Add SCRAM and remove MD5 support to ejabberd commands auth verification

doc/guide.tex

@@ -5010,7 +5010,6 @@ In this example there is no restriction:
 \end{verbatim}
 
 If account \term{robot1@example.org} is registered in \ejabberd{} with password \term{abcdef}
-(which MD5 is E8B501798950FC58AAD83C8C14978E),
 and \term{ejabberd.cfg} contains this setting:
 \begin{verbatim}
 {hosts, ["example.org"]}.
@@ -5022,7 +5021,7 @@ then you can do this in the shell:
 \begin{verbatim}
 $ ejabberdctl registered_users example.org
 Error: no_auth_provided
-$ ejabberdctl --auth robot1 example.org E8B501798950FC58AAD83C8C14978E registered_users example.org
+$ ejabberdctl --auth robot1 example.org abcdef registered_users example.org
 robot1
 testuser1
 testuser2
@@ -5215,7 +5214,6 @@ and is Username, Hostname and Password of a local XMPP account
 that has permission to execute the corresponding command.
 This means that the account must be registered in the local ejabberd,
 because the information will be verified.
-It is possible to provide the plaintext password or its MD5 sum.
 
 When one or several access restrictions are defined and the
 authentication information is provided,

src/ejabberd_commands.erl

@@ -381,18 +381,13 @@ check_auth(noauth) ->
     no_auth_provided;
 check_auth({User, Server, Password}) ->
     %% Check the account exists and password is valid
-    AccountPass = ejabberd_auth:get_password_s(User, Server),
-    AccountPassMD5 = get_md5(AccountPass),
-    case Password of
-	AccountPass -> {ok, User, Server};
-	AccountPassMD5 -> {ok, User, Server};
-	_ -> throw({error, invalid_account_data})
+    case ejabberd_auth:check_password(User, Server, Password) of
+	true ->
+	    {ok, User, Server};
+	false ->
+	    throw({error, invalid_account_data})
     end.
 
-get_md5(AccountPass) ->
-    lists:flatten([io_lib:format("~.16B", [X])
-		   || X <- binary_to_list(crypto:md5(AccountPass))]).
-
 check_access(all, _) ->
     true;
 check_access(Access, Auth) ->