projects / prosody.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge 0.9->trunk
[prosody.git] / util / sasl / plain.lua
diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua
index 2abbc53a1688dd66c2d02253676a69446a5aac85..c9ec2911797ecaacae50ac0e6f969adb062b5591 100644 (file)
--- a/util/sasl/plain.lua
+++ b/util/sasl/plain.lua
@@ -13,9 +13,10 @@
 
 local s_match = string.match;
 local saslprep = require "util.encodings".stringprep.saslprep;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
 local log = require "util.logger".init("sasl");
 
-module "plain"
+module "sasl.plain"
 
 -- ================================
 -- SASL PLAIN according to RFC 4616
@@ -28,15 +29,10 @@ plain:
                return password, state;
        end
 
-plain-test:
-       function(username, realm, password)
+plain_test:
+       function(username, password, realm)
                return true or false, state;
        end
-       
-plain-hashed:
-       function(username, realm)
-               return hashed_password, hash_function, state;
-       end
 ]]
 
 local function plain(self, message)
@@ -59,33 +55,35 @@ local function plain(self, message)
                return "failure", "malformed-request", "Invalid username or password.";
        end
 
+       local _nodeprep = self.profile.nodeprep;
+       if _nodeprep ~= false then
+               authentication = (_nodeprep or nodeprep)(authentication);
+               if not authentication or authentication == "" then
+                       return "failure", "malformed-request", "Invalid username or password."
+               end
+       end
+
        local correct, state = false, false;
        if self.profile.plain then
                local correct_password;
-               correct_password, state = self.profile.plain(authentication, self.realm);
-               if correct_password == password then correct = true; else correct = false; end
+               correct_password, state = self.profile.plain(self, authentication, self.realm);
+               correct = (correct_password == password);
        elseif self.profile.plain_test then
-               correct, state = self.profile.plain_test(authentication, self.realm, password);
-       elseif self.profile.plain_hashed then
-               local hashed_password, hash_f;
-               hashed_password, hash_f, state = self.profile.plain_hashed(authentication, self.realm);
-               if hashed_password == hash_f(password) then correct = true; else correct = false; end
+               correct, state = self.profile.plain_test(self, authentication, password, self.realm);
        end
 
        self.username = authentication
-       if not state then
+       if state == false then
                return "failure", "account-disabled";
-       end
-
-       if correct then
-               return "success";
-       else
+       elseif state == nil or not correct then
                return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent.";
        end
+
+       return "success";
 end
 
 function init(registerMechanism)
-       registerMechanism("PLAIN", {"plain", "plain_test", "plain_hashed"}, plain);
+       registerMechanism("PLAIN", {"plain", "plain_test"}, plain);
 end
 
 return _M;