From fca640f50f84c887175a6163065663dcb3eacada Mon Sep 17 00:00:00 2001
From: Holger Weiss <holger@zedat.fu-berlin.de>
Date: Tue, 20 May 2014 23:00:28 +0200
Subject: [PATCH] Don't use cached passwords if "extauth_cache: 0"

Regarding "extauth_cache", the guide says: "The integer 0 (zero) enables
caching for statistics, but doesn't use that cached information to
authenticate users."  Make sure the cached password isn't used even if
the user is currently logged in with another resource.
---
 src/ejabberd_auth_external.erl | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/ejabberd_auth_external.erl b/src/ejabberd_auth_external.erl
index 51c1c620a..74263f748 100644
--- a/src/ejabberd_auth_external.erl
+++ b/src/ejabberd_auth_external.erl
@@ -186,6 +186,8 @@ check_password_extauth(User, Server, Password) ->
 try_register_extauth(User, Server, Password) ->
     extauth:try_register(User, Server, Password).
 
+check_password_cache(User, Server, Password, 0) ->
+    check_password_external_cache(User, Server, Password);
 check_password_cache(User, Server, Password,
 		     CacheTime) ->
     case get_last_access(User, Server) of