prosody

Commit Graph

Author	SHA1	Message	Date
Kim Alvefur	04f45b1afa	mod_auth_internal_{hashed,plain}: Respect flag for disabled accounts in test_password() This API method is used e.g. in HTTP modules which also should respect disabled accounts.	1 year ago
Matthew Wild	ab835fed13	util.hex: Deprecate to/from in favour of encode/decode, for consistency!	4 years ago
Matthew Wild	253b2fba90	usermanager, mod_auth_internal_hashed: Support metadata when disabling a user This allows us to store a time, actor, comment and/or reason why an account was disabled, which seems a generally useful thing to support.	2 years ago
Kim Alvefur	71ad48095d	plugins: Use integer config API with interval specification where sensible Many of these fall into a few categories: - util.cache size, must be >= 1 - byte or item counts that logically can't be negative - port numbers that should be in 1..0xffff	2 years ago
Kim Alvefur	a8b0c56f65	plugins: Use get_option_enum where appropriate	5 years ago
Kim Alvefur	98922d54b1	plugins: Prefix module imports with prosody namespace	3 years ago
Kim Alvefur	9dd7ce434d	mod_auth_internal_hashed: Shorten call path Why did it call a function defined in the same module through usermanager?	3 years ago
Kim Alvefur	5afb393d53	mod_auth_internal_hashed: Record time of account disable / re-enable Could be useful for e.g. #1772	3 years ago
Matthew Wild	4ce832123e	mod_auth_internal_hashed: Add oauthbearer handler to our SASL profile	3 years ago
Kim Alvefur	fe206323b5	mod_auth_internal_hashed: Implement methods to enable and disable users	3 years ago
Kim Alvefur	96acef2170	mod_auth_internal_hashed: Implement is_enabled() method Uses 'disabled' property already introduced in aed38948791f	3 years ago
Kim Alvefur	4704e98af6	mod_auth_internal_hashed: Add stub methods for enabling and disabling users But how and where?	3 years ago
Kim Alvefur	01fedfa5be	mod_auth_internal_hashed: Refactor to prepare for disabling users Moving this out will make space for a dynamic check whether a particular user is disabled or not, which is one possible response to abuse of account privileges.	3 years ago
Kim Alvefur	8ff2f04e4c	mod_auth_internal_hashed: Allow creating disabled account without password Otherwise, create_user(username, nil) leads to the account being deleted.	3 years ago
Matthew Wild	4db3d15723	usermanager, mod_auth_*: Add get_account_info() returning creation/update time This is useful for a number of things. For example, listing users that need to rotate their passwords after some event. It also provides a safer way for code to determine that a user password has changed without needing to set a handler for the password change event (which is a more fragile approach).	4 years ago
Matthew Wild	6a54d2d2c4	mod_auth_internal_{plain,hashed}: Use constant-time string comparison for secrets	5 years ago
Kim Alvefur	71c6728e69	mod_auth_internal_*: Apply saslprep to passwords Related to #1560	6 years ago
Kim Alvefur	4261dc1d80	mod_auth_internal_hashed: Up iteration count to 10000 per XEP-0438 More security for less pain than switching to SCRAM-SHA-256 The XEP will likely be change to reference the RFC that will probably come from draft-ietf-kitten-password-storage once it is ready, and then we should update to follow that.	4 years ago
Kim Alvefur	c122d673e6	mod_auth_internal_hashed: Make SCRAM iteration count configurable	4 years ago
Kim Alvefur	d464d7edb1	mod_auth_internal_hashed: Pass on errors from password hash function (fixes #1477 )	6 years ago
Kim Alvefur	b8ad8ccc88	mod_auth_internal_hashed: Precompute SCRAM authentication profile name (thanks MattJ)	6 years ago
Kim Alvefur	a746aba7a2	mod_auth_internal_hashed: Add support for optionally using SCRAM-SHA-256 instead of SHA-1 This will currently require a hard reset of all passwords back to plain. This will be least painful on new deployments.	7 years ago
Kim Alvefur	73b75571e6	core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512 )	9 years ago
Kim Alvefur	4234f60c4a	mod_auth_internal_hashed: Split long lines [luacheck]	9 years ago
Kim Alvefur	5386166909	mod_auth_internal_hashed: Rename unused 'self' to _ [luacheck]	9 years ago
Kim Alvefur	938380cacc	mod_auth_internal_hashed: Use util.hex	11 years ago
Florian Zeitz	e4186638c7	mod_auth_interal_hashed: Update salt and iteration count when setting a new password	12 years ago
Kim Alvefur	a10c051fb2	mod_auth_internal_hashed: Log calls to provider methods and be consistent with mod_auth_internal_plain	13 years ago
Kim Alvefur	31c364ad7f	mod_auth_internal_hashed: Use logger setup by moduleapi instead of going for util.logger directly	13 years ago
Kim Alvefur	6ee727dd25	mod_auth_internal_hashed: Remove this 'initializing' message too	13 years ago
Florian Zeitz	1d833bb807	Remove all trailing whitespace	13 years ago
Kim Alvefur	61e1281073	mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store()	13 years ago
Waqas Hussain	b1f22daa93	mod_auth_internal_plain, mod_auth_internal_hashed: No need to nodeprep here.	13 years ago
Kim Alvefur	ce8ed66881	mod_auth_internal_{plain,hashed}: Add support for iterating over accounts	13 years ago
Waqas Hussain	92515e7aa6	mod_auth_*: Use module:provides().	13 years ago
Waqas Hussain	2e28c81f01	mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider.	13 years ago
Matthew Wild	90342aaf3c	mod_auth_internal_hashed: Remove COMPAT code (upgrading old hashed storage format from pre-0.8)	14 years ago
Matthew Wild	a4d38eb601	mod_auth_internal_hashed: Remove unused imports	14 years ago
Matthew Wild	afebf2da34	mod_auth_internal_{plain,hashed}: Clarify log messages on initialization	14 years ago
Waqas Hussain	aa144af70e	util.sasl., mod_auth_, mod_saslauth: Pass SASL handler as first parameter to SASL profile callbacks.	15 years ago
Waqas Hussain	9c85f1fccd	mod_auth_*: Get rid of undocumented and broken 'sasl_realm' config option.	15 years ago
Waqas Hussain	b3cc9f42df	mod_auth_*: Get rid of undocumented and broken 'sasl_realm' config option.	15 years ago
Matthew Wild	90562d1b6e	mod_auth_internal_*: Support for delete_user method	15 years ago
Matthew Wild	2e28b24183	mod_auth_internal_*: Support for delete_user method	15 years ago
Waqas Hussain	1865c2454b	util.sasl., mod_auth_, mod_saslauth: Pass SASL handler as first parameter to SASL profile callbacks.	15 years ago
Kim Alvefur	e535c73ca3	mod_auth_internal_hashed: Fix deleting users	16 years ago
Matthew Wild	a6e1eb7590	usermanager, mod_auth_internal_hashed, mod_legacyauth: New order of parameters for usermanager.test_password - username, host, password	16 years ago
Waqas Hussain	41da5ba5b5	mod_auth_internal_hashed: Fixed SCRAM-SHA-1 mechanism to not traceback on non-existent users.	16 years ago
Matthew Wild	c60ae1fda2	mod_auth_internal, mod_auth_internal_hashed: Remove checking for nil or empty password and pretending it means the user doesn't exist. Hopefully with more success than Custer.	16 years ago
Matthew Wild	02dddbbc8d	mod_auth_internal_hashed: Update TODO comments to COMPAT	16 years ago

1 2

71 Commits (master)