25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-22 17:28:25 +01:00

Merge pull request #396 from hamano/scram-stringprep-checking

checking stringprep in scram authentication
This commit is contained in:
Evgeny Khramtsov 2015-01-08 11:02:23 +03:00
commit 4ef2d08456

View File

@ -76,9 +76,11 @@ mech_step(#state{step = 2} = State, ClientIn) ->
UserName ->
case parse_attribute(ClientNonceAttribute) of
{$r, ClientNonce} ->
case (State#state.get_password)(UserName) of
{Ret, _AuthModule} = (State#state.get_password)(UserName),
case {Ret, jlib:resourceprep(Ret)} of
{false, _} -> {error, <<"not-authorized">>, UserName};
{Ret, _AuthModule} ->
{_, error} -> ?WARNING_MSG("invalid password", []), {error, <<"not-authorized">>, UserName};
{Ret, _} ->
{StoredKey, ServerKey, Salt, IterationCount} =
if is_tuple(Ret) -> Ret;
true ->