aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2024-08-09 20:23:46 +0200
committerKim Alvefur <zash@zash.se>2024-08-09 20:23:46 +0200
commit04f45b1afabb85163f72febd6000038102457812 (patch)
tree9c29bf636a0bb8e1348c0ee414e8355b639dd1d6
parent73aed094759dfcb9485f13436bda2e4e6cfaaf9a (diff)
downloadprosody-04f45b1afabb85163f72febd6000038102457812.tar.gz
prosody-04f45b1afabb85163f72febd6000038102457812.zip
mod_auth_internal_{hashed,plain}: Respect flag for disabled accounts in test_password()
This API method is used e.g. in HTTP modules which also should respect disabled accounts.
-rw-r--r--plugins/mod_auth_internal_hashed.lua3
-rw-r--r--plugins/mod_auth_internal_plain.lua3
2 files changed, 6 insertions, 0 deletions
diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua
index 4840f431..806eb9bd 100644
--- a/plugins/mod_auth_internal_hashed.lua
+++ b/plugins/mod_auth_internal_hashed.lua
@@ -37,6 +37,9 @@ local provider = {};
function provider.test_password(username, password)
log("debug", "test password for user '%s'", username);
local credentials = accounts:get(username) or {};
+ if credentials.disabled then
+ return nil, "Account disabled.";
+ end
password = saslprep(password);
if not password then
return nil, "Password fails SASLprep.";
diff --git a/plugins/mod_auth_internal_plain.lua b/plugins/mod_auth_internal_plain.lua
index 98df1983..6cced803 100644
--- a/plugins/mod_auth_internal_plain.lua
+++ b/plugins/mod_auth_internal_plain.lua
@@ -22,6 +22,9 @@ local provider = {};
function provider.test_password(username, password)
log("debug", "test password for user '%s'", username);
local credentials = accounts:get(username) or {};
+ if credentials.disabled then
+ return nil, "Account disabled.";
+ end
password = saslprep(password);
if not password then
return nil, "Password fails SASLprep.";