Software / code / prosody
Changeset
13381:b7dc45d704fa
mod_saslauth: Fire event at start of authentication attempt
As extension point for rate limiting and similar checks, so they can
hook a single event instead of <{sasl1}auth> or stream features, which
might not be fired in case of SASL2 or e.g. HTTP based login.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 01 Dec 2023 23:43:18 +0100 |
| parents | 13380:d53dd83a9944 |
| children | 13382:f70311588c77 |
| files | plugins/mod_saslauth.lua |
| diffstat | 1 files changed, 6 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_saslauth.lua Fri Dec 01 22:00:18 2023 +0100 +++ b/plugins/mod_saslauth.lua Fri Dec 01 23:43:18 2023 +0100 @@ -215,6 +215,12 @@ if session.type ~= "c2s_unauthed" or module:get_host_type() ~= "local" then return; end + -- event for preemptive checks, rate limiting etc + module:fire_event("authentication-attempt", event); + if event.allowed == false then + session.send(build_reply("failure", event.error_condition or "not-authorized", event.error_text)); + return true; + end if session.sasl_handler and session.sasl_handler.selected then session.sasl_handler = nil; -- allow starting a new SASL negotiation before completing an old one end
