From ea324c17430f925e3c77ed1acb5c846135e236b3 Mon Sep 17 00:00:00 2001 From: onefang Date: Sat, 4 Jun 2022 09:44:45 +1000 Subject: Add my version of the Prosody mod_auth_custom_http module. --- src/mod_auth_custom_http_onefang/README.markdown | 32 +++++++++++ .../mod_auth_custom_http_onefang.lua | 62 ++++++++++++++++++++++ 2 files changed, 94 insertions(+) create mode 100644 src/mod_auth_custom_http_onefang/README.markdown create mode 100644 src/mod_auth_custom_http_onefang/mod_auth_custom_http_onefang.lua diff --git a/src/mod_auth_custom_http_onefang/README.markdown b/src/mod_auth_custom_http_onefang/README.markdown new file mode 100644 index 0000000..ab79bf5 --- /dev/null +++ b/src/mod_auth_custom_http_onefang/README.markdown @@ -0,0 +1,32 @@ +--- +summary: HTTP Authentication using custom JSON protocol +... + +Introduction +============ + +To authenticate users, this module does a `POST` request to a configured +URL with a JSON payload. It is not async so requests block the server +until answered. + +Configuration +============= + +``` lua +VirtualHost "example.com" +authentication = "custom_http" +auth_custom_http = { + post_url = "http://api.example.com/auth"; +} +``` + +Protocol +======== + +The JSON payload consists of an object with `username` and `password` +members: + + {"username":"john","password":"secr1t"} + +The module expects the response body to be exactly `true` if the +username and password are correct. diff --git a/src/mod_auth_custom_http_onefang/mod_auth_custom_http_onefang.lua b/src/mod_auth_custom_http_onefang/mod_auth_custom_http_onefang.lua new file mode 100644 index 0000000..3d7c130 --- /dev/null +++ b/src/mod_auth_custom_http_onefang/mod_auth_custom_http_onefang.lua @@ -0,0 +1,62 @@ +-- Prosody IM +-- Copyright (C) 2008-2010 Waqas Hussain +-- +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. +-- + +local new_sasl = require "util.sasl".new; +local json = require "util.json"; +prosody.unlock_globals(); +local http = require "socket.http"; +local https = require "ssl.https"; +prosody.lock_globals(); + +local options = module:get_option("auth_custom_http"); +local post_url = options and options.post_url; +assert(post_url, "No HTTP POST URL provided"); + +local provider = { name = "custom_http_onefang" }; + +function provider.test_password(username, password) + return nil, "Not supported" +end + +function provider.get_password(username) + return nil, "Not supported" +end + +function provider.set_password(username, password) + return nil, "Not supported" +end + +function provider.user_exists(username) + return true; +end + +function provider.create_user(username, password) + return nil, "Not supported" +end + +function provider.delete_user(username) + return nil, "Not supported" +end + +function provider.get_sasl_handler() + local getpass_authentication_profile = { + plain_test = function(sasl, username, password, realm) + local postdata = json.encode({ username = username, password = password }); + local result = ""; + if string.lower(post_url:sub(1, 5)) == "https" then + result = https.request(post_url, postdata); + else + result = http.request(post_url, postdata); + end + return result == "true", true; + end, + }; + return new_sasl(module.host, getpass_authentication_profile); +end + + +module:provides("auth", provider); -- cgit v1.1