prosody/core/usermanager.lua

-- Prosody IM
-- Copyright (C) 2008-2009 Matthew Wild
-- Copyright (C) 2008-2009 Waqas Hussain
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--

local datamanager = require "util.datamanager";
local log = require "util.logger".init("usermanager");
local type = type;
local error = error;
local ipairs = ipairs;
local hashes = require "util.hashes";
local jid_bare = require "util.jid".bare;
local config = require "core.configmanager";

module "usermanager"

function validate_credentials(host, username, password, method)
	log("debug", "User '%s' is being validated", username);
	local credentials = datamanager.load(username, host, "accounts") or {};

	if method == nil then method = "PLAIN"; end
	if method == "PLAIN" and credentials.password then -- PLAIN, do directly
		if password == credentials.password then
			return true;
		else
			return nil, "Auth failed. Invalid username or password.";
		end
  end
	-- must do md5
	-- make credentials md5
	local pwd = credentials.password;
	if not pwd then pwd = credentials.md5; else pwd = hashes.md5(pwd, true); end
	-- make password md5
	if method == "PLAIN" then
		password = hashes.md5(password or "", true);
	elseif method ~= "DIGEST-MD5" then
		return nil, "Unsupported auth method";
	end
	-- compare
	if password == pwd then
		return true;
	else
		return nil, "Auth failed. Invalid username or password.";
	end
end

function get_password(username, host)
  return (datamanager.load(username, host, "accounts") or {}).password
end

function user_exists(username, host)
	return datamanager.load(username, host, "accounts") ~= nil; -- FIXME also check for empty credentials
end

function create_user(username, password, host)
	return datamanager.store(username, host, "accounts", {password = password});
end

function get_supported_methods(host)
	return {["PLAIN"] = true, ["DIGEST-MD5"] = true}; -- TODO this should be taken from the config
end

function is_admin(jid, host)
	host = host or "*";
	local admins = config.get(host, "core", "admins");
	if host ~= "*" and admins == config.get("*", "core", "admins") then
		return nil;
	end
	if type(admins) == "table" then
		jid = jid_bare(jid);
		for _,admin in ipairs(admins) do
			if admin == jid then return true; end
		end
	elseif admins then log("warn", "Option 'admins' for host '%s' is not a table", host); end
	return nil;
end

return _M;
Remove version number from copyright headers 17 years ago			`-- Prosody IM`
Update copyright notices for 2009 17 years ago			`-- Copyright (C) 2008-2009 Matthew Wild`
			`-- Copyright (C) 2008-2009 Waqas Hussain`
Switch to using a more generic credentials_callback/handler for SASL auth. Not all authentication mechanisms have the same requirements; it makes sense to provide them only with the information they require (and for them to depend on that) so that as many auth mechanisms as possible can be supported with a variety of credentials-storing schemes. This commit patches that together 17 years ago			`--`
GPL->MIT! 17 years ago			`-- This project is MIT/X11 licensed. Please see the`
			`-- COPYING file in the source package for more information.`
Insert copyright/license headers 17 years ago			`--`

usermanager: Removed an unnecessary global access. 16 years ago			`local datamanager = require "util.datamanager";`
Session destruction fixes, some debugging code while we fix the rest. Also change logger to be more useful. 17 years ago			`local log = require "util.logger".init("usermanager");`
usermanager: Added is_admin(jid) 17 years ago			`local type = type;`
Updated usermanager with DIGEST-MD5 support 17 years ago			`local error = error;`
usermanager: Added is_admin(jid) 17 years ago			`local ipairs = ipairs;`
Updated usermanager with DIGEST-MD5 support 17 years ago			`local hashes = require "util.hashes";`
usermanager: Added is_admin(jid) 17 years ago			`local jid_bare = require "util.jid".bare;`
			`local config = require "core.configmanager";`
Added all the files to please hg :/ 18 years ago
			`module "usermanager"`

Updated usermanager with DIGEST-MD5 support 17 years ago			`function validate_credentials(host, username, password, method)`
Session destruction fixes, some debugging code while we fix the rest. Also change logger to be more useful. 17 years ago			`log("debug", "User '%s' is being validated", username);`
Added all the files to please hg :/ 18 years ago			`local credentials = datamanager.load(username, host, "accounts") or {};`
Switch to using a more generic credentials_callback/handler for SASL auth. Not all authentication mechanisms have the same requirements; it makes sense to provide them only with the information they require (and for them to depend on that) so that as many auth mechanisms as possible can be supported with a variety of credentials-storing schemes. This commit patches that together 17 years ago
Updated usermanager with DIGEST-MD5 support 17 years ago			`if method == nil then method = "PLAIN"; end`
			`if method == "PLAIN" and credentials.password then -- PLAIN, do directly`
			`if password == credentials.password then`
			`return true;`
			`else`
			`return nil, "Auth failed. Invalid username or password.";`
			`end`
Switch to using a more generic credentials_callback/handler for SASL auth. Not all authentication mechanisms have the same requirements; it makes sense to provide them only with the information they require (and for them to depend on that) so that as many auth mechanisms as possible can be supported with a variety of credentials-storing schemes. This commit patches that together 17 years ago			`end`
Updated usermanager with DIGEST-MD5 support 17 years ago			`-- must do md5`
			`-- make credentials md5`
			`local pwd = credentials.password;`
Completely switched to new hashes library from the old md5 library 17 years ago			`if not pwd then pwd = credentials.md5; else pwd = hashes.md5(pwd, true); end`
Updated usermanager with DIGEST-MD5 support 17 years ago			`-- make password md5`
			`if method == "PLAIN" then`
Completely switched to new hashes library from the old md5 library 17 years ago			`password = hashes.md5(password or "", true);`
Updated usermanager with DIGEST-MD5 support 17 years ago			`elseif method ~= "DIGEST-MD5" then`
			`return nil, "Unsupported auth method";`
			`end`
			`-- compare`
			`if password == pwd then`
			`return true;`
			`else`
			`return nil, "Auth failed. Invalid username or password.";`
			`end`
Added all the files to please hg :/ 18 years ago			`end`
SASL! (but before you get too excited, no resource binding yet. And yes, there are still plenty of rough edges to the code...) ((eg. must move <stream:features> out of xmlhandlers.lua o_O )) 18 years ago
Switch to using a more generic credentials_callback/handler for SASL auth. Not all authentication mechanisms have the same requirements; it makes sense to provide them only with the information they require (and for them to depend on that) so that as many auth mechanisms as possible can be supported with a variety of credentials-storing schemes. This commit patches that together 17 years ago			`function get_password(username, host)`
			`return (datamanager.load(username, host, "accounts") or {}).password`
			`end`

User registration, etc (jabber:iq:register) 17 years ago			`function user_exists(username, host)`
Updated usermanager with DIGEST-MD5 support 17 years ago			`return datamanager.load(username, host, "accounts") ~= nil; -- FIXME also check for empty credentials`
User registration, etc (jabber:iq:register) 17 years ago			`end`

			`function create_user(username, password, host)`
			`return datamanager.store(username, host, "accounts", {password = password});`
			`end`

Updated usermanager with DIGEST-MD5 support 17 years ago			`function get_supported_methods(host)`
usermanager: Reduced some code 17 years ago			`return {["PLAIN"] = true, ["DIGEST-MD5"] = true}; -- TODO this should be taken from the config`
Updated usermanager with DIGEST-MD5 support 17 years ago			`end`

usermanager: Changed function is_admin to allow checking for host-specific admins. 16 years ago			`function is_admin(jid, host)`
			`host = host or "*";`
			`local admins = config.get(host, "core", "admins");`
			`if host ~= "" and admins == config.get("", "core", "admins") then`
			`return nil;`
			`end`
usermanager: Added is_admin(jid) 17 years ago			`if type(admins) == "table" then`
			`jid = jid_bare(jid);`
			`for _,admin in ipairs(admins) do`
			`if admin == jid then return true; end`
			`end`
usermanager: Logged a clear warning when the 'admins' option is not a table. 16 years ago			`elseif admins then log("warn", "Option 'admins' for host '%s' is not a table", host); end`
usermanager: Added is_admin(jid) 17 years ago			`return nil;`
			`end`

Updated usermanager with DIGEST-MD5 support 17 years ago			`return _M;`