1 local s_match
= string.match
;
2 local registerMechanism
= require
"util.sasl".registerMechanism
;
3 local saslprep
= require
"util.encodings".stringprep
.saslprep
;
4 local nodeprep
= require
"util.encodings".stringprep
.nodeprep
;
5 local log = require
"util.logger".init("sasl");
9 local function oauthbearer(self
, message
)
11 return "failure", "malformed-request";
14 local authorization
, password
= s_match(message
, "^n,a=([^,]*),\1auth=Bearer ([^\1]+)");
15 if not authorization
then
16 return "failure", "malformed-request";
19 local authentication
= s_match(authorization
, "(.-)@.*");
21 -- SASLprep password and authentication
22 authentication
= saslprep(authentication
);
23 password
= saslprep(password
);
25 if (not password
) or (password
== "") or (not authentication
) or (authentication
== "") then
26 log("debug", "Username or password violates SASLprep.");
27 return "failure", "malformed-request", "Invalid username or password.";
30 local _nodeprep
= self
.profile
.nodeprep
;
31 if _nodeprep
~= false then
32 authentication
= (_nodeprep
or nodeprep
)(authentication
);
33 if not authentication
or authentication
== "" then
34 return "failure", "malformed-request", "Invalid username or password."
38 local correct
, state
= false, false;
39 correct
, state
= self
.profile
.oauthbearer(self
, authentication
, password
, self
.realm
);
41 self
.username
= authentication
42 if state
== false then
43 return "failure", "account-disabled";
44 elseif state
== nil or not correct
then
45 return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent.";
50 registerMechanism("OAUTHBEARER", {"oauthbearer"}, oauthbearer
);
