diff options
| author | Kim Alvefur <zash@zash.se> | 2024-08-09 20:23:46 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2024-08-09 20:23:46 +0200 |
| commit | 04f45b1afabb85163f72febd6000038102457812 (patch) | |
| tree | 9c29bf636a0bb8e1348c0ee414e8355b639dd1d6 | |
| parent | 73aed094759dfcb9485f13436bda2e4e6cfaaf9a (diff) | |
| download | prosody-04f45b1afabb85163f72febd6000038102457812.tar.gz prosody-04f45b1afabb85163f72febd6000038102457812.zip | |
mod_auth_internal_{hashed,plain}: Respect flag for disabled accounts in test_password()
This API method is used e.g. in HTTP modules which also should respect
disabled accounts.
| -rw-r--r-- | plugins/mod_auth_internal_hashed.lua | 3 | ||||
| -rw-r--r-- | plugins/mod_auth_internal_plain.lua | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua index 4840f431..806eb9bd 100644 --- a/plugins/mod_auth_internal_hashed.lua +++ b/plugins/mod_auth_internal_hashed.lua @@ -37,6 +37,9 @@ local provider = {}; function provider.test_password(username, password) log("debug", "test password for user '%s'", username); local credentials = accounts:get(username) or {}; + if credentials.disabled then + return nil, "Account disabled."; + end password = saslprep(password); if not password then return nil, "Password fails SASLprep."; diff --git a/plugins/mod_auth_internal_plain.lua b/plugins/mod_auth_internal_plain.lua index 98df1983..6cced803 100644 --- a/plugins/mod_auth_internal_plain.lua +++ b/plugins/mod_auth_internal_plain.lua @@ -22,6 +22,9 @@ local provider = {}; function provider.test_password(username, password) log("debug", "test password for user '%s'", username); local credentials = accounts:get(username) or {}; + if credentials.disabled then + return nil, "Account disabled."; + end password = saslprep(password); if not password then return nil, "Password fails SASLprep."; |