aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2023-12-01 23:43:18 +0100
committerKim Alvefur <zash@zash.se>2023-12-01 23:43:18 +0100
commit3fbec27699fe712b175ef17a8f20da9e61095d06 (patch)
treebbf3026f17a06f0c1daf956971d520cf4c171ae4
parenta26b39e1b72f2c4d1fbecb9e91479f5c3d092a54 (diff)
downloadprosody-3fbec27699fe712b175ef17a8f20da9e61095d06.tar.gz
prosody-3fbec27699fe712b175ef17a8f20da9e61095d06.zip
mod_saslauth: Fire event at start of authentication attempt
As extension point for rate limiting and similar checks, so they can hook a single event instead of <{sasl1}auth> or stream features, which might not be fired in case of SASL2 or e.g. HTTP based login.
-rw-r--r--plugins/mod_saslauth.lua6
1 files changed, 6 insertions, 0 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 8b85ca41..4cdbfe67 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -215,6 +215,12 @@ module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:auth", function(event)
if session.type ~= "c2s_unauthed" or module:get_host_type() ~= "local" then return; end
+ -- event for preemptive checks, rate limiting etc
+ module:fire_event("authentication-attempt", event);
+ if event.allowed == false then
+ session.send(build_reply("failure", event.error_condition or "not-authorized", event.error_text));
+ return true;
+ end
if session.sasl_handler and session.sasl_handler.selected then
session.sasl_handler = nil; -- allow starting a new SASL negotiation before completing an old one
end