Software / code / prosody
Changeset
12900:5484debdfdfe
mod_auth_internal_hashed: Refactor to prepare for disabling users
Moving this out will make space for a dynamic check whether a particular
user is disabled or not, which is one possible response to abuse of
account privileges.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 22 Feb 2023 13:27:08 +0100 |
| parents | 12899:09b101a3b3e1 |
| children | 12901:b884ddb5a0e7 |
| files | plugins/mod_auth_internal_hashed.lua |
| diffstat | 1 files changed, 7 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_auth_internal_hashed.lua Wed Feb 22 22:29:53 2023 +0100 +++ b/plugins/mod_auth_internal_hashed.lua Wed Feb 22 13:27:08 2023 +0100 @@ -110,6 +110,11 @@ return true; end +function provider.is_enabled(username) -- luacheck: ignore 212 + -- TODO look up somewhere and allow disabling + return true; +end + function provider.users() return accounts:users(); end @@ -140,7 +145,7 @@ function provider.get_sasl_handler() local testpass_authentication_profile = { plain_test = function(_, username, password, realm) - return usermanager.test_password(username, realm, password), true; + return usermanager.test_password(username, realm, password), provider.is_enabled(username); end, [scram_name] = function(_, username) local credentials = accounts:get(username); @@ -157,7 +162,7 @@ local iteration_count, salt = credentials.iteration_count, credentials.salt; stored_key = stored_key and from_hex(stored_key); server_key = server_key and from_hex(server_key); - return stored_key, server_key, iteration_count, salt, true; + return stored_key, server_key, iteration_count, salt, provider.is_enabled(username); end }; return new_sasl(host, testpass_authentication_profile);
