mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-22 17:28:25 +01:00
Merge pull request #396 from hamano/scram-stringprep-checking
checking stringprep in scram authentication
This commit is contained in:
commit
4ef2d08456
@ -76,9 +76,11 @@ mech_step(#state{step = 2} = State, ClientIn) ->
|
||||
UserName ->
|
||||
case parse_attribute(ClientNonceAttribute) of
|
||||
{$r, ClientNonce} ->
|
||||
case (State#state.get_password)(UserName) of
|
||||
{Ret, _AuthModule} = (State#state.get_password)(UserName),
|
||||
case {Ret, jlib:resourceprep(Ret)} of
|
||||
{false, _} -> {error, <<"not-authorized">>, UserName};
|
||||
{Ret, _AuthModule} ->
|
||||
{_, error} -> ?WARNING_MSG("invalid password", []), {error, <<"not-authorized">>, UserName};
|
||||
{Ret, _} ->
|
||||
{StoredKey, ServerKey, Salt, IterationCount} =
|
||||
if is_tuple(Ret) -> Ret;
|
||||
true ->
|
||||
|
Loading…
Reference in New Issue
Block a user