diff options
| author | Kim Alvefur <zash@zash.se> | 2023-12-01 23:43:18 +0100 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2023-12-01 23:43:18 +0100 |
| commit | 3fbec27699fe712b175ef17a8f20da9e61095d06 (patch) | |
| tree | bbf3026f17a06f0c1daf956971d520cf4c171ae4 | |
| parent | a26b39e1b72f2c4d1fbecb9e91479f5c3d092a54 (diff) | |
| download | prosody-3fbec27699fe712b175ef17a8f20da9e61095d06.tar.gz prosody-3fbec27699fe712b175ef17a8f20da9e61095d06.zip | |
mod_saslauth: Fire event at start of authentication attempt
As extension point for rate limiting and similar checks, so they can
hook a single event instead of <{sasl1}auth> or stream features, which
might not be fired in case of SASL2 or e.g. HTTP based login.
| -rw-r--r-- | plugins/mod_saslauth.lua | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 8b85ca41..4cdbfe67 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -215,6 +215,12 @@ module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:auth", function(event) if session.type ~= "c2s_unauthed" or module:get_host_type() ~= "local" then return; end + -- event for preemptive checks, rate limiting etc + module:fire_event("authentication-attempt", event); + if event.allowed == false then + session.send(build_reply("failure", event.error_condition or "not-authorized", event.error_text)); + return true; + end if session.sasl_handler and session.sasl_handler.selected then session.sasl_handler = nil; -- allow starting a new SASL negotiation before completing an old one end |