prosody
427dd01f0864
util/sasl/external.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

util/sasl/external.lua @ 12730:427dd01f0864

mod_authz_internal: Allow configuring role of local-server/parent-host users 'host_user_role' is the default role of users who have JIDs on the "parent" host (i.e. jabber.org users on conference.jabber.org). Defaults to 'prosody:user'. 'server_user_roles' is the default role of users who have JIDs on any active host on the current Prosody instance. Default to nil (no role). This finally allows better permissions splitting between host and server users, which has previously been done (e.g. in MUC) with options like 'restrict_room_creation' and 'muc_room_allow_persistent'. Using roles makes these permissions a lot more flexible, and easier for developers to integrate.
author Matthew Wild <mwild1@gmail.com>
date Thu, 29 Sep 2022 12:10:14 +0100
parent 8555:4f0f5b49bb03
child 12975:d10957394a3c
line wrap: on
line source

local saslprep = require "util.encodings".stringprep.saslprep;

local _ENV = nil;
-- luacheck: std none

local function external(self, message)
	message = saslprep(message);
	local state
	self.username, state = self.profile.external(message);

	if state == false then
		return "failure", "account-disabled";
	elseif state == nil  then
		return "failure", "not-authorized";
	elseif state == "expired" then
		return "false", "credentials-expired";
	end

	return "success";
end

local function init(registerMechanism)
	registerMechanism("EXTERNAL", {"external"}, external);
end

return {
	init = init;
}