aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_tokenauth.lua
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2023-03-01 13:04:36 +0000
committerMatthew Wild <mwild1@gmail.com>2023-03-01 13:04:36 +0000
commitb435f6d52aa7f4ca3d122bedbfbbb92b9c14ece8 (patch)
treef01a7b764ab2e9476e4cdffa430d52da094329d0 /plugins/mod_tokenauth.lua
parentf3d152eb1bb258c78931a3e4035b0d5fcf6392e1 (diff)
downloadprosody-b435f6d52aa7f4ca3d122bedbfbbb92b9c14ece8.tar.gz
prosody-b435f6d52aa7f4ca3d122bedbfbbb92b9c14ece8.zip
mod_tokenauth: Add SASL handler backend that can accept and verify tokens
This is designed for use by other modules that want to accept tokens issued by mod_tokenauth, without duplicating all the necessary logic.
Diffstat (limited to 'plugins/mod_tokenauth.lua')
-rw-r--r--plugins/mod_tokenauth.lua18
1 files changed, 18 insertions, 0 deletions
diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua
index fa8020bc..8b24bc17 100644
--- a/plugins/mod_tokenauth.lua
+++ b/plugins/mod_tokenauth.lua
@@ -122,3 +122,21 @@ function revoke_token(token)
end
return token_store:set(token_user, token_id, nil);
end
+
+function sasl_handler(auth_provider, purpose, extra)
+ return function (_, username, token, realm)
+ local token_info, err = get_token_info(token);
+ if not token_info then
+ module:log("debug", "SASL handler failed to verify token: %s", err);
+ return nil, nil, extra;
+ end
+ local token_user, token_host = jid.split(token_info.jid);
+ if username ~= token_user or realm ~= token_host or (purpose and token_info.purpose ~= purpose) then
+ return nil, nil, extra;
+ end
+ if auth_provider.is_enabled and not auth_provider.is_enabled(username) then
+ return true, false, token_info;
+ end
+ return true, true, token_info;
+ end;
+end