diff options
| author | Kim Alvefur <zash@zash.se> | 2023-03-16 13:45:49 +0100 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2023-03-16 13:45:49 +0100 |
| commit | 2331fc8b65377e722294b02bcf10d551336e6f6c (patch) | |
| tree | 0a98e6121314373abb1e4e1bbcaeb1305dc891e7 /util/sasl/oauthbearer.lua | |
| parent | 8aecd1981204a28d2ed2754c3d302995722eebcb (diff) | |
| download | prosody-2331fc8b65377e722294b02bcf10d551336e6f6c.tar.gz prosody-2331fc8b65377e722294b02bcf10d551336e6f6c.zip | |
util.sasl.oauthbearer: Adjust parsing of GS2 to allow lack of authzid
Partly copied from util.sasl.scram and then reduced a bit.
Diffstat (limited to 'util/sasl/oauthbearer.lua')
| -rw-r--r-- | util/sasl/oauthbearer.lua | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/util/sasl/oauthbearer.lua b/util/sasl/oauthbearer.lua index 490a205f..7cba5f35 100644 --- a/util/sasl/oauthbearer.lua +++ b/util/sasl/oauthbearer.lua @@ -11,10 +11,11 @@ local function oauthbearer(self, message) return "failure", "not-authorized"; end - local gs2_authzid, kvpairs = message:match("n,a=([^,]+),(.+)$"); - if not gs2_authzid then + local gs2_header, kvpairs = message:match("^(n,[^,]*,),(.+)$"); + if not gs2_header then return "failure", "malformed-request"; end + local gs2_authzid = gs2_header:match("^[^,]*,a=([^,]*),$"); local auth_header; for k, v in kvpairs:gmatch("([a-zA-Z]+)=([\033-\126 \009\r\n]*)\001") do |