diff options
author | Kim Alvefur <zash@zash.se> | 2023-02-22 13:27:08 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2023-02-22 13:27:08 +0100 |
commit | 01fedfa5be4cb2c0142af1a5012e26507cf035fa (patch) | |
tree | 787b35703c16cb7e36a853eee6c5695940c006c0 /plugins/mod_auth_internal_hashed.lua | |
parent | 5a3f0becf8a923cd21b5c6bc52b496b6e4b38179 (diff) | |
download | prosody-01fedfa5be4cb2c0142af1a5012e26507cf035fa.tar.gz prosody-01fedfa5be4cb2c0142af1a5012e26507cf035fa.zip |
mod_auth_internal_hashed: Refactor to prepare for disabling users
Moving this out will make space for a dynamic check whether a particular
user is disabled or not, which is one possible response to abuse of
account privileges.
Diffstat (limited to 'plugins/mod_auth_internal_hashed.lua')
-rw-r--r-- | plugins/mod_auth_internal_hashed.lua | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua index ddff31e9..97e85f54 100644 --- a/plugins/mod_auth_internal_hashed.lua +++ b/plugins/mod_auth_internal_hashed.lua @@ -110,6 +110,11 @@ function provider.user_exists(username) return true; end +function provider.is_enabled(username) -- luacheck: ignore 212 + -- TODO look up somewhere and allow disabling + return true; +end + function provider.users() return accounts:users(); end @@ -140,7 +145,7 @@ end function provider.get_sasl_handler() local testpass_authentication_profile = { plain_test = function(_, username, password, realm) - return usermanager.test_password(username, realm, password), true; + return usermanager.test_password(username, realm, password), provider.is_enabled(username); end, [scram_name] = function(_, username) local credentials = accounts:get(username); @@ -157,7 +162,7 @@ function provider.get_sasl_handler() local iteration_count, salt = credentials.iteration_count, credentials.salt; stored_key = stored_key and from_hex(stored_key); server_key = server_key and from_hex(server_key); - return stored_key, server_key, iteration_count, salt, true; + return stored_key, server_key, iteration_count, salt, provider.is_enabled(username); end }; return new_sasl(host, testpass_authentication_profile); |