Chapril
/
xmpp.chapril.org-ejabberd
mirror of https://github.com/processone/ejabberd.git
24
1
Fork 0
Code Releases Activity

Fix ejabberd_auth_jwt return types and regenerate ejabberd_option.erl

This commit is contained in:
Evgeny Khramtsov 2019-07-01 09:05:33 +03:00
parent 3e5c0a1df8
commit 3d82a5eee6
2 changed files with 13 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/ejabberd_auth_jwt.erl
View File

@ -31,7 +31,6 @@
-export([start/1, stop/1, check_password/4, -export([start/1, stop/1, check_password/4,
store_type/1, plain_password_required/1 store_type/1, plain_password_required/1
%,opt_type/1, options/0, globals/0
]). ]).
-include("xmpp.hrl"). -include("xmpp.hrl").
@ -48,16 +47,16 @@ plain_password_required(_Host) -> true.
store_type(_Host) -> external. store_type(_Host) -> external.
-spec check_password(binary(), binary(), binary(), binary()) -> boolean(). -spec check_password(binary(), binary(), binary(), binary()) -> {ets_cache:tag(), boolean()}.
check_password(User, AuthzId, Server, Token) -> check_password(User, AuthzId, Server, Token) ->
%% MREMOND: Should we move the AuthzId check at a higher level in %% MREMOND: Should we move the AuthzId check at a higher level in
%% the call stack? %% the call stack?
if AuthzId /= <<>> andalso AuthzId /= User -> if AuthzId /= <<>> andalso AuthzId /= User ->
false; {nocache, false};
true -> true ->
if Token == <<"">> -> false; if Token == <<"">> -> {nocache, false};
true -> true ->
check_jwt_token(User, Server, Token) {nocache, check_jwt_token(User, Server, Token)}
end end
end. end.
@ -102,28 +101,7 @@ check_jwt_token(User, Server, Token) ->
end. end.
get_jwk(Host) -> get_jwk(Host) ->
jose_jwk:from_binary(ejabberd_config:get_option({jwt_key, Host})). jose_jwk:from_binary(ejabberd_option:jwt_key(Host)).
%%%----------------------------------------------------------------------
%%% Options for JWT authentication modules
%%%----------------------------------------------------------------------
%-spec opt_type(atom()) -> fun((any()) -> any()) | [atom()].
%
%%%% name: jwt_key
%%%% type: binary
%%%% description: JWT key used to validate JWT tokens.
%%%% Default: none
%%%% Mandatory: yes
%opt_type(jwt_key) -> fun iolist_to_binary/1;
%
%%%% Available options:
%opt_type(_) -> [jwt_key].
%
%options() ->
% [{jwt_key, <<"">>}].
%
%globals() ->
% [jwt_key].
%% TODO: auth0 username is defined in 'jid' field, but we should %% TODO: auth0 username is defined in 'jid' field, but we should
%% allow customizing the name of the field containing the username %% allow customizing the name of the field containing the username

8
src/ejabberd_option.erl
View File

@ -50,6 +50,7 @@
-export([host_config/0]). -export([host_config/0]).
-export([hosts/0]). -export([hosts/0]).
-export([include_config_file/0, include_config_file/1]). -export([include_config_file/0, include_config_file/1]).
-export([jwt_key/0, jwt_key/1]).
-export([language/0, language/1]). -export([language/0, language/1]).
-export([ldap_backups/0, ldap_backups/1]). -export([ldap_backups/0, ldap_backups/1]).
-export([ldap_base/0, ldap_base/1]). -export([ldap_base/0, ldap_base/1]).
@ -430,6 +431,13 @@ include_config_file() ->
include_config_file(Host) -> include_config_file(Host) ->
ejabberd_config:get_option({include_config_file, Host}). ejabberd_config:get_option({include_config_file, Host}).
-spec jwt_key() -> binary().
jwt_key() ->
jwt_key(global).
-spec jwt_key(global | binary()) -> binary().
jwt_key(Host) ->
ejabberd_config:get_option({jwt_key, Host}).
-spec language() -> binary(). -spec language() -> binary().
language() -> language() ->
language(global). language(global).