prosody/plugins/mod_legacyauth.lua

-- Prosody IM
-- Copyright (C) 2008-2009 Matthew Wild
-- Copyright (C) 2008-2009 Waqas Hussain
-- 
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--


local st = require "util.stanza";
local t_concat = table.concat;

local secure_auth_only = module:get_option("require_encryption");

local sessionmanager = require "core.sessionmanager";
local usermanager = require "core.usermanager";

module:add_feature("jabber:iq:auth");
module:add_event_hook("stream-features", function (session, features)
	if secure_auth_only and not session.secure then
		-- Sorry, not offering to insecure streams!
		return;
	elseif not session.username then
		features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up();
	end
end);

module:add_iq_handler("c2s_unauthed", "jabber:iq:auth", 
		function (session, stanza)
			if secure_auth_only and not session.secure then
				session.send(st.error_reply(stanza, "modify", "not-acceptable", "Encryption (SSL or TLS) is required to connect to this server"));
				return true;
			end
			
			local username = stanza.tags[1]:child_with_name("username");
			local password = stanza.tags[1]:child_with_name("password");
			local resource = stanza.tags[1]:child_with_name("resource");
			if not (username and password and resource) then
				local reply = st.reply(stanza);
				session.send(reply:query("jabber:iq:auth")
					:tag("username"):up()
					:tag("password"):up()
					:tag("resource"):up());
			else
				username, password, resource = t_concat(username), t_concat(password), t_concat(resource);
				local reply = st.reply(stanza);
				if usermanager.validate_credentials(session.host, username, password) then
					-- Authentication successful!
					local success, err = sessionmanager.make_authenticated(session, username);
					if success then
						local err_type, err_msg;
						success, err_type, err, err_msg = sessionmanager.bind_resource(session, resource);
						if not success then
							session.send(st.error_reply(stanza, err_type, err, err_msg));
							return true; -- FIXME need to unauthenticate here
						end
					end
					session.send(st.reply(stanza));
				else
					session.send(st.error_reply(stanza, "auth", "not-authorized"));
				end
			end
			return true;
		end);
Remove version number from copyright headers 17 years ago			`-- Prosody IM`
Update copyright notices for 2009 18 years ago			`-- Copyright (C) 2008-2009 Matthew Wild`
			`-- Copyright (C) 2008-2009 Waqas Hussain`
Insert copyright/license headers 18 years ago			`--`
GPL->MIT! 18 years ago			`-- This project is MIT/X11 licensed. Please see the`
			`-- COPYING file in the source package for more information.`
Insert copyright/license headers 18 years ago			`--`


Huge commit to: * Break stanza routing (to be restored in a future commit) * Remove the old stanza_dispatcher code, which was never going to be maintainable nor extendable :) * Bring us plugins, starting with mod_legacyauth and mod_roster * Sessions are now created/destroyed using a standard sessionmanager interface 18 years ago
			`local st = require "util.stanza";`
			`local t_concat = table.concat;`

mod_legacyauth: Updated to use module:get_option instead of configmanager 17 years ago			`local secure_auth_only = module:get_option("require_encryption");`
mod_saslauth, mod_legacyauth: Deny logins to unsecure sessions when require_encryption config option is true 17 years ago
mod_*: Fix a load of global accesses 17 years ago			`local sessionmanager = require "core.sessionmanager";`
			`local usermanager = require "core.usermanager";`

Change modules to use the new add_feature module API method. This also fixes the bug causing disco features being added to every disco reply for every host. 18 years ago			`module:add_feature("jabber:iq:auth");`
mod_legacyauth: Added stream feature: <auth xmlns='http://jabber.org/features/iq-auth'/> 18 years ago			`module:add_event_hook("stream-features", function (session, features)`
mod_legacyauth: Hide stream feature when secure auth is enabled, and session isn't secure 17 years ago			`if secure_auth_only and not session.secure then`
			`-- Sorry, not offering to insecure streams!`
			`return;`
			`elseif not session.username then`
			`features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up();`
			`end`
mod_legacyauth: Added stream feature: <auth xmlns='http://jabber.org/features/iq-auth'/> 18 years ago			`end);`
Modules now sending disco replies 18 years ago
Bumper commit for the new modulemanager API \o/ Updates all the modules, though some more changes may be in store. 18 years ago			`module:add_iq_handler("c2s_unauthed", "jabber:iq:auth",`
Huge commit to: * Break stanza routing (to be restored in a future commit) * Remove the old stanza_dispatcher code, which was never going to be maintainable nor extendable :) * Bring us plugins, starting with mod_legacyauth and mod_roster * Sessions are now created/destroyed using a standard sessionmanager interface 18 years ago			`function (session, stanza)`
mod_saslauth, mod_legacyauth: Deny logins to unsecure sessions when require_encryption config option is true 17 years ago			`if secure_auth_only and not session.secure then`
			`session.send(st.error_reply(stanza, "modify", "not-acceptable", "Encryption (SSL or TLS) is required to connect to this server"));`
			`return true;`
			`end`

Huge commit to: * Break stanza routing (to be restored in a future commit) * Remove the old stanza_dispatcher code, which was never going to be maintainable nor extendable :) * Bring us plugins, starting with mod_legacyauth and mod_roster * Sessions are now created/destroyed using a standard sessionmanager interface 18 years ago			`local username = stanza.tags[1]:child_with_name("username");`
			`local password = stanza.tags[1]:child_with_name("password");`
			`local resource = stanza.tags[1]:child_with_name("resource");`
			`if not (username and password and resource) then`
			`local reply = st.reply(stanza);`
Fixed mod_legacyauth to use session.send for sending stanzas 18 years ago			`session.send(reply:query("jabber:iq:auth")`
Huge commit to: * Break stanza routing (to be restored in a future commit) * Remove the old stanza_dispatcher code, which was never going to be maintainable nor extendable :) * Bring us plugins, starting with mod_legacyauth and mod_roster * Sessions are now created/destroyed using a standard sessionmanager interface 18 years ago			`:tag("username"):up()`
			`:tag("password"):up()`
			`:tag("resource"):up());`
			`else`
			`username, password, resource = t_concat(username), t_concat(password), t_concat(resource);`
			`local reply = st.reply(stanza);`
			`if usermanager.validate_credentials(session.host, username, password) then`
			`-- Authentication successful!`
SASL! (but before you get too excited, no resource binding yet. And yes, there are still plenty of rough edges to the code...) ((eg. must move <stream:features> out of xmlhandlers.lua o_O )) 18 years ago			`local success, err = sessionmanager.make_authenticated(session, username);`
			`if success then`
Code cleanup for resource binding 18 years ago			`local err_type, err_msg;`
			`success, err_type, err, err_msg = sessionmanager.bind_resource(session, resource);`
SASL! (but before you get too excited, no resource binding yet. And yes, there are still plenty of rough edges to the code...) ((eg. must move <stream:features> out of xmlhandlers.lua o_O )) 18 years ago			`if not success then`
Code cleanup for resource binding 18 years ago			`session.send(st.error_reply(stanza, err_type, err, err_msg));`
mod_legacyauth: Added a FIXME 17 years ago			`return true; -- FIXME need to unauthenticate here`
SASL! (but before you get too excited, no resource binding yet. And yes, there are still plenty of rough edges to the code...) ((eg. must move <stream:features> out of xmlhandlers.lua o_O )) 18 years ago			`end`
Huge commit to: * Break stanza routing (to be restored in a future commit) * Remove the old stanza_dispatcher code, which was never going to be maintainable nor extendable :) * Bring us plugins, starting with mod_legacyauth and mod_roster * Sessions are now created/destroyed using a standard sessionmanager interface 18 years ago			`end`
Fixed mod_legacyauth to use session.send for sending stanzas 18 years ago			`session.send(st.reply(stanza));`
Huge commit to: * Break stanza routing (to be restored in a future commit) * Remove the old stanza_dispatcher code, which was never going to be maintainable nor extendable :) * Bring us plugins, starting with mod_legacyauth and mod_roster * Sessions are now created/destroyed using a standard sessionmanager interface 18 years ago			`else`
mod_legacyauth: Refactored a bit 17 years ago			`session.send(st.error_reply(stanza, "auth", "not-authorized"));`
Huge commit to: * Break stanza routing (to be restored in a future commit) * Remove the old stanza_dispatcher code, which was never going to be maintainable nor extendable :) * Bring us plugins, starting with mod_legacyauth and mod_roster * Sessions are now created/destroyed using a standard sessionmanager interface 18 years ago			`end`
			`end`
mod_legacyauth: Refactored a bit 17 years ago			`return true;`
Bumper commit for the new modulemanager API \o/ Updates all the modules, though some more changes may be in store. 18 years ago			`end);`