From 71c6728e69c98d7a70ec4ae4ffacb08ae683803f Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sat, 23 May 2020 14:17:04 +0200
Subject: mod_auth_internal_*: Apply saslprep to passwords

Related to #1560
---
 plugins/mod_auth_internal_plain.lua | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'plugins/mod_auth_internal_plain.lua')

diff --git a/plugins/mod_auth_internal_plain.lua b/plugins/mod_auth_internal_plain.lua
index 276efb64..56ef52d5 100644
--- a/plugins/mod_auth_internal_plain.lua
+++ b/plugins/mod_auth_internal_plain.lua
@@ -8,6 +8,7 @@
 
 local usermanager = require "core.usermanager";
 local new_sasl = require "util.sasl".new;
+local saslprep = require "util.encodings".stringprep.saslprep;
 
 local log = module._log;
 local host = module.host;
@@ -20,8 +21,12 @@ local provider = {};
 function provider.test_password(username, password)
 	log("debug", "test password for user '%s'", username);
 	local credentials = accounts:get(username) or {};
+	password = saslprep(password);
+	if not password then
+		return nil, "Password fails SASLprep.";
+	end
 
-	if password == credentials.password then
+	if password == saslprep(credentials.password) then
 		return true;
 	else
 		return nil, "Auth failed. Invalid username or password.";
@@ -35,6 +40,10 @@ end
 
 function provider.set_password(username, password)
 	log("debug", "set_password for username '%s'", username);
+	password = saslprep(password);
+	if not password then
+		return nil, "Password fails SASLprep.";
+	end
 	local account = accounts:get(username);
 	if account then
 		account.password = password;
@@ -57,6 +66,10 @@ function provider.users()
 end
 
 function provider.create_user(username, password)
+	password = saslprep(password);
+	if not password then
+		return nil, "Password fails SASLprep.";
+	end
 	return accounts:set(username, {password = password});
 end
 
-- 
cgit v1.2.3