# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1723227826 -7200
# Node ID 1b81a7b7c9b8b4b10ccafd09af6caa129db16da6
# Parent  2159a206684efb3a248bf8d32e2ea26d6be1dc44
mod_auth_internal_{hashed,plain}: Respect flag for disabled accounts in test_password()

This API method is used e.g. in HTTP modules which also should respect
disabled accounts.

diff -r 2159a206684e -r 1b81a7b7c9b8 plugins/mod_auth_internal_hashed.lua
--- a/plugins/mod_auth_internal_hashed.lua	Sat Aug 03 16:28:59 2024 +0200
+++ b/plugins/mod_auth_internal_hashed.lua	Fri Aug 09 20:23:46 2024 +0200
@@ -37,6 +37,9 @@
 function provider.test_password(username, password)
 	log("debug", "test password for user '%s'", username);
 	local credentials = accounts:get(username) or {};
+	if credentials.disabled then
+		return nil, "Account disabled.";
+	end
 	password = saslprep(password);
 	if not password then
 		return nil, "Password fails SASLprep.";
diff -r 2159a206684e -r 1b81a7b7c9b8 plugins/mod_auth_internal_plain.lua
--- a/plugins/mod_auth_internal_plain.lua	Sat Aug 03 16:28:59 2024 +0200
+++ b/plugins/mod_auth_internal_plain.lua	Fri Aug 09 20:23:46 2024 +0200
@@ -22,6 +22,9 @@
 function provider.test_password(username, password)
 	log("debug", "test password for user '%s'", username);
 	local credentials = accounts:get(username) or {};
+	if credentials.disabled then
+		return nil, "Account disabled.";
+	end
 	password = saslprep(password);
 	if not password then
 		return nil, "Password fails SASLprep.";