|
1 -- Prosody IM |
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
|
4 -- Copyright (C) 2010 Jeff Mitchell |
|
5 -- |
|
6 -- This project is MIT/X11 licensed. Please see the |
|
7 -- COPYING file in the source package for more information. |
|
8 -- |
|
9 |
|
10 local datamanager = require "util.datamanager"; |
|
11 local log = require "util.logger".init("usermanager"); |
|
12 local type = type; |
|
13 local error = error; |
|
14 local ipairs = ipairs; |
|
15 local hashes = require "util.hashes"; |
|
16 local jid_bare = require "util.jid".bare; |
|
17 local config = require "core.configmanager"; |
|
18 local usermanager = require "core.usermanager"; |
|
19 local hosts = hosts; |
|
20 |
|
21 local prosody = _G.prosody; |
|
22 |
|
23 local is_cyrus = usermanager.is_cyrus; |
|
24 |
|
25 function new_default_provider(host) |
|
26 local provider = { name = "internal" }; |
|
27 log("debug", "initializing default authentication provider for host '%s'", host); |
|
28 |
|
29 function provider.test_password(username, password) |
|
30 log("debug", "test password '%s' for user %s at host %s", password, username, module.host); |
|
31 if is_cyrus(host) then return nil, "Legacy auth not supported with Cyrus SASL."; end |
|
32 local credentials = datamanager.load(username, host, "accounts") or {}; |
|
33 |
|
34 if password == credentials.password then |
|
35 return true; |
|
36 else |
|
37 return nil, "Auth failed. Invalid username or password."; |
|
38 end |
|
39 end |
|
40 |
|
41 function provider.get_password(username) |
|
42 log("debug", "get_password for username '%s' at host '%s'", username, module.host); |
|
43 if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end |
|
44 return (datamanager.load(username, host, "accounts") or {}).password; |
|
45 end |
|
46 |
|
47 function provider.set_password(username, password) |
|
48 if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end |
|
49 local account = datamanager.load(username, host, "accounts"); |
|
50 if account then |
|
51 account.password = password; |
|
52 return datamanager.store(username, host, "accounts", account); |
|
53 end |
|
54 return nil, "Account not available."; |
|
55 end |
|
56 |
|
57 function provider.user_exists(username) |
|
58 if is_cyrus(host) then return true; end |
|
59 local account = datamanager.load(username, host, "accounts"); |
|
60 if not account then |
|
61 log("debug", "account not found for username '%s' at host '%s'", username, module.host); |
|
62 return nil, "Auth failed. Invalid username"; |
|
63 end |
|
64 if account.password == nil or string.len(account.password) == 0 then |
|
65 log("debug", "account password not set or zero-length for username '%s' at host '%s'", username, module.host); |
|
66 return nil, "Auth failed. Password invalid."; |
|
67 end |
|
68 return true; |
|
69 end |
|
70 |
|
71 function provider.create_user(username, password) |
|
72 if is_cyrus(host) then return nil, "Account creation/modification not available with Cyrus SASL."; end |
|
73 return datamanager.store(username, host, "accounts", {password = password}); |
|
74 end |
|
75 |
|
76 function provider.get_supported_methods() |
|
77 return {["PLAIN"] = true, ["DIGEST-MD5"] = true}; -- TODO this should be taken from the config |
|
78 end |
|
79 |
|
80 function provider.is_admin(jid) |
|
81 local admins = config.get(host, "core", "admins"); |
|
82 if admins ~= config.get("*", "core", "admins") and type(admins) == "table" then |
|
83 jid = jid_bare(jid); |
|
84 for _,admin in ipairs(admins) do |
|
85 if admin == jid then return true; end |
|
86 end |
|
87 elseif admins then |
|
88 log("error", "Option 'admins' for host '%s' is not a table", host); |
|
89 end |
|
90 return is_admin(jid); -- Test whether it's a global admin instead |
|
91 end |
|
92 return provider; |
|
93 end |
|
94 |
|
95 module:add_item("auth-provider", new_default_provider(module.host)); |
|
96 |