File

plugins/mod_auth_insecure.lua @ 12578:10bb58ad5583

executables: Reject Lua 5.1 early Prevents attempting to load libraries that may no longer be found and crashing with a traceback. Platforms like Debian where multiple Lua versions can be installed at the same time and 'lua' pointing to one of the installed interpreters via symlinks, there's the possibility that prosody/prosodyctl may be invoked with Lua 5.1, which will no longer have any of the rest of Prosody libraries available to be require(), and thus would immediately fail with an unfriendly traceback. Checking and aborting early with a friendlier message and reference to more information is better. Part of #1600
author Kim Alvefur <zash@zash.se>
date Sat, 02 Jul 2022 17:27:39 +0200 (2022-07-02)
parent 10914:0d7d71dee0a0
child 12671:32881d0c359f
line wrap: on
line source
-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
-- luacheck: ignore 212

local datamanager = require "util.datamanager";
local new_sasl = require "util.sasl".new;
local saslprep = require "util.encodings".stringprep.saslprep;

local host = module.host;
local provider = { name = "insecure" };

assert(module:get_option_string("insecure_open_authentication") == "Yes please, I know what I'm doing!");

function provider.test_password(username, password)
	return true;
end

function provider.set_password(username, password)
	local account = datamanager.load(username, host, "accounts");
	password = saslprep(password);
	if not password then
		return nil, "Password fails SASLprep.";
	end
	if account then
		account.password = password;
		return datamanager.store(username, host, "accounts", account);
	end
	return nil, "Account not available.";
end

function provider.user_exists(username)
	return true;
end

function provider.create_user(username, password)
	return datamanager.store(username, host, "accounts", {password = password});
end

function provider.delete_user(username)
	return datamanager.store(username, host, "accounts", nil);
end

function provider.get_sasl_handler()
	local getpass_authentication_profile = {
		plain_test = function(sasl, username, password, realm)
			return true, true;
		end
	};
	return new_sasl(module.host, getpass_authentication_profile);
end

module:add_item("auth-provider", provider);