prosody
34ac05f6bd10
plugins/mod_auth_insecure.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

plugins/mod_auth_insecure.lua @ 13744:34ac05f6bd10 13.0

core.configmanager: Fix reporting delayed warnings from global section A Credential in the global section would be stored at delayed_warnings["*/secret"], but get("example.com","secret") would look for delayed_warnings["example.com/secret"] Storing the warnings in the config itself has the unfortunate side-effect that the config now contains util.error objects, which may be awkward if something bypasses get(). Should rawget() also do this filtering? getconfig() too? Currently this only affects prosodyctl, so maybe it won't be much of a problem.
author Kim Alvefur <zash@zash.se>
date Sat, 22 Feb 2025 00:08:18 +0100
parent 12977:74b9e05af71e
line wrap: on
line source

-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
-- luacheck: ignore 212

local datamanager = require "prosody.util.datamanager";
local new_sasl = require "prosody.util.sasl".new;
local saslprep = require "prosody.util.encodings".stringprep.saslprep;

local host = module.host;
local provider = { name = "insecure" };

assert(module:get_option_string("insecure_open_authentication") == "Yes please, I know what I'm doing!");

function provider.test_password(username, password)
	return true;
end

function provider.set_password(username, password)
	local account = datamanager.load(username, host, "accounts");
	password = saslprep(password);
	if not password then
		return nil, "Password fails SASLprep.";
	end
	if account then
		account.updated = os.time();
		account.password = password;
		return datamanager.store(username, host, "accounts", account);
	end
	return nil, "Account not available.";
end

function provider.user_exists(username)
	return true;
end

function provider.create_user(username, password)
	local now = os.time();
	return datamanager.store(username, host, "accounts", { created = now; updated = now; password = password });
end

function provider.delete_user(username)
	return datamanager.store(username, host, "accounts", nil);
end

function provider.get_sasl_handler()
	local getpass_authentication_profile = {
		plain_test = function(sasl, username, password, realm)
			return true, true;
		end
	};
	return new_sasl(module.host, getpass_authentication_profile);
end

module:add_item("auth-provider", provider);