apitech
/
prosody
mirror of https://github.com/bjc/prosody
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
IMPORTANT: due to a drive failure, as of 13-Mar-2021, the Mercurial repository had to be re-mirrored, which changed every commit SHA. The old SHAs and trees are backed up in the vault branches. Please migrate to the new branches as soon as you can.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2966 Commits
12 Branches
101 Tags
54 MiB
 
 
 
 
Tag: Branch: Tree: 41d45e0c64
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '41d45e0c64'
${ noResults }
prosody/core/usermanager.lua

99 lines
3.3 KiB
Raw Blame History

-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
local datamanager = require "util.datamanager";
local log = require "util.logger".init("usermanager");
local type = type;
local error = error;
local ipairs = ipairs;
local hashes = require "util.hashes";
local jid_bare = require "util.jid".bare;
local config = require "core.configmanager";
local hosts = hosts;
local require_provisioning = config.get("*", "core", "cyrus_require_provisioning") or false;
module "usermanager"
local function is_cyrus(host) return config.get(host, "core", "sasl_backend") == "cyrus"; end
function validate_credentials(host, username, password, method)
log("debug", "User '%s' is being validated", username);
if is_cyrus(host) then return nil, "Legacy auth not supported with Cyrus SASL."; end
local credentials = datamanager.load(username, host, "accounts") or {};
if method == nil then method = "PLAIN"; end
if method == "PLAIN" and credentials.password then -- PLAIN, do directly
if password == credentials.password then
return true;
else
return nil, "Auth failed. Invalid username or password.";
end
end
-- must do md5
-- make credentials md5
local pwd = credentials.password;
if not pwd then pwd = credentials.md5; else pwd = hashes.md5(pwd, true); end
-- make password md5
if method == "PLAIN" then
password = hashes.md5(password or "", true);
elseif method ~= "DIGEST-MD5" then
return nil, "Unsupported auth method";
end
-- compare
if password == pwd then
return true;
else
return nil, "Auth failed. Invalid username or password.";
end
end
function get_password(username, host)
if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end
return (datamanager.load(username, host, "accounts") or {}).password
end
function set_password(username, host, password)
if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end
local account = datamanager.load(username, host, "accounts");
if account then
account.password = password;
return datamanager.store(username, host, "accounts", account);
end
return nil, "Account not available.";
end
function user_exists(username, host)
if not(require_provisioning) and is_cyrus(host) then return true; end
return datamanager.load(username, host, "accounts") ~= nil; -- FIXME also check for empty credentials
end
function create_user(username, password, host)
if not(require_provisioning) and is_cyrus(host) then return nil, "Account creation/modification not available with Cyrus SASL."; end
return datamanager.store(username, host, "accounts", {password = password});
end
function get_supported_methods(host)
return {["PLAIN"] = true, ["DIGEST-MD5"] = true}; -- TODO this should be taken from the config
end
function is_admin(jid, host)
host = host or "*";
local admins = config.get(host, "core", "admins");
if host ~= "*" and admins == config.get("*", "core", "admins") then
return nil;
end
if type(admins) == "table" then
jid = jid_bare(jid);
for _,admin in ipairs(admins) do
if admin == jid then return true; end
end
elseif admins then log("warn", "Option 'admins' for host '%s' is not a table", host); end
return nil;
end
return _M;