Update ejabberd_auth_http source code from upstream

This commit is contained in:
Badlop 2015-06-26 17:50:28 +02:00
parent 564691c7a6
commit ff61b1a2e1
1 changed files with 47 additions and 52 deletions

View File

@ -8,6 +8,8 @@
-module(ejabberd_auth_http). -module(ejabberd_auth_http).
-author('piotr.nosek@erlang-solutions.com'). -author('piotr.nosek@erlang-solutions.com').
-behaviour(ejabberd_gen_auth).
%% External exports %% External exports
-export([start/1, -export([start/1,
set_password/3, set_password/3,
@ -21,15 +23,17 @@
get_vh_registered_users_number/2, get_vh_registered_users_number/2,
get_password/2, get_password/2,
get_password_s/2, get_password_s/2,
is_user_exists/2, does_user_exist/2,
remove_user/2, remove_user/2,
remove_user/3, remove_user/3,
plain_password_required/0, plain_password_required/0,
store_type/1 store_type/1,
]). login/2,
get_password/3,
stop/1]).
-include("ejabberd.hrl"). -include("ejabberd.hrl").
-include("logger.hrl").
%%%---------------------------------------------------------------------- %%%----------------------------------------------------------------------
%%% API %%% API
@ -37,8 +41,7 @@
-spec start(binary()) -> ok. -spec start(binary()) -> ok.
start(Host) -> start(Host) ->
AuthOpts = ejabberd_config:get_local_option(auth_opts, fun(A) when is_list(A) -> A end, AuthOpts = ejabberd_config:get_local_option(auth_opts, Host),
<<"localhost">>),
{_, AuthHost} = lists:keyfind(host, 1, AuthOpts), {_, AuthHost} = lists:keyfind(host, 1, AuthOpts),
PoolSize = proplists:get_value(connection_pool_size, AuthOpts, 10), PoolSize = proplists:get_value(connection_pool_size, AuthOpts, 10),
Opts = proplists:get_value(connection_opts, AuthOpts, []), Opts = proplists:get_value(connection_opts, AuthOpts, []),
@ -63,10 +66,9 @@ store_type(Server) ->
true -> scram true -> scram
end. end.
-spec check_password(binary(), binary(), binary()) -> boolean(). -spec check_password(ejabberd:luser(), ejabberd:lserver(), binary()) -> boolean().
check_password(User, Server, Password) -> check_password(LUser, LServer, Password) ->
{LUser, LServer} = stringprep(User, Server), case scram:enabled(LServer) of
case scram:enabled(Server) of
false -> false ->
case make_req(get, <<"check_password">>, LUser, LServer, Password) of case make_req(get, <<"check_password">>, LUser, LServer, Password) of
{ok, <<"true">>} -> true; {ok, <<"true">>} -> true;
@ -76,9 +78,8 @@ check_password(User, Server, Password) ->
{ok, true} =:= verify_scram_password(LUser, LServer, Password) {ok, true} =:= verify_scram_password(LUser, LServer, Password)
end. end.
-spec check_password(binary(), binary(), binary(), binary(), fun()) -> boolean(). -spec check_password(ejabberd:luser(), ejabberd:lserver(), binary(), binary(), fun()) -> boolean().
check_password(User, Server, Password, Digest, DigestGen) -> check_password(LUser, LServer, Password, Digest, DigestGen) ->
{LUser, LServer} = stringprep(User, Server),
case make_req(get, <<"get_password">>, LUser, LServer, <<"">>) of case make_req(get, <<"get_password">>, LUser, LServer, <<"">>) of
{error, _} -> {error, _} ->
false; false;
@ -86,9 +87,8 @@ check_password(User, Server, Password, Digest, DigestGen) ->
case scram:enabled(LServer) of case scram:enabled(LServer) of
true -> true ->
case scram:deserialize(GotPasswd) of case scram:deserialize(GotPasswd) of
{ok, #scram{storedkey = StoredKey}} -> {ok, #scram{} = Scram} ->
Passwd = base64:decode(StoredKey), scram:check_digest(Scram, Digest, DigestGen, Password);
ejabberd_auth:check_digest(Digest, DigestGen, Password, Passwd);
_ -> _ ->
false false
end; end;
@ -97,12 +97,11 @@ check_password(User, Server, Password, Digest, DigestGen) ->
end end
end. end.
-spec set_password(binary(), binary(), binary()) -> ok | {error, term()}. -spec set_password(ejabberd:luser(), ejabberd:lserver(), binary()) -> ok | {error, term()}.
set_password(User, Server, Password) -> set_password(LUser, LServer, Password) ->
{LUser, LServer} = stringprep(User, Server),
PasswordFinal = case scram:enabled(LServer) of PasswordFinal = case scram:enabled(LServer) of
true -> scram:serialize(scram:password_to_scram( true -> scram:serialize(scram:password_to_scram(
Password, scram:iterations(Server))); Password, scram:iterations(LServer)));
false -> Password false -> Password
end, end,
case make_req(post, <<"set_password">>, LUser, LServer, PasswordFinal) of case make_req(post, <<"set_password">>, LUser, LServer, PasswordFinal) of
@ -110,17 +109,16 @@ set_password(User, Server, Password) ->
_ -> ok _ -> ok
end. end.
-spec try_register(binary(), binary(), binary()) -> {atomic, ok | exists} | {error, term()}. -spec try_register(ejabberd:luser(), ejabberd:lserver(), binary()) -> {atomic, ok | exists} | {error, term()}.
try_register(User, Server, Password) -> try_register(LUser, LServer, Password) ->
{LUser, LServer} = stringprep(User, Server),
PasswordFinal = case scram:enabled(LServer) of PasswordFinal = case scram:enabled(LServer) of
true -> scram:serialize(scram:password_to_scram( true -> scram:serialize(scram:password_to_scram(
Password, scram:iterations(Server))); Password, scram:iterations(LServer)));
false -> Password false -> Password
end, end,
case make_req(post, <<"register">>, LUser, LServer, PasswordFinal) of case make_req(post, <<"register">>, LUser, LServer, PasswordFinal) of
{ok, created} -> {atomic, ok}; {ok, created} -> ok;
{error, conflict} -> {atomic, exists}; {error, conflict} -> {error, exists};
Error -> Error Error -> Error
end. end.
@ -128,11 +126,11 @@ try_register(User, Server, Password) ->
dirty_get_registered_users() -> dirty_get_registered_users() ->
[]. [].
-spec get_vh_registered_users(binary()) -> []. -spec get_vh_registered_users(ejabberd:lserver()) -> [].
get_vh_registered_users(_Server) -> get_vh_registered_users(_Server) ->
[]. [].
-spec get_vh_registered_users(binary(), list()) -> []. -spec get_vh_registered_users(ejabberd:lserver(), list()) -> [].
get_vh_registered_users(_Server, _Opts) -> get_vh_registered_users(_Server, _Opts) ->
[]. [].
@ -140,14 +138,13 @@ get_vh_registered_users(_Server, _Opts) ->
get_vh_registered_users_number(_Server) -> get_vh_registered_users_number(_Server) ->
0. 0.
-spec get_vh_registered_users_number(binary(), list()) -> 0. -spec get_vh_registered_users_number(ejabberd:lserver(), list()) -> 0.
get_vh_registered_users_number(_Server, _Opts) -> get_vh_registered_users_number(_Server, _Opts) ->
0. 0.
-spec get_password(binary(), binary()) -> false | binary() | -spec get_password(ejabberd:luser(), ejabberd:lserver()) -> false | binary() |
{binary(), binary(), binary(), integer()}. {binary(), binary(), binary(), integer()}.
get_password(User, Server) -> get_password(LUser, LServer) ->
{LUser, LServer} = stringprep(User, Server),
case make_req(get, <<"get_password">>, LUser, LServer, <<"">>) of case make_req(get, <<"get_password">>, LUser, LServer, <<"">>) of
{error, _} -> {error, _} ->
false; false;
@ -156,10 +153,7 @@ get_password(User, Server) ->
true -> true ->
case scram:deserialize(Password) of case scram:deserialize(Password) of
{ok, #scram{} = Scram} -> {ok, #scram{} = Scram} ->
{base64:decode(Scram#scram.storedkey), scram:scram_to_tuple(Scram);
base64:decode(Scram#scram.serverkey),
base64:decode(Scram#scram.salt),
Scram#scram.iterationcount};
_ -> _ ->
false false
end; end;
@ -168,30 +162,27 @@ get_password(User, Server) ->
end end
end. end.
-spec get_password_s(binary(), binary()) -> binary(). -spec get_password_s(ejabberd:luser(), ejabberd:lserver()) -> binary().
get_password_s(User, Server) -> get_password_s(User, Server) ->
case get_password(User, Server) of case get_password(User, Server) of
Pass when is_binary(Pass) -> Pass; Pass when is_binary(Pass) -> Pass;
_ -> <<>> _ -> <<>>
end. end.
-spec is_user_exists(binary(), binary()) -> boolean(). -spec does_user_exist(ejabberd:luser(), ejabberd:lserver()) -> boolean().
is_user_exists(User, Server) -> does_user_exist(LUser, LServer) ->
{LUser, LServer} = stringprep(User, Server),
case make_req(get, <<"user_exists">>, LUser, LServer, <<"">>) of case make_req(get, <<"user_exists">>, LUser, LServer, <<"">>) of
{ok, <<"true">>} -> true; {ok, <<"true">>} -> true;
_ -> false _ -> false
end. end.
-spec remove_user(binary(), binary()) -> ok | not_exists | not_allowed | bad_request. -spec remove_user(ejabberd:luser(), ejabberd:lserver()) -> ok | not_exists | not_allowed | bad_request.
remove_user(User, Server) -> remove_user(LUser, LServer) ->
{LUser, LServer} = stringprep(User, Server),
remove_user_req(LUser, LServer, <<"">>, <<"remove_user">>). remove_user_req(LUser, LServer, <<"">>, <<"remove_user">>).
-spec remove_user(binary(), binary(), binary()) -> ok | not_exists | not_allowed | bad_request. -spec remove_user(ejabberd:luser(), ejabberd:lserver(), binary()) -> ok | not_exists | not_allowed | bad_request.
remove_user(User, Server, Password) -> remove_user(LUser, LServer, Password) ->
{LUser, LServer} = stringprep(User, Server), case scram:enabled(LServer) of
case scram:enabled(Server) of
false -> false ->
remove_user_req(LUser, LServer, Password, <<"remove_user_validate">>); remove_user_req(LUser, LServer, Password, <<"remove_user_validate">>);
true -> true ->
@ -224,8 +215,7 @@ remove_user_req(LUser, LServer, Password, Method) ->
make_req(_, _, LUser, LServer, _) when LUser == error orelse LServer == error -> make_req(_, _, LUser, LServer, _) when LUser == error orelse LServer == error ->
{error, {prep_failed, LUser, LServer}}; {error, {prep_failed, LUser, LServer}};
make_req(Method, Path, LUser, LServer, Password) -> make_req(Method, Path, LUser, LServer, Password) ->
AuthOpts = ejabberd_config:get_local_option(auth_opts, fun(A) when is_list(A) -> A end, AuthOpts = ejabberd_config:get_local_option(auth_opts, LServer),
<<"localhost">>),
BasicAuth = case lists:keyfind(basic_auth, 1, AuthOpts) of BasicAuth = case lists:keyfind(basic_auth, 1, AuthOpts) of
{_, BasicAuth0} -> BasicAuth0; {_, BasicAuth0} -> BasicAuth0;
_ -> "" _ -> ""
@ -265,9 +255,6 @@ make_req(Method, Path, LUser, LServer, Password) ->
%%%---------------------------------------------------------------------- %%%----------------------------------------------------------------------
%%% Other internal functions %%% Other internal functions
%%%---------------------------------------------------------------------- %%%----------------------------------------------------------------------
stringprep(User, Server) -> {jlib:nodeprep(User), jlib:nameprep(Server)}.
-spec pool_name(binary()) -> atom(). -spec pool_name(binary()) -> atom().
pool_name(Host) -> pool_name(Host) ->
list_to_atom("ejabberd_auth_http_" ++ binary_to_list(Host)). list_to_atom("ejabberd_auth_http_" ++ binary_to_list(Host)).
@ -291,3 +278,11 @@ verify_scram_password(LUser, LServer, Password) ->
{error, not_exists} {error, not_exists}
end. end.
login(_User, _Server) ->
erlang:error(not_implemented).
get_password(_User, _Server, _DefaultValue) ->
erlang:error(not_implemented).
stop(_Host) ->
ok.