diff options
| author | Matthew Wild <mwild1@gmail.com> | 2023-03-01 13:04:36 +0000 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2023-03-01 13:04:36 +0000 |
| commit | b435f6d52aa7f4ca3d122bedbfbbb92b9c14ece8 (patch) | |
| tree | f01a7b764ab2e9476e4cdffa430d52da094329d0 /plugins/mod_tokenauth.lua | |
| parent | f3d152eb1bb258c78931a3e4035b0d5fcf6392e1 (diff) | |
| download | prosody-b435f6d52aa7f4ca3d122bedbfbbb92b9c14ece8.tar.gz prosody-b435f6d52aa7f4ca3d122bedbfbbb92b9c14ece8.zip | |
mod_tokenauth: Add SASL handler backend that can accept and verify tokens
This is designed for use by other modules that want to accept tokens issued
by mod_tokenauth, without duplicating all the necessary logic.
Diffstat (limited to 'plugins/mod_tokenauth.lua')
| -rw-r--r-- | plugins/mod_tokenauth.lua | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua index fa8020bc..8b24bc17 100644 --- a/plugins/mod_tokenauth.lua +++ b/plugins/mod_tokenauth.lua @@ -122,3 +122,21 @@ function revoke_token(token) end return token_store:set(token_user, token_id, nil); end + +function sasl_handler(auth_provider, purpose, extra) + return function (_, username, token, realm) + local token_info, err = get_token_info(token); + if not token_info then + module:log("debug", "SASL handler failed to verify token: %s", err); + return nil, nil, extra; + end + local token_user, token_host = jid.split(token_info.jid); + if username ~= token_user or realm ~= token_host or (purpose and token_info.purpose ~= purpose) then + return nil, nil, extra; + end + if auth_provider.is_enabled and not auth_provider.is_enabled(username) then + return true, false, token_info; + end + return true, true, token_info; + end; +end |