64 end |
| 65 | 65 |
| 66 self.username = authentication | 66 self.username = authentication |
| 67 if not state then | 67 if state == false then |
| 68 return "failure", "account-disabled"; | 68 return "failure", "account-disabled"; |
| 69 elseif state == nil then | |
| 70 return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent."; | |
| 69 end | 71 end |
| 70 | 72 |
| 71 if correct then | 73 if correct then |
| 72 return "success"; | 74 return "success"; |
| 73 else | 75 else |
