prosody/plugins/mod_legacyauth.lua

-- Prosody IM v0.2
-- Copyright (C) 2008 Matthew Wild
-- Copyright (C) 2008 Waqas Hussain
-- 
-- This program is free software; you can redistribute it and/or
-- modify it under the terms of the GNU General Public License
-- as published by the Free Software Foundation; either version 2
-- of the License, or (at your option) any later version.
-- 
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-- GNU General Public License for more details.
-- 
-- You should have received a copy of the GNU General Public License
-- along with this program; if not, write to the Free Software
-- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--


local st = require "util.stanza";
local t_concat = table.concat;

module:add_feature("jabber:iq:auth");

module:add_iq_handler("c2s_unauthed", "jabber:iq:auth", 
		function (session, stanza)
			local username = stanza.tags[1]:child_with_name("username");
			local password = stanza.tags[1]:child_with_name("password");
			local resource = stanza.tags[1]:child_with_name("resource");
			if not (username and password and resource) then
				local reply = st.reply(stanza);
				session.send(reply:query("jabber:iq:auth")
					:tag("username"):up()
					:tag("password"):up()
					:tag("resource"):up());
				return true;			
			else
				username, password, resource = t_concat(username), t_concat(password), t_concat(resource);
				local reply = st.reply(stanza);
				require "core.usermanager"
				if usermanager.validate_credentials(session.host, username, password) then
					-- Authentication successful!
					local success, err = sessionmanager.make_authenticated(session, username);
					if success then
						local err_type, err_msg;
						success, err_type, err, err_msg = sessionmanager.bind_resource(session, resource);
						if not success then
							session.send(st.error_reply(stanza, err_type, err, err_msg));
							return true;
						end
					end
					session.send(st.reply(stanza));
					return true;
				else
					local reply = st.reply(stanza);
					reply.attr.type = "error";
					reply:tag("error", { code = "401", type = "auth" })
						:tag("not-authorized", { xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas" });
					session.send(reply);
					return true;
				end
			end
			
		end);
0.1 -> 0.2 17 years ago			`-- Prosody IM v0.2`
Insert copyright/license headers 17 years ago			`-- Copyright (C) 2008 Matthew Wild`
			`-- Copyright (C) 2008 Waqas Hussain`
			`--`
			`-- This program is free software; you can redistribute it and/or`
			`-- modify it under the terms of the GNU General Public License`
			`-- as published by the Free Software Foundation; either version 2`
			`-- of the License, or (at your option) any later version.`
			`--`
			`-- This program is distributed in the hope that it will be useful,`
			`-- but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`-- GNU General Public License for more details.`
			`--`
			`-- You should have received a copy of the GNU General Public License`
			`-- along with this program; if not, write to the Free Software`
			`-- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.`
			`--`


Huge commit to: * Break stanza routing (to be restored in a future commit) * Remove the old stanza_dispatcher code, which was never going to be maintainable nor extendable :) * Bring us plugins, starting with mod_legacyauth and mod_roster * Sessions are now created/destroyed using a standard sessionmanager interface 18 years ago
			`local st = require "util.stanza";`
			`local t_concat = table.concat;`

Change modules to use the new add_feature module API method. This also fixes the bug causing disco features being added to every disco reply for every host. 17 years ago			`module:add_feature("jabber:iq:auth");`
Modules now sending disco replies 17 years ago
Bumper commit for the new modulemanager API \o/ Updates all the modules, though some more changes may be in store. 17 years ago			`module:add_iq_handler("c2s_unauthed", "jabber:iq:auth",`
Huge commit to: * Break stanza routing (to be restored in a future commit) * Remove the old stanza_dispatcher code, which was never going to be maintainable nor extendable :) * Bring us plugins, starting with mod_legacyauth and mod_roster * Sessions are now created/destroyed using a standard sessionmanager interface 18 years ago			`function (session, stanza)`
			`local username = stanza.tags[1]:child_with_name("username");`
			`local password = stanza.tags[1]:child_with_name("password");`
			`local resource = stanza.tags[1]:child_with_name("resource");`
			`if not (username and password and resource) then`
			`local reply = st.reply(stanza);`
Fixed mod_legacyauth to use session.send for sending stanzas 17 years ago			`session.send(reply:query("jabber:iq:auth")`
Huge commit to: * Break stanza routing (to be restored in a future commit) * Remove the old stanza_dispatcher code, which was never going to be maintainable nor extendable :) * Bring us plugins, starting with mod_legacyauth and mod_roster * Sessions are now created/destroyed using a standard sessionmanager interface 18 years ago			`:tag("username"):up()`
			`:tag("password"):up()`
			`:tag("resource"):up());`
			`return true;`
			`else`
			`username, password, resource = t_concat(username), t_concat(password), t_concat(resource);`
			`local reply = st.reply(stanza);`
			`require "core.usermanager"`
			`if usermanager.validate_credentials(session.host, username, password) then`
			`-- Authentication successful!`
SASL! (but before you get too excited, no resource binding yet. And yes, there are still plenty of rough edges to the code...) ((eg. must move <stream:features> out of xmlhandlers.lua o_O )) 18 years ago			`local success, err = sessionmanager.make_authenticated(session, username);`
			`if success then`
Code cleanup for resource binding 17 years ago			`local err_type, err_msg;`
			`success, err_type, err, err_msg = sessionmanager.bind_resource(session, resource);`
SASL! (but before you get too excited, no resource binding yet. And yes, there are still plenty of rough edges to the code...) ((eg. must move <stream:features> out of xmlhandlers.lua o_O )) 18 years ago			`if not success then`
Code cleanup for resource binding 17 years ago			`session.send(st.error_reply(stanza, err_type, err, err_msg));`
SASL! (but before you get too excited, no resource binding yet. And yes, there are still plenty of rough edges to the code...) ((eg. must move <stream:features> out of xmlhandlers.lua o_O )) 18 years ago			`return true;`
			`end`
Huge commit to: * Break stanza routing (to be restored in a future commit) * Remove the old stanza_dispatcher code, which was never going to be maintainable nor extendable :) * Bring us plugins, starting with mod_legacyauth and mod_roster * Sessions are now created/destroyed using a standard sessionmanager interface 18 years ago			`end`
Fixed mod_legacyauth to use session.send for sending stanzas 17 years ago			`session.send(st.reply(stanza));`
Huge commit to: * Break stanza routing (to be restored in a future commit) * Remove the old stanza_dispatcher code, which was never going to be maintainable nor extendable :) * Bring us plugins, starting with mod_legacyauth and mod_roster * Sessions are now created/destroyed using a standard sessionmanager interface 18 years ago			`return true;`
			`else`
			`local reply = st.reply(stanza);`
			`reply.attr.type = "error";`
			`reply:tag("error", { code = "401", type = "auth" })`
			`:tag("not-authorized", { xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas" });`
Fixed mod_legacyauth to use session.send for sending stanzas 17 years ago			`session.send(reply);`
Huge commit to: * Break stanza routing (to be restored in a future commit) * Remove the old stanza_dispatcher code, which was never going to be maintainable nor extendable :) * Bring us plugins, starting with mod_legacyauth and mod_roster * Sessions are now created/destroyed using a standard sessionmanager interface 18 years ago			`return true;`
			`end`
			`end`

Bumper commit for the new modulemanager API \o/ Updates all the modules, though some more changes may be in store. 17 years ago			`end);`