diff options
-rw-r--r-- | util/sasl/anonymous.lua | 4 | ||||
-rw-r--r-- | util/sasl/oauthbearer.lua | 5 |
2 files changed, 5 insertions, 4 deletions
diff --git a/util/sasl/anonymous.lua b/util/sasl/anonymous.lua index de98a5e2..089f038f 100644 --- a/util/sasl/anonymous.lua +++ b/util/sasl/anonymous.lua @@ -33,8 +33,8 @@ local function anonymous(self, message) -- luacheck: ignore 212/message local username; repeat username = generate_random_id():lower(); - until self.profile.anonymous(self, username, self.realm); - self.username = username; + self.username = username; + until self.profile.anonymous(self, username, self.realm, message); return "success" end diff --git a/util/sasl/oauthbearer.lua b/util/sasl/oauthbearer.lua index 490a205f..7cba5f35 100644 --- a/util/sasl/oauthbearer.lua +++ b/util/sasl/oauthbearer.lua @@ -11,10 +11,11 @@ local function oauthbearer(self, message) return "failure", "not-authorized"; end - local gs2_authzid, kvpairs = message:match("n,a=([^,]+),(.+)$"); - if not gs2_authzid then + local gs2_header, kvpairs = message:match("^(n,[^,]*,),(.+)$"); + if not gs2_header then return "failure", "malformed-request"; end + local gs2_authzid = gs2_header:match("^[^,]*,a=([^,]*),$"); local auth_header; for k, v in kvpairs:gmatch("([a-zA-Z]+)=([\033-\126 \009\r\n]*)\001") do |