projects / prosody.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
MUC: Added support for letting clients manage discussion history.
[prosody.git] / plugins / mod_legacyauth.lua
diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua
index 9a9c3902f0dfe242ce3b435056fb06787edd21ca..9837920b43c96947b4c9398eddd3fded5dab814e 100644 (file)
--- a/plugins/mod_legacyauth.lua
+++ b/plugins/mod_legacyauth.lua
@@ -11,17 +11,20 @@
 local st = require "util.stanza";
 local t_concat = table.concat;
 
-local secure_auth_only = module:get_option("require_encryption");
+local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
 
 local sessionmanager = require "core.sessionmanager";
 local usermanager = require "core.usermanager";
+local nodeprep = require "util.encodings".stringprep.nodeprep;
+local resourceprep = require "util.encodings".stringprep.resourceprep;
 
 module:add_feature("jabber:iq:auth");
-module:add_event_hook("stream-features", function (session, features)
-       if secure_auth_only and not session.secure then
+module:hook("stream-features", function(event)
+       local origin, features = event.origin, event.features;
+       if secure_auth_only and not origin.secure then
                -- Sorry, not offering to insecure streams!
                return;
-       elseif not session.username then
+       elseif not origin.username then
                features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up();
        end
 end);
@@ -44,6 +47,8 @@ module:add_iq_handler("c2s_unauthed", "jabber:iq:auth",
                                        :tag("resource"):up());
                        else
                                username, password, resource = t_concat(username), t_concat(password), t_concat(resource);
+                               username = nodeprep(username);
+                               resource = resourceprep(resource)
                                local reply = st.reply(stanza);
                                if usermanager.validate_credentials(session.host, username, password) then
                                        -- Authentication successful!
@@ -53,7 +58,12 @@ module:add_iq_handler("c2s_unauthed", "jabber:iq:auth",
                                                success, err_type, err, err_msg = sessionmanager.bind_resource(session, resource);
                                                if not success then
                                                        session.send(st.error_reply(stanza, err_type, err, err_msg));
-                                                       return true; -- FIXME need to unauthenticate here
+                                                       session.username, session.type = nil, "c2s_unauthed"; -- FIXME should this be placed in sessionmanager?
+                                                       return true;
+                                               elseif resource ~= session.resource then -- server changed resource, not supported by legacy auth
+                                                       session.send(st.error_reply(stanza, "cancel", "conflict", "The requested resource could not be assigned to this session."));
+                                                       session:close(); -- FIXME undo resource bind and auth instead of closing the session?
+                                                       return true;
                                                end
                                        end
                                        session.send(st.reply(stanza));