# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1701470598 -3600
# Node ID b7dc45d704fa45e89efd8a69bc7717793c3d5db7
# Parent  d53dd83a9944a61665f55f32169ce68dbe6b3a70
mod_saslauth: Fire event at start of authentication attempt

As extension point for rate limiting and similar checks, so they can
hook a single event instead of <{sasl1}auth> or stream features, which
might not be fired in case of SASL2 or e.g. HTTP based login.

diff -r d53dd83a9944 -r b7dc45d704fa plugins/mod_saslauth.lua
--- a/plugins/mod_saslauth.lua	Fri Dec 01 22:00:18 2023 +0100
+++ b/plugins/mod_saslauth.lua	Fri Dec 01 23:43:18 2023 +0100
@@ -215,6 +215,12 @@
 
 	if session.type ~= "c2s_unauthed" or module:get_host_type() ~= "local" then return; end
 
+	-- event for preemptive checks, rate limiting etc
+	module:fire_event("authentication-attempt", event);
+	if event.allowed == false then
+		session.send(build_reply("failure", event.error_condition or "not-authorized", event.error_text));
+		return true;
+	end
 	if session.sasl_handler and session.sasl_handler.selected then
 		session.sasl_handler = nil; -- allow starting a new SASL negotiation before completing an old one
 	end