mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-03 21:27:38 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

mod_tokenauth: Add 'purpose' constraint

Browse source 
This allows tokens to be tied to specific purposes/protocols. For example, we
shouldn't (without specific consideration) allow an OAuth token to be dropped
into a slot expecting a FAST token.

While FAST doesn't currently use mod_tokenauth, it and others may do in the
future. It's better to be explicit about what kind of token code is issuing or
expecting.
This commit is contained in:
Matthew Wild 2023-03-01 13:01:21 +00:00
parent 16137b3b14
commit a58a6d2317
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
plugins/mod_tokenauth.lua
View file

@ -13,7 +13,7 @@ local function select_role(username, host, role)
return usermanager.get_user_role(username, host);
end
function create_jid_token(actor_jid, token_jid, token_role, token_ttl, token_data)
function create_jid_token(actor_jid, token_jid, token_role, token_ttl, token_data, token_purpose)
token_jid = jid.prep(token_jid);
if not actor_jid or token_jid ~= actor_jid and not jid.compare(token_jid, actor_jid) then
return nil, "not-authorized";
@ -30,6 +30,7 @@ function create_jid_token(actor_jid, token_jid, token_role, token_ttl, token_dat
created = os.time();
expires = token_ttl and (os.time() + token_ttl) or nil;
jid = token_jid;
purpose = token_purpose;
resource = token_resource;
role = token_role;