diff options
Diffstat (limited to 'plugins/mod_auth_internal_hashed.lua')
| -rw-r--r-- | plugins/mod_auth_internal_hashed.lua | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua index e2c423f2..9cffcc6e 100644 --- a/plugins/mod_auth_internal_hashed.lua +++ b/plugins/mod_auth_internal_hashed.lua @@ -18,6 +18,8 @@ local saltedPasswordSHA1 = require "util.sasl.scram".saltedPasswordSHA1; local config = require "core.configmanager"; local usermanager = require "core.usermanager"; local generate_uuid = require "util.uuid".generate; +local new_sasl = require "util.sasl".new; +local nodeprep = require "util.encodings".stringprep.nodeprep; local hosts = hosts; local prosody = _G.prosody; @@ -105,8 +107,29 @@ function new_hashpass_provider(host) return datamanager.store(username, host, "accounts", {hashpass = hexpass, salt = salt, iteration_count = iteration_count}); end - function provider.get_supported_methods() - return {["PLAIN"] = true}; -- TODO this should be taken from the config + function provider.get_sasl_handler() + local realm = module:get_option("sasl_realm") or module.host; + local testpass_authentication_profile = { + plain_test = function(username, password, realm) + local prepped_username = nodeprep(username); + if not prepped_username then + log("debug", "NODEprep failed on username: %s", username); + return "", nil; + end + return usermanager.test_password(prepped_username, password, realm), true; + end, + scram_sha_1 = function(username, realm) + local credentials = datamanager.load(username, host, "accounts") or {}; + if credentials.password then + usermanager.set_password(username, credentials.password); + credentials = datamanager.load(username, host, "accounts") or {}; + end + local salted_password, iteration_count, salt = credentials.hashpass, credentials.iteration_count, credentials.salt; + salted_password = salted_password and salted_password:gsub("..", function(x) return string.char(tonumber(x, 16)); end); + return salted_password, iteration_count, salt, true; + end + }; + return new_sasl(realm, testpass_authentication_profile); end function provider.is_admin(jid) |