prosody
649acbfbf7fe
plugins/mod_auth_insecure.lua
Software / code / prosody
File
plugins/mod_auth_insecure.lua @ 10367:649acbfbf7fe
util.prosodyctl: Enforce strict JID validation on user creation
This is where 64ddcbc9a328 should have started. By preventing creation
of users with invalid JIDs, it will slowly become safer to enforce
strict validation on everything.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 01 Nov 2019 22:53:14 +0100 |
| parent | 9292:d5f798efb1ba |
| child | 10914:0d7d71dee0a0 |
line wrap: on
line source
-- Prosody IM -- Copyright (C) 2008-2010 Matthew Wild -- Copyright (C) 2008-2010 Waqas Hussain -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- -- luacheck: ignore 212 local datamanager = require "util.datamanager"; local new_sasl = require "util.sasl".new; local host = module.host; local provider = { name = "insecure" }; assert(module:get_option_string("insecure_open_authentication") == "Yes please, I know what I'm doing!"); function provider.test_password(username, password) return true; end function provider.set_password(username, password) local account = datamanager.load(username, host, "accounts"); if account then account.password = password; return datamanager.store(username, host, "accounts", account); end return nil, "Account not available."; end function provider.user_exists(username) return true; end function provider.create_user(username, password) return datamanager.store(username, host, "accounts", {password = password}); end function provider.delete_user(username) return datamanager.store(username, host, "accounts", nil); end function provider.get_sasl_handler() local getpass_authentication_profile = { plain_test = function(sasl, username, password, realm) return true, true; end }; return new_sasl(module.host, getpass_authentication_profile); end module:add_item("auth-provider", provider);
