projects / prosody.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge 0.9->0.10
[prosody.git] / util / sasl / plain.lua
diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua
index ae5c777a77423f466ecd5977f696e0f9bec7e313..c9ec2911797ecaacae50ac0e6f969adb062b5591 100644 (file)
--- a/util/sasl/plain.lua
+++ b/util/sasl/plain.lua
@@ -1,5 +1,5 @@
 -- sasl.lua v0.4
--- Copyright (C) 2008-2009 Tobias Markmann
+-- Copyright (C) 2008-2010 Tobias Markmann
 --
 --    All rights reserved.
 --
@@ -13,12 +13,28 @@
 
 local s_match = string.match;
 local saslprep = require "util.encodings".stringprep.saslprep;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
 local log = require "util.logger".init("sasl");
 
-module "plain"
+module "sasl.plain"
 
 -- ================================
 -- SASL PLAIN according to RFC 4616
+
+--[[
+Supported Authentication Backends
+
+plain:
+       function(username, realm)
+               return password, state;
+       end
+
+plain_test:
+       function(username, password, realm)
+               return true or false, state;
+       end
+]]
+
 local function plain(self, message)
        if not message then
                return "failure", "malformed-request";
@@ -39,25 +55,31 @@ local function plain(self, message)
                return "failure", "malformed-request", "Invalid username or password.";
        end
 
+       local _nodeprep = self.profile.nodeprep;
+       if _nodeprep ~= false then
+               authentication = (_nodeprep or nodeprep)(authentication);
+               if not authentication or authentication == "" then
+                       return "failure", "malformed-request", "Invalid username or password."
+               end
+       end
+
        local correct, state = false, false;
        if self.profile.plain then
                local correct_password;
-               correct_password, state = self.profile.plain(authentication, self.realm);
-               if correct_password == password then correct = true; else correct = false; end
+               correct_password, state = self.profile.plain(self, authentication, self.realm);
+               correct = (correct_password == password);
        elseif self.profile.plain_test then
-               correct, state = self.profile.plain_test(authentication, self.realm, password);
+               correct, state = self.profile.plain_test(self, authentication, password, self.realm);
        end
 
        self.username = authentication
-       if not state then
+       if state == false then
                return "failure", "account-disabled";
-       end
-
-       if correct then
-               return "success";
-       else
+       elseif state == nil or not correct then
                return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent.";
        end
+
+       return "success";
 end
 
 function init(registerMechanism)