aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_defaultauth.lua
diff options
context:
space:
mode:
authorJeff Mitchell <jeff@jefferai.org>2010-05-20 18:06:21 -0400
committerJeff Mitchell <jeff@jefferai.org>2010-05-20 18:06:21 -0400
commit753e5f839b606fd3992678d5d7bb7d2916040e86 (patch)
tree5b7f52abf9c3ac3964c91625b477bb179a4938ef /plugins/mod_defaultauth.lua
parent35157928fba9e8b389bd07fa2f91b70105d053c6 (diff)
downloadprosody-753e5f839b606fd3992678d5d7bb7d2916040e86.tar.gz
prosody-753e5f839b606fd3992678d5d7bb7d2916040e86.zip
Working defaultauth
Diffstat (limited to 'plugins/mod_defaultauth.lua')
-rw-r--r--plugins/mod_defaultauth.lua96
1 files changed, 96 insertions, 0 deletions
diff --git a/plugins/mod_defaultauth.lua b/plugins/mod_defaultauth.lua
new file mode 100644
index 00000000..6782ae09
--- /dev/null
+++ b/plugins/mod_defaultauth.lua
@@ -0,0 +1,96 @@
+-- Prosody IM
+-- Copyright (C) 2008-2010 Matthew Wild
+-- Copyright (C) 2008-2010 Waqas Hussain
+-- Copyright (C) 2010 Jeff Mitchell
+--
+-- This project is MIT/X11 licensed. Please see the
+-- COPYING file in the source package for more information.
+--
+
+local datamanager = require "util.datamanager";
+local log = require "util.logger".init("usermanager");
+local type = type;
+local error = error;
+local ipairs = ipairs;
+local hashes = require "util.hashes";
+local jid_bare = require "util.jid".bare;
+local config = require "core.configmanager";
+local usermanager = require "core.usermanager";
+local hosts = hosts;
+
+local prosody = _G.prosody;
+
+local is_cyrus = usermanager.is_cyrus;
+
+function new_default_provider(host)
+ local provider = { name = "default" };
+ log("debug", "initializing default authentication provider for host '%s'", host);
+
+ function provider.test_password(username, password)
+ log("debug", "test password '%s' for user %s at host %s", password, username, module.host);
+ if is_cyrus(host) then return nil, "Legacy auth not supported with Cyrus SASL."; end
+ local credentials = datamanager.load(username, host, "accounts") or {};
+
+ if password == credentials.password then
+ return true;
+ else
+ return nil, "Auth failed. Invalid username or password.";
+ end
+ end
+
+ function provider.get_password(username)
+ log("debug", "get_password for username '%s' at host '%s'", username, module.host);
+ if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end
+ return (datamanager.load(username, host, "accounts") or {}).password;
+ end
+
+ function provider.set_password(username, password)
+ if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end
+ local account = datamanager.load(username, host, "accounts");
+ if account then
+ account.password = password;
+ return datamanager.store(username, host, "accounts", account);
+ end
+ return nil, "Account not available.";
+ end
+
+ function provider.user_exists(username)
+ if is_cyrus(host) then return true; end
+ local account = datamanager.load(username, host, "accounts");
+ if not account then
+ log("debug", "account not found for username '%s' at host '%s'", username, module.host);
+ return nil, "Auth failed. Invalid username";
+ end
+ if account.password == nil or string.len(account.password) == 0 then
+ log("debug", "account password not set or zero-length for username '%s' at host '%s'", username, module.host);
+ return nil, "Auth failed. Password invalid.";
+ end
+ return true;
+ end
+
+ function provider.create_user(username, password)
+ if is_cyrus(host) then return nil, "Account creation/modification not available with Cyrus SASL."; end
+ return datamanager.store(username, host, "accounts", {password = password});
+ end
+
+ function provider.get_supported_methods()
+ return {["PLAIN"] = true, ["DIGEST-MD5"] = true}; -- TODO this should be taken from the config
+ end
+
+ function provider.is_admin(jid)
+ local admins = config.get(host, "core", "admins");
+ if admins ~= config.get("*", "core", "admins") and type(admins) == "table" then
+ jid = jid_bare(jid);
+ for _,admin in ipairs(admins) do
+ if admin == jid then return true; end
+ end
+ elseif admins then
+ log("error", "Option 'admins' for host '%s' is not a table", host);
+ end
+ return is_admin(jid); -- Test whether it's a global admin instead
+ end
+ return provider;
+end
+
+module:add_item("auth-provider", new_default_provider(module.host));
+