Diff

plugins/mod_legacyauth.lua @ 5083:4629c60a303b

mod_legacyauth: Return an error if username or resource fails stringprep (thanks iron)
author Kim Alvefur <zash@zash.se>
date Tue, 07 Aug 2012 17:00:12 +0200
parent 4258:ee445e658848
child 5084:82b9fe0c79c5
line wrap: on
line diff
--- a/plugins/mod_legacyauth.lua	Sun Aug 05 17:21:19 2012 +0100
+++ b/plugins/mod_legacyauth.lua	Tue Aug 07 17:00:12 2012 +0200
@@ -58,6 +58,10 @@
 		username = nodeprep(username);
 		resource = resourceprep(resource)
 		local reply = st.reply(stanza);
+		if not (username and resource) then
+			session.send(st.error_reply(stanza, "modify", "bad-request"));
+			return true;
+		end
 		if usermanager.test_password(username, session.host, password) then
 			-- Authentication successful!
 			local success, err = sessionmanager.make_authenticated(session, username);