Software / code / prosody
Changeset
10914:0d7d71dee0a0 0.11
mod_auth_internal_*: Apply saslprep to passwords
Related to #1560
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 23 May 2020 14:17:04 +0200 |
| parents | 10913:54953b5a214b |
| children | 10916:c7ed8f754033 10943:22b1298403ff |
| files | plugins/mod_auth_insecure.lua plugins/mod_auth_internal_hashed.lua plugins/mod_auth_internal_plain.lua |
| diffstat | 3 files changed, 25 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_auth_insecure.lua Fri May 22 21:05:45 2020 +0200 +++ b/plugins/mod_auth_insecure.lua Sat May 23 14:17:04 2020 +0200 @@ -9,6 +9,7 @@ local datamanager = require "util.datamanager"; local new_sasl = require "util.sasl".new; +local saslprep = require "util.encodings".stringprep.saslprep; local host = module.host; local provider = { name = "insecure" }; @@ -21,6 +22,10 @@ function provider.set_password(username, password) local account = datamanager.load(username, host, "accounts"); + password = saslprep(password); + if not password then + return nil, "Password fails SASLprep."; + end if account then account.password = password; return datamanager.store(username, host, "accounts", account);
--- a/plugins/mod_auth_internal_hashed.lua Fri May 22 21:05:45 2020 +0200 +++ b/plugins/mod_auth_internal_hashed.lua Sat May 23 14:17:04 2020 +0200 @@ -15,6 +15,7 @@ local new_sasl = require "util.sasl".new; local hex = require"util.hex"; local to_hex, from_hex = hex.to, hex.from; +local saslprep = require "util.encodings".stringprep.saslprep; local log = module._log; local host = module.host; @@ -32,9 +33,13 @@ function provider.test_password(username, password) log("debug", "test password for user '%s'", username); local credentials = accounts:get(username) or {}; + password = saslprep(password); + if not password then + return nil, "Password fails SASLprep."; + end if credentials.password ~= nil and string.len(credentials.password) ~= 0 then - if credentials.password ~= password then + if saslprep(credentials.password) ~= password then return nil, "Auth failed. Provided password is incorrect."; end
--- a/plugins/mod_auth_internal_plain.lua Fri May 22 21:05:45 2020 +0200 +++ b/plugins/mod_auth_internal_plain.lua Sat May 23 14:17:04 2020 +0200 @@ -8,6 +8,7 @@ local usermanager = require "core.usermanager"; local new_sasl = require "util.sasl".new; +local saslprep = require "util.encodings".stringprep.saslprep; local log = module._log; local host = module.host; @@ -20,8 +21,12 @@ function provider.test_password(username, password) log("debug", "test password for user '%s'", username); local credentials = accounts:get(username) or {}; + password = saslprep(password); + if not password then + return nil, "Password fails SASLprep."; + end - if password == credentials.password then + if password == saslprep(credentials.password) then return true; else return nil, "Auth failed. Invalid username or password."; @@ -35,6 +40,10 @@ function provider.set_password(username, password) log("debug", "set_password for username '%s'", username); + password = saslprep(password); + if not password then + return nil, "Password fails SASLprep."; + end local account = accounts:get(username); if account then account.password = password; @@ -57,6 +66,10 @@ end function provider.create_user(username, password) + password = saslprep(password); + if not password then + return nil, "Password fails SASLprep."; + end return accounts:set(username, {password = password}); end
