diff options
Diffstat (limited to 'util/sasl')
| -rw-r--r-- | util/sasl/oauthbearer.lua | 36 |
1 files changed, 3 insertions, 33 deletions
diff --git a/util/sasl/oauthbearer.lua b/util/sasl/oauthbearer.lua index 939c5385..490a205f 100644 --- a/util/sasl/oauthbearer.lua +++ b/util/sasl/oauthbearer.lua @@ -1,8 +1,4 @@ -local saslprep = require "util.encodings".stringprep.saslprep; -local nodeprep = require "util.encodings".stringprep.nodeprep; -local jid = require "util.jid"; local json = require "util.json"; -local log = require "util.logger".init("sasl"); local _ENV = nil; @@ -32,37 +28,13 @@ local function oauthbearer(self, message) return "failure", "malformed-request"; end - local username = jid.prepped_split(gs2_authzid); - - if not username or username == "" then - return "failure", "malformed-request", "Expected authorization identity in the username@hostname format"; - end - - -- SASLprep username - username = saslprep(username); - - if not username or username == "" then - log("debug", "Username violates SASLprep."); - return "failure", "malformed-request", "Invalid username."; - end - - local _nodeprep = self.profile.nodeprep; - if _nodeprep ~= false then - username = (_nodeprep or nodeprep)(username); - if not username or username == "" then - return "failure", "malformed-request", "Invalid username or password." - end - end - - self.username = username; - local token = auth_header:match("^Bearer (.+)$"); - local correct, state, token_info = self.profile.oauthbearer(self, username, token, self.realm); + local username, state, token_info = self.profile.oauthbearer(self, token, self.realm, gs2_authzid); if state == false then return "failure", "account-disabled"; - elseif state == nil or not correct then + elseif state == nil or not username then -- For token-level errors, RFC 7628 demands use of a JSON-encoded -- challenge response upon failure. We relay additional info from -- the auth backend if available. @@ -72,9 +44,7 @@ local function oauthbearer(self, message) ["openid-configuration"] = token_info and token_info.oidc_discovery_url or nil; }); end - - self.resource = token_info.resource; - self.role = token_info.role; + self.username = username; self.token_info = token_info; return "success"; |