aboutsummaryrefslogtreecommitdiffstats
path: root/util/sasl
diff options
context:
space:
mode:
Diffstat (limited to 'util/sasl')
-rw-r--r--util/sasl/oauthbearer.lua36
1 files changed, 3 insertions, 33 deletions
diff --git a/util/sasl/oauthbearer.lua b/util/sasl/oauthbearer.lua
index 939c5385..490a205f 100644
--- a/util/sasl/oauthbearer.lua
+++ b/util/sasl/oauthbearer.lua
@@ -1,8 +1,4 @@
-local saslprep = require "util.encodings".stringprep.saslprep;
-local nodeprep = require "util.encodings".stringprep.nodeprep;
-local jid = require "util.jid";
local json = require "util.json";
-local log = require "util.logger".init("sasl");
local _ENV = nil;
@@ -32,37 +28,13 @@ local function oauthbearer(self, message)
return "failure", "malformed-request";
end
- local username = jid.prepped_split(gs2_authzid);
-
- if not username or username == "" then
- return "failure", "malformed-request", "Expected authorization identity in the username@hostname format";
- end
-
- -- SASLprep username
- username = saslprep(username);
-
- if not username or username == "" then
- log("debug", "Username violates SASLprep.");
- return "failure", "malformed-request", "Invalid username.";
- end
-
- local _nodeprep = self.profile.nodeprep;
- if _nodeprep ~= false then
- username = (_nodeprep or nodeprep)(username);
- if not username or username == "" then
- return "failure", "malformed-request", "Invalid username or password."
- end
- end
-
- self.username = username;
-
local token = auth_header:match("^Bearer (.+)$");
- local correct, state, token_info = self.profile.oauthbearer(self, username, token, self.realm);
+ local username, state, token_info = self.profile.oauthbearer(self, token, self.realm, gs2_authzid);
if state == false then
return "failure", "account-disabled";
- elseif state == nil or not correct then
+ elseif state == nil or not username then
-- For token-level errors, RFC 7628 demands use of a JSON-encoded
-- challenge response upon failure. We relay additional info from
-- the auth backend if available.
@@ -72,9 +44,7 @@ local function oauthbearer(self, message)
["openid-configuration"] = token_info and token_info.oidc_discovery_url or nil;
});
end
-
- self.resource = token_info.resource;
- self.role = token_info.role;
+ self.username = username;
self.token_info = token_info;
return "success";