# HG changeset patch
# User Waqas Hussain <waqas20@gmail.com>
# Date 1280566162 -18000
# Node ID c505a8cc89225de2e90794e38b8f4e923e2ad1e6
# Parent  5ba0e094a5e289f0f0eec9f8c44dcce26c9610a6
mod_saslauth: Move mandatory encryption enforcement to before sasl_handler:select().

diff -r 5ba0e094a5e2 -r c505a8cc8922 plugins/mod_saslauth.lua
--- a/plugins/mod_saslauth.lua	Sat Jul 31 13:32:57 2010 +0500
+++ b/plugins/mod_saslauth.lua	Sat Jul 31 13:49:22 2010 +0500
@@ -119,13 +119,13 @@
 		elseif stanza.attr.mechanism == "ANONYMOUS" then
 			return session.send(build_reply("failure", "mechanism-too-weak"));
 		end
+		if secure_auth_only and not session.secure then
+			return session.send(build_reply("failure", "encryption-required"));
+		end
 		local valid_mechanism = session.sasl_handler:select(stanza.attr.mechanism);
 		if not valid_mechanism then
 			return session.send(build_reply("failure", "invalid-mechanism"));
 		end
-		if secure_auth_only and not session.secure then
-			return session.send(build_reply("failure", "encryption-required"));
-		end
 	elseif not session.sasl_handler then
 		return; -- FIXME ignoring out of order stanzas because ejabberd does
 	end