From 04f45b1afabb85163f72febd6000038102457812 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Fri, 9 Aug 2024 20:23:46 +0200
Subject: mod_auth_internal_{hashed,plain}: Respect flag for disabled accounts
 in test_password()

This API method is used e.g. in HTTP modules which also should respect
disabled accounts.
---
 plugins/mod_auth_internal_hashed.lua | 3 +++
 plugins/mod_auth_internal_plain.lua  | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua
index 4840f431..806eb9bd 100644
--- a/plugins/mod_auth_internal_hashed.lua
+++ b/plugins/mod_auth_internal_hashed.lua
@@ -37,6 +37,9 @@ local provider = {};
 function provider.test_password(username, password)
 	log("debug", "test password for user '%s'", username);
 	local credentials = accounts:get(username) or {};
+	if credentials.disabled then
+		return nil, "Account disabled.";
+	end
 	password = saslprep(password);
 	if not password then
 		return nil, "Password fails SASLprep.";
diff --git a/plugins/mod_auth_internal_plain.lua b/plugins/mod_auth_internal_plain.lua
index 98df1983..6cced803 100644
--- a/plugins/mod_auth_internal_plain.lua
+++ b/plugins/mod_auth_internal_plain.lua
@@ -22,6 +22,9 @@ local provider = {};
 function provider.test_password(username, password)
 	log("debug", "test password for user '%s'", username);
 	local credentials = accounts:get(username) or {};
+	if credentials.disabled then
+		return nil, "Account disabled.";
+	end
 	password = saslprep(password);
 	if not password then
 		return nil, "Password fails SASLprep.";
-- 
cgit v1.2.3