From 71c6728e69c98d7a70ec4ae4ffacb08ae683803f Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sat, 23 May 2020 14:17:04 +0200
Subject: mod_auth_internal_*: Apply saslprep to passwords

Related to #1560
---
 plugins/mod_auth_internal_hashed.lua | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'plugins/mod_auth_internal_hashed.lua')

diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua
index 083f648b..15058098 100644
--- a/plugins/mod_auth_internal_hashed.lua
+++ b/plugins/mod_auth_internal_hashed.lua
@@ -15,6 +15,7 @@ local generate_uuid = require "util.uuid".generate;
 local new_sasl = require "util.sasl".new;
 local hex = require"util.hex";
 local to_hex, from_hex = hex.to, hex.from;
+local saslprep = require "util.encodings".stringprep.saslprep;
 
 local log = module._log;
 local host = module.host;
@@ -32,9 +33,13 @@ local provider = {};
 function provider.test_password(username, password)
 	log("debug", "test password for user '%s'", username);
 	local credentials = accounts:get(username) or {};
+	password = saslprep(password);
+	if not password then
+		return nil, "Password fails SASLprep.";
+	end
 
 	if credentials.password ~= nil and string.len(credentials.password) ~= 0 then
-		if credentials.password ~= password then
+		if saslprep(credentials.password) ~= password then
 			return nil, "Auth failed. Provided password is incorrect.";
 		end
 
-- 
cgit v1.2.3