Thu, 20 May 2010 18:06:21 -0400
Working defaultauth
3157 | 1 | -- Prosody IM |
2 | -- Copyright (C) 2008-2010 Matthew Wild | |
3 | -- Copyright (C) 2008-2010 Waqas Hussain | |
4 | -- Copyright (C) 2010 Jeff Mitchell | |
5 | -- | |
6 | -- This project is MIT/X11 licensed. Please see the | |
7 | -- COPYING file in the source package for more information. | |
8 | -- | |
9 | ||
10 | local datamanager = require "util.datamanager"; | |
11 | local log = require "util.logger".init("usermanager"); | |
12 | local type = type; | |
13 | local error = error; | |
14 | local ipairs = ipairs; | |
15 | local hashes = require "util.hashes"; | |
16 | local jid_bare = require "util.jid".bare; | |
17 | local config = require "core.configmanager"; | |
3158 | 18 | local usermanager = require "core.usermanager"; |
3157 | 19 | local hosts = hosts; |
20 | ||
21 | local prosody = _G.prosody; | |
22 | ||
3158 | 23 | local is_cyrus = usermanager.is_cyrus; |
24 | ||
3157 | 25 | function new_default_provider(host) |
26 | local provider = { name = "default" }; | |
3158 | 27 | log("debug", "initializing default authentication provider for host '%s'", host); |
28 | ||
3157 | 29 | function provider.test_password(username, password) |
3158 | 30 | log("debug", "test password '%s' for user %s at host %s", password, username, module.host); |
3157 | 31 | if is_cyrus(host) then return nil, "Legacy auth not supported with Cyrus SASL."; end |
32 | local credentials = datamanager.load(username, host, "accounts") or {}; | |
33 | ||
34 | if password == credentials.password then | |
35 | return true; | |
36 | else | |
37 | return nil, "Auth failed. Invalid username or password."; | |
38 | end | |
39 | end | |
40 | ||
41 | function provider.get_password(username) | |
3158 | 42 | log("debug", "get_password for username '%s' at host '%s'", username, module.host); |
3157 | 43 | if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end |
44 | return (datamanager.load(username, host, "accounts") or {}).password; | |
45 | end | |
46 | ||
47 | function provider.set_password(username, password) | |
48 | if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end | |
49 | local account = datamanager.load(username, host, "accounts"); | |
50 | if account then | |
51 | account.password = password; | |
52 | return datamanager.store(username, host, "accounts", account); | |
53 | end | |
54 | return nil, "Account not available."; | |
55 | end | |
56 | ||
57 | function provider.user_exists(username) | |
58 | if is_cyrus(host) then return true; end | |
59 | local account = datamanager.load(username, host, "accounts"); | |
60 | if not account then | |
3158 | 61 | log("debug", "account not found for username '%s' at host '%s'", username, module.host); |
3157 | 62 | return nil, "Auth failed. Invalid username"; |
63 | end | |
64 | if account.password == nil or string.len(account.password) == 0 then | |
3158 | 65 | log("debug", "account password not set or zero-length for username '%s' at host '%s'", username, module.host); |
3157 | 66 | return nil, "Auth failed. Password invalid."; |
67 | end | |
68 | return true; | |
69 | end | |
70 | ||
71 | function provider.create_user(username, password) | |
72 | if is_cyrus(host) then return nil, "Account creation/modification not available with Cyrus SASL."; end | |
73 | return datamanager.store(username, host, "accounts", {password = password}); | |
74 | end | |
75 | ||
76 | function provider.get_supported_methods() | |
77 | return {["PLAIN"] = true, ["DIGEST-MD5"] = true}; -- TODO this should be taken from the config | |
78 | end | |
79 | ||
80 | function provider.is_admin(jid) | |
81 | local admins = config.get(host, "core", "admins"); | |
82 | if admins ~= config.get("*", "core", "admins") and type(admins) == "table" then | |
83 | jid = jid_bare(jid); | |
84 | for _,admin in ipairs(admins) do | |
85 | if admin == jid then return true; end | |
86 | end | |
87 | elseif admins then | |
88 | log("error", "Option 'admins' for host '%s' is not a table", host); | |
89 | end | |
90 | return is_admin(jid); -- Test whether it's a global admin instead | |
91 | end | |
92 | return provider; | |
93 | end | |
94 | ||
95 | module:add_item("auth-provider", new_default_provider(module.host)); | |
96 |