projects / prosody.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ejabberdsql2prosody: Display a warning if a row has more columns than expected
[prosody.git] / plugins / mod_legacyauth.lua
diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua
index 1869bba50aa2da66face36769ae12ab1f3198c08..de94411ebac76278d725d4910a549b06e79e0619 100644 (file)
--- a/plugins/mod_legacyauth.lua
+++ b/plugins/mod_legacyauth.lua
@@ -1,20 +1,9 @@
--- Prosody IM v0.2
--- Copyright (C) 2008 Matthew Wild
--- Copyright (C) 2008 Waqas Hussain
+-- Prosody IM
+-- Copyright (C) 2008-2009 Matthew Wild
+-- Copyright (C) 2008-2009 Waqas Hussain
 -- 
--- This program is free software; you can redistribute it and/or
--- modify it under the terms of the GNU General Public License
--- as published by the Free Software Foundation; either version 2
--- of the License, or (at your option) any later version.
--- 
--- This program is distributed in the hope that it will be useful,
--- but WITHOUT ANY WARRANTY; without even the implied warranty of
--- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
--- GNU General Public License for more details.
--- 
--- You should have received a copy of the GNU General Public License
--- along with this program; if not, write to the Free Software
--- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+-- This project is MIT/X11 licensed. Please see the
+-- COPYING file in the source package for more information.
 --
 
 
@@ -22,10 +11,29 @@
 local st = require "util.stanza";
 local t_concat = table.concat;
 
+local config = require "core.configmanager";
+local secure_auth_only = config.get(module:get_host(), "core", "require_encryption");
+
+local sessionmanager = require "core.sessionmanager";
+local usermanager = require "core.usermanager";
+
 module:add_feature("jabber:iq:auth");
+module:add_event_hook("stream-features", function (session, features)
+       if secure_auth_only and not session.secure then
+               -- Sorry, not offering to insecure streams!
+               return;
+       elseif not session.username then
+               features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up();
+       end
+end);
 
 module:add_iq_handler("c2s_unauthed", "jabber:iq:auth", 
                function (session, stanza)
+                       if secure_auth_only and not session.secure then
+                               session.send(st.error_reply(stanza, "modify", "not-acceptable", "Encryption (SSL or TLS) is required to connect to this server"));
+                               return true;
+                       end
+                       
                        local username = stanza.tags[1]:child_with_name("username");
                        local password = stanza.tags[1]:child_with_name("password");
                        local resource = stanza.tags[1]:child_with_name("resource");