diff options
author | Kim Alvefur <zash@zash.se> | 2020-05-23 14:17:04 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2020-05-23 14:17:04 +0200 |
commit | 71c6728e69c98d7a70ec4ae4ffacb08ae683803f (patch) | |
tree | a249dec1a21ea653597ecba2e941089a3f886369 /plugins/mod_auth_internal_plain.lua | |
parent | a7083d1dedda96bce48c84a5f348c10714ff7d69 (diff) | |
download | prosody-71c6728e69c98d7a70ec4ae4ffacb08ae683803f.tar.gz prosody-71c6728e69c98d7a70ec4ae4ffacb08ae683803f.zip |
mod_auth_internal_*: Apply saslprep to passwords
Related to #1560
Diffstat (limited to 'plugins/mod_auth_internal_plain.lua')
-rw-r--r-- | plugins/mod_auth_internal_plain.lua | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/plugins/mod_auth_internal_plain.lua b/plugins/mod_auth_internal_plain.lua index 276efb64..56ef52d5 100644 --- a/plugins/mod_auth_internal_plain.lua +++ b/plugins/mod_auth_internal_plain.lua @@ -8,6 +8,7 @@ local usermanager = require "core.usermanager"; local new_sasl = require "util.sasl".new; +local saslprep = require "util.encodings".stringprep.saslprep; local log = module._log; local host = module.host; @@ -20,8 +21,12 @@ local provider = {}; function provider.test_password(username, password) log("debug", "test password for user '%s'", username); local credentials = accounts:get(username) or {}; + password = saslprep(password); + if not password then + return nil, "Password fails SASLprep."; + end - if password == credentials.password then + if password == saslprep(credentials.password) then return true; else return nil, "Auth failed. Invalid username or password."; @@ -35,6 +40,10 @@ end function provider.set_password(username, password) log("debug", "set_password for username '%s'", username); + password = saslprep(password); + if not password then + return nil, "Password fails SASLprep."; + end local account = accounts:get(username); if account then account.password = password; @@ -57,6 +66,10 @@ function provider.users() end function provider.create_user(username, password) + password = saslprep(password); + if not password then + return nil, "Password fails SASLprep."; + end return accounts:set(username, {password = password}); end |