mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-03 05:07:42 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions
13812 commits 12 branches 100 tags 40 MiB
Commit graph

71 commits

Author SHA1 Message Date
Kim Alvefur
04f45b1afa mod_auth_internal_{hashed,plain}: Respect flag for disabled accounts in test_password() 
This API method is used e.g. in HTTP modules which also should respect
disabled accounts.
 2024-08-09 20:23:46 +02:00
Matthew Wild
253b2fba90 usermanager, mod_auth_internal_hashed: Support metadata when disabling a user 
This allows us to store a time, actor, comment and/or reason why an account
was disabled, which seems a generally useful thing to support.
 2023-11-30 09:47:00 +00:00
Kim Alvefur
71ad48095d plugins: Use integer config API with interval specification where sensible 
Many of these fall into a few categories:
- util.cache size, must be >= 1
- byte or item counts that logically can't be negative
- port numbers that should be in 1..0xffff
 2023-07-17 01:38:54 +02:00
Kim Alvefur
a8b0c56f65 plugins: Use get_option_enum where appropriate 2021-01-16 21:04:58 +01:00
Kim Alvefur
98922d54b1 plugins: Prefix module imports with prosody namespace 2023-03-24 13:15:28 +01:00
Kim Alvefur
9dd7ce434d mod_auth_internal_hashed: Shorten call path 
Why did it call a function defined in the same module through
usermanager?
 2023-03-18 16:13:32 +01:00
Kim Alvefur
5afb393d53 mod_auth_internal_hashed: Record time of account disable / re-enable 
Could be useful for e.g. #1772
 2023-03-12 01:24:59 +01:00
Matthew Wild
4ce832123e mod_auth_internal_hashed: Add oauthbearer handler to our SASL profile 2023-03-01 13:05:17 +00:00
Kim Alvefur
fe206323b5 mod_auth_internal_hashed: Implement methods to enable and disable users 2023-02-23 14:44:35 +01:00
Kim Alvefur
96acef2170 mod_auth_internal_hashed: Implement is_enabled() method 
Uses 'disabled' property already introduced in aed38948791f
 2023-02-23 14:34:10 +01:00
Kim Alvefur
4704e98af6 mod_auth_internal_hashed: Add stub methods for enabling and disabling users 
But how and where?
 2023-02-22 15:32:40 +01:00
Kim Alvefur
01fedfa5be mod_auth_internal_hashed: Refactor to prepare for disabling users 
Moving this out will make space for a dynamic check whether a particular
user is disabled or not, which is one possible response to abuse of
account privileges.
 2023-02-22 13:27:08 +01:00
Kim Alvefur
8ff2f04e4c mod_auth_internal_hashed: Allow creating disabled account without password 
Otherwise, create_user(username, nil) leads to the account being
deleted.
 2022-08-18 17:50:56 +02:00
Matthew Wild
4db3d15723 usermanager, mod_auth_*: Add get_account_info() returning creation/update time 
This is useful for a number of things. For example, listing users that need to
rotate their passwords after some event. It also provides a safer way for code
to determine that a user password has changed without needing to set a handler
for the password change event (which is a more fragile approach).
 2022-07-12 13:14:47 +01:00
Matthew Wild
ab835fed13 util.hex: Deprecate to/from in favour of encode/decode, for consistency! 2022-03-04 15:22:45 +00:00
Kim Alvefur
4261dc1d80 mod_auth_internal_hashed: Up iteration count to 10000 per XEP-0438 
More security for less pain than switching to SCRAM-SHA-256

The XEP will likely be change to reference the RFC that will probably
come from draft-ietf-kitten-password-storage once it is ready, and then
we should update to follow that.
 2021-12-26 16:51:04 +01:00
Kim Alvefur
c122d673e6 mod_auth_internal_hashed: Make SCRAM iteration count configurable 2021-12-26 16:37:50 +01:00
Matthew Wild
5bc8b2a379 Merge 0.11->trunk 2021-05-13 11:17:13 +01:00
Matthew Wild
6a54d2d2c4 mod_auth_internal_{plain,hashed}: Use constant-time string comparison for secrets 2021-05-10 16:50:24 +01:00
Kim Alvefur
71c6728e69 mod_auth_internal_*: Apply saslprep to passwords 
Related to #1560
 2020-05-23 14:17:04 +02:00
Kim Alvefur
e083756418 Merge 0.11->trunk 2020-06-06 00:54:28 +02:00
Kim Alvefur
1eabf5bdb4 Merge 0.11->trunk 2019-12-24 00:39:45 +01:00
Kim Alvefur
d464d7edb1 mod_auth_internal_hashed: Pass on errors from password hash function (fixes #1477) 2019-12-23 22:42:39 +01:00
Kim Alvefur
b8ad8ccc88 mod_auth_internal_hashed: Precompute SCRAM authentication profile name (thanks MattJ) 2019-08-22 01:00:31 +02:00
Kim Alvefur
a746aba7a2 mod_auth_internal_hashed: Add support for optionally using SCRAM-SHA-256 instead of SHA-1 
This will currently require a hard reset of all passwords back to plain.
This will be least painful on new deployments.
 2019-01-13 14:02:56 +01:00
Kim Alvefur
73b75571e6 core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512) 2017-07-28 13:15:29 +02:00
Kim Alvefur
4234f60c4a mod_auth_internal_hashed: Split long lines [luacheck] 2017-04-04 01:26:26 +02:00
Kim Alvefur
5386166909 mod_auth_internal_hashed: Rename unused 'self' to _ [luacheck] 2017-04-04 01:26:09 +02:00
Kim Alvefur
938380cacc mod_auth_internal_hashed: Use util.hex 2015-05-18 21:00:41 +02:00
Florian Zeitz
e4186638c7 mod_auth_interal_hashed: Update salt and iteration count when setting a new password 2014-02-12 13:45:16 +01:00
Kim Alvefur
a10c051fb2 mod_auth_internal_hashed: Log calls to provider methods and be consistent with mod_auth_internal_plain 2013-08-10 20:19:40 +02:00
Kim Alvefur
31c364ad7f mod_auth_internal_hashed: Use logger setup by moduleapi instead of going for util.logger directly 2013-08-10 20:17:45 +02:00
Kim Alvefur
6ee727dd25 mod_auth_internal_hashed: Remove this 'initializing' message too 2013-08-10 20:15:25 +02:00
Florian Zeitz
1d833bb807 Remove all trailing whitespace 2013-08-09 17:48:21 +02:00
Kim Alvefur
61e1281073 mod_auth_internal_hashed, mod_auth_internal_plain, mod_privacy, mod_private, mod_register, mod_vcard, mod_muc: Use module:open_store() 2013-04-19 16:14:06 +02:00
Waqas Hussain
b1f22daa93 mod_auth_internal_plain, mod_auth_internal_hashed: No need to nodeprep here. 2013-01-22 08:26:08 +05:00
Kim Alvefur
ce8ed66881 mod_auth_internal_{plain,hashed}: Add support for iterating over accounts 2012-09-21 17:26:12 +02:00
Waqas Hussain
92515e7aa6 mod_auth_*: Use module:provides(). 2012-09-12 21:41:51 +05:00
Waqas Hussain
2e28c81f01 mod_auth_internal_hashed: Get rid of useless wrapper function new_hashpass_provider. 2012-09-12 21:40:00 +05:00
Matthew Wild
90342aaf3c mod_auth_internal_hashed: Remove COMPAT code (upgrading old hashed storage format from pre-0.8) 2012-04-28 03:59:31 +01:00
Matthew Wild
a4d38eb601 mod_auth_internal_hashed: Remove unused imports 2012-04-28 03:55:25 +01:00
Matthew Wild
afebf2da34 mod_auth_internal_{plain,hashed}: Clarify log messages on initialization 2012-03-11 20:56:09 +00:00
Waqas Hussain
9c85f1fccd mod_auth_*: Get rid of undocumented and broken 'sasl_realm' config option. 2011-02-23 01:34:46 +05:00
Matthew Wild
2e28b24183 mod_auth_internal_*: Support for delete_user method 2011-01-04 17:12:28 +00:00
Waqas Hussain
aa144af70e util.sasl.*, mod_auth_*, mod_saslauth: Pass SASL handler as first parameter to SASL profile callbacks. 2010-12-27 19:57:04 +05:00
Kim Alvefur
e535c73ca3 mod_auth_internal_hashed: Fix deleting users 2010-08-16 18:51:22 +02:00
Matthew Wild
a6e1eb7590 usermanager, mod_auth_internal_hashed, mod_legacyauth: New order of parameters for usermanager.test_password - username, host, password 2010-07-21 21:01:36 +01:00
Waqas Hussain
41da5ba5b5 mod_auth_internal_hashed: Fixed SCRAM-SHA-1 mechanism to not traceback on non-existent users. 2010-07-17 19:34:06 +05:00
Matthew Wild
c60ae1fda2 mod_auth_internal, mod_auth_internal_hashed: Remove checking for nil or empty password and pretending it means the user doesn't exist. Hopefully with more success than Custer. 2010-07-08 20:59:53 +01:00
Matthew Wild
02dddbbc8d mod_auth_internal_hashed: Update TODO comments to COMPAT 2010-06-22 20:54:15 +01:00