aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_auth_internal_hashed.lua
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/mod_auth_internal_hashed.lua')
-rw-r--r--plugins/mod_auth_internal_hashed.lua27
1 files changed, 25 insertions, 2 deletions
diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua
index e2c423f2..9cffcc6e 100644
--- a/plugins/mod_auth_internal_hashed.lua
+++ b/plugins/mod_auth_internal_hashed.lua
@@ -18,6 +18,8 @@ local saltedPasswordSHA1 = require "util.sasl.scram".saltedPasswordSHA1;
local config = require "core.configmanager";
local usermanager = require "core.usermanager";
local generate_uuid = require "util.uuid".generate;
+local new_sasl = require "util.sasl".new;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
local hosts = hosts;
local prosody = _G.prosody;
@@ -105,8 +107,29 @@ function new_hashpass_provider(host)
return datamanager.store(username, host, "accounts", {hashpass = hexpass, salt = salt, iteration_count = iteration_count});
end
- function provider.get_supported_methods()
- return {["PLAIN"] = true}; -- TODO this should be taken from the config
+ function provider.get_sasl_handler()
+ local realm = module:get_option("sasl_realm") or module.host;
+ local testpass_authentication_profile = {
+ plain_test = function(username, password, realm)
+ local prepped_username = nodeprep(username);
+ if not prepped_username then
+ log("debug", "NODEprep failed on username: %s", username);
+ return "", nil;
+ end
+ return usermanager.test_password(prepped_username, password, realm), true;
+ end,
+ scram_sha_1 = function(username, realm)
+ local credentials = datamanager.load(username, host, "accounts") or {};
+ if credentials.password then
+ usermanager.set_password(username, credentials.password);
+ credentials = datamanager.load(username, host, "accounts") or {};
+ end
+ local salted_password, iteration_count, salt = credentials.hashpass, credentials.iteration_count, credentials.salt;
+ salted_password = salted_password and salted_password:gsub("..", function(x) return string.char(tonumber(x, 16)); end);
+ return salted_password, iteration_count, salt, true;
+ end
+ };
+ return new_sasl(realm, testpass_authentication_profile);
end
function provider.is_admin(jid)