aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_auth_internal_hashed.lua
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2023-02-22 13:27:08 +0100
committerKim Alvefur <zash@zash.se>2023-02-22 13:27:08 +0100
commit01fedfa5be4cb2c0142af1a5012e26507cf035fa (patch)
tree787b35703c16cb7e36a853eee6c5695940c006c0 /plugins/mod_auth_internal_hashed.lua
parent5a3f0becf8a923cd21b5c6bc52b496b6e4b38179 (diff)
downloadprosody-01fedfa5be4cb2c0142af1a5012e26507cf035fa.tar.gz
prosody-01fedfa5be4cb2c0142af1a5012e26507cf035fa.zip
mod_auth_internal_hashed: Refactor to prepare for disabling users
Moving this out will make space for a dynamic check whether a particular user is disabled or not, which is one possible response to abuse of account privileges.
Diffstat (limited to 'plugins/mod_auth_internal_hashed.lua')
-rw-r--r--plugins/mod_auth_internal_hashed.lua9
1 files changed, 7 insertions, 2 deletions
diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua
index ddff31e9..97e85f54 100644
--- a/plugins/mod_auth_internal_hashed.lua
+++ b/plugins/mod_auth_internal_hashed.lua
@@ -110,6 +110,11 @@ function provider.user_exists(username)
return true;
end
+function provider.is_enabled(username) -- luacheck: ignore 212
+ -- TODO look up somewhere and allow disabling
+ return true;
+end
+
function provider.users()
return accounts:users();
end
@@ -140,7 +145,7 @@ end
function provider.get_sasl_handler()
local testpass_authentication_profile = {
plain_test = function(_, username, password, realm)
- return usermanager.test_password(username, realm, password), true;
+ return usermanager.test_password(username, realm, password), provider.is_enabled(username);
end,
[scram_name] = function(_, username)
local credentials = accounts:get(username);
@@ -157,7 +162,7 @@ function provider.get_sasl_handler()
local iteration_count, salt = credentials.iteration_count, credentials.salt;
stored_key = stored_key and from_hex(stored_key);
server_key = server_key and from_hex(server_key);
- return stored_key, server_key, iteration_count, salt, true;
+ return stored_key, server_key, iteration_count, salt, provider.is_enabled(username);
end
};
return new_sasl(host, testpass_authentication_profile);