From 3d82a5eee64528449cdde5d85f47b89dea188634 Mon Sep 17 00:00:00 2001
From: Evgeny Khramtsov <ekhramtsov@process-one.net>
Date: Mon, 1 Jul 2019 09:05:33 +0300
Subject: [PATCH] Fix ejabberd_auth_jwt return types and regenerate
 ejabberd_option.erl

---
 src/ejabberd_auth_jwt.erl | 32 +++++---------------------------
 src/ejabberd_option.erl   |  8 ++++++++
 2 files changed, 13 insertions(+), 27 deletions(-)

diff --git a/src/ejabberd_auth_jwt.erl b/src/ejabberd_auth_jwt.erl
index 6be151405..8bf622346 100644
--- a/src/ejabberd_auth_jwt.erl
+++ b/src/ejabberd_auth_jwt.erl
@@ -31,7 +31,6 @@
 
 -export([start/1, stop/1, check_password/4,
 	 store_type/1, plain_password_required/1
-         %,opt_type/1, options/0, globals/0
         ]).
 
 -include("xmpp.hrl").
@@ -48,16 +47,16 @@ plain_password_required(_Host) -> true.
 
 store_type(_Host) -> external.
 
--spec check_password(binary(), binary(), binary(), binary()) -> boolean().
+-spec check_password(binary(), binary(), binary(), binary()) -> {ets_cache:tag(), boolean()}.
 check_password(User, AuthzId, Server, Token) ->
     %% MREMOND: Should we move the AuthzId check at a higher level in
     %%          the call stack?
     if AuthzId /= <<>> andalso AuthzId /= User ->
-            false;
+            {nocache, false};
        true ->
-            if Token == <<"">> -> false;
+            if Token == <<"">> -> {nocache, false};
                true ->
-                    check_jwt_token(User, Server, Token)
+                    {nocache, check_jwt_token(User, Server, Token)}
             end
     end.
 
@@ -102,28 +101,7 @@ check_jwt_token(User, Server, Token) ->
     end.
 
 get_jwk(Host) ->
-    jose_jwk:from_binary(ejabberd_config:get_option({jwt_key, Host})).
-
-%%%----------------------------------------------------------------------
-%%% Options for JWT authentication modules
-%%%----------------------------------------------------------------------
-%-spec opt_type(atom()) -> fun((any()) -> any()) | [atom()].
-%
-%%%% name: jwt_key
-%%%% type: binary
-%%%% description: JWT key used to validate JWT tokens.
-%%%% Default: none
-%%%% Mandatory: yes
-%opt_type(jwt_key) -> fun iolist_to_binary/1;
-%
-%%%% Available options:
-%opt_type(_) -> [jwt_key].
-%
-%options() ->
-%    [{jwt_key, <<"">>}].
-%
-%globals() ->
-%    [jwt_key].
+    jose_jwk:from_binary(ejabberd_option:jwt_key(Host)).
 
 %% TODO: auth0 username is defined in 'jid' field, but we should
 %% allow customizing the name of the field containing the username
diff --git a/src/ejabberd_option.erl b/src/ejabberd_option.erl
index 188a416bf..ca8e0262c 100644
--- a/src/ejabberd_option.erl
+++ b/src/ejabberd_option.erl
@@ -50,6 +50,7 @@
 -export([host_config/0]).
 -export([hosts/0]).
 -export([include_config_file/0, include_config_file/1]).
+-export([jwt_key/0, jwt_key/1]).
 -export([language/0, language/1]).
 -export([ldap_backups/0, ldap_backups/1]).
 -export([ldap_base/0, ldap_base/1]).
@@ -430,6 +431,13 @@ include_config_file() ->
 include_config_file(Host) ->
     ejabberd_config:get_option({include_config_file, Host}).
 
+-spec jwt_key() -> binary().
+jwt_key() ->
+    jwt_key(global).
+-spec jwt_key(global | binary()) -> binary().
+jwt_key(Host) ->
+    ejabberd_config:get_option({jwt_key, Host}).
+
 -spec language() -> binary().
 language() ->
     language(global).