From 9a55257c45e8a0f6bb9403cfa39f19e34cf07434 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 26 Feb 2020 22:46:15 +0000 Subject: mod_authtokens: Rename to mod_tokenauth for consistency with mod_saslauth --- plugins/mod_tokenauth.lua | 81 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 plugins/mod_tokenauth.lua (limited to 'plugins/mod_tokenauth.lua') diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua new file mode 100644 index 00000000..8e516924 --- /dev/null +++ b/plugins/mod_tokenauth.lua @@ -0,0 +1,81 @@ +local id = require "util.id"; +local jid = require "util.jid"; +local base64 = require "util.encodings".base64; + +local token_store = module:open_store("auth_tokens", "map"); + +function create_jid_token(actor_jid, token_jid, token_scope, token_ttl) + token_jid = jid.prep(token_jid); + if not actor_jid or token_jid ~= actor_jid and not jid.compare(token_jid, actor_jid) then + return nil, "not-authorized"; + end + + local token_username, token_host, token_resource = jid.split(token_jid); + + if token_host ~= module.host then + return nil, "invalid-host"; + end + + local token_info = { + owner = actor_jid; + expires = token_ttl and (os.time() + token_ttl) or nil; + jid = token_jid; + session = { + username = token_username; + host = token_host; + resource = token_resource; + + auth_scope = token_scope; + }; + }; + + local token_id = id.long(); + local token = base64.encode("1;"..token_username.."@"..token_host..";"..token_id); + token_store:set(token_username, token_id, token_info); + + return token, token_info; +end + +local function parse_token(encoded_token) + local token = base64.decode(encoded_token); + if not token then return nil; end + local token_jid, token_id = token:match("^1;([^;]+);(.+)$"); + if not token_jid then return nil; end + local token_user, token_host = jid.split(token_jid); + return token_id, token_user, token_host; +end + +function get_token_info(token) + local token_id, token_user, token_host = parse_token(token); + if not token_id then + return nil, "invalid-token-format"; + end + if token_host ~= module.host then + return nil, "invalid-host"; + end + + local token_info, err = token_store:get(token_user, token_id); + if not token_info then + if err then + return nil, "internal-error"; + end + return nil, "not-authorized"; + end + + if token_info.expires and token_info.expires < os.time() then + return nil, "not-authorized"; + end + + return token_info +end + +function revoke_token(token) + local token_id, token_user, token_host = parse_token(token); + if not token_id then + return nil, "invalid-token-format"; + end + if token_host ~= module.host then + return nil, "invalid-host"; + end + return token_store:set(token_user, token_id, nil); +end -- cgit v1.2.3 From d9782e12a3a1915a0f5ee6508194dca204530b7f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 28 Feb 2020 14:13:04 +0100 Subject: mod_tokenauth: Handle tokens issued to bare hosts (eg components) --- plugins/mod_tokenauth.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/mod_tokenauth.lua') diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua index 8e516924..b023d9f8 100644 --- a/plugins/mod_tokenauth.lua +++ b/plugins/mod_tokenauth.lua @@ -30,7 +30,7 @@ function create_jid_token(actor_jid, token_jid, token_scope, token_ttl) }; local token_id = id.long(); - local token = base64.encode("1;"..token_username.."@"..token_host..";"..token_id); + local token = base64.encode("1;"..jid.join(token_username, token_host)..";"..token_id); token_store:set(token_username, token_id, token_info); return token, token_info; -- cgit v1.2.3 From 62fda5c1f4ea55ead3701bd7054b0ea62f32a9ba Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Fri, 28 Feb 2020 21:55:40 +0000 Subject: mod_tokenauth: Track creation time of tokens --- plugins/mod_tokenauth.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins/mod_tokenauth.lua') diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua index b023d9f8..c04a1aa4 100644 --- a/plugins/mod_tokenauth.lua +++ b/plugins/mod_tokenauth.lua @@ -18,6 +18,7 @@ function create_jid_token(actor_jid, token_jid, token_scope, token_ttl) local token_info = { owner = actor_jid; + created = os.time(); expires = token_ttl and (os.time() + token_ttl) or nil; jid = token_jid; session = { -- cgit v1.2.3