mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-03 21:27:38 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

mod_tokenauth: Support selection of _no_ role at all

Browse source 
If a grant does not have a role, we should not go and make one up.
While not very useful for XMPP if you can't even login, it may be useful
for OAuth2/OIDC.
This commit is contained in:
Kim Alvefur 2023-05-07 20:34:07 +02:00
parent 98d5a50eb6
commit e80cd078fd
1 changed files with 6 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

11
plugins/mod_tokenauth.lua
View file

@ -10,11 +10,12 @@ local token_store = module:open_store("auth_tokens", "keyval+");
local access_time_granularity = module:get_option_number("token_auth_access_time_granularity", 60);
local function select_role(username, host, role)
if role then
return prosody.hosts[host].authz.get_role_by_name(role);
end
return usermanager.get_user_role(username, host);
local function select_role(username, host, role_name)
if not role_name then return end
local role = usermanager.get_role_by_name(role_name, host);
if not role then return end
if not usermanager.user_can_assume_role(username, host, role.name) then return end
return role;
end
function create_grant(actor_jid, grant_jid, grant_ttl, grant_data)