139 end |
139 end |
140 if config.get(session.host or "*", "core", "anonymous_login") then |
140 if config.get(session.host or "*", "core", "anonymous_login") then |
141 session.sasl_handler = new_sasl(session.host, anonymous_authentication_profile); |
141 session.sasl_handler = new_sasl(session.host, anonymous_authentication_profile); |
142 else |
142 else |
143 session.sasl_handler = new_sasl(session.host, default_authentication_profile); |
143 session.sasl_handler = new_sasl(session.host, default_authentication_profile); |
|
144 if not session.secure then |
|
145 session.sasl_handler:forbidden({"PLAIN"}); |
|
146 end |
144 end |
147 end |
145 features:tag("mechanisms", mechanisms_attr); |
148 features:tag("mechanisms", mechanisms_attr); |
146 -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so. |
|
147 for k, v in pairs(session.sasl_handler:mechanisms()) do |
149 for k, v in pairs(session.sasl_handler:mechanisms()) do |
148 features:tag("mechanism"):text(v):up(); |
150 features:tag("mechanism"):text(v):up(); |
149 end |
151 end |
150 features:up(); |
152 features:up(); |
151 else |
153 else |