aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_auth_internal_plain.lua
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2020-05-23 14:17:04 +0200
committerKim Alvefur <zash@zash.se>2020-05-23 14:17:04 +0200
commit71c6728e69c98d7a70ec4ae4ffacb08ae683803f (patch)
treea249dec1a21ea653597ecba2e941089a3f886369 /plugins/mod_auth_internal_plain.lua
parenta7083d1dedda96bce48c84a5f348c10714ff7d69 (diff)
downloadprosody-71c6728e69c98d7a70ec4ae4ffacb08ae683803f.tar.gz
prosody-71c6728e69c98d7a70ec4ae4ffacb08ae683803f.zip
mod_auth_internal_*: Apply saslprep to passwords
Related to #1560
Diffstat (limited to 'plugins/mod_auth_internal_plain.lua')
-rw-r--r--plugins/mod_auth_internal_plain.lua15
1 files changed, 14 insertions, 1 deletions
diff --git a/plugins/mod_auth_internal_plain.lua b/plugins/mod_auth_internal_plain.lua
index 276efb64..56ef52d5 100644
--- a/plugins/mod_auth_internal_plain.lua
+++ b/plugins/mod_auth_internal_plain.lua
@@ -8,6 +8,7 @@
local usermanager = require "core.usermanager";
local new_sasl = require "util.sasl".new;
+local saslprep = require "util.encodings".stringprep.saslprep;
local log = module._log;
local host = module.host;
@@ -20,8 +21,12 @@ local provider = {};
function provider.test_password(username, password)
log("debug", "test password for user '%s'", username);
local credentials = accounts:get(username) or {};
+ password = saslprep(password);
+ if not password then
+ return nil, "Password fails SASLprep.";
+ end
- if password == credentials.password then
+ if password == saslprep(credentials.password) then
return true;
else
return nil, "Auth failed. Invalid username or password.";
@@ -35,6 +40,10 @@ end
function provider.set_password(username, password)
log("debug", "set_password for username '%s'", username);
+ password = saslprep(password);
+ if not password then
+ return nil, "Password fails SASLprep.";
+ end
local account = accounts:get(username);
if account then
account.password = password;
@@ -57,6 +66,10 @@ function provider.users()
end
function provider.create_user(username, password)
+ password = saslprep(password);
+ if not password then
+ return nil, "Password fails SASLprep.";
+ end
return accounts:set(username, {password = password});
end