From d8d9ef32adf75caa93477692e0a423f8a4c4de6b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Chmielowski?= <pchmielowski@process-one.net>
Date: Mon, 14 Dec 2020 16:42:14 +0100
Subject: [PATCH] Make anonymous auth not override sasl mechaninsm offered by
 other modules

This stop overriding store_type when anonymous is enabled with other
auth modules, we don't really need that since anonymous is not taking
passwords anyway, and this was disabling scram mechanisms.

This fixes issue #2803.
---
 src/ejabberd_auth.erl | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/src/ejabberd_auth.erl b/src/ejabberd_auth.erl
index f5530b9ea..0911d333f 100644
--- a/src/ejabberd_auth.erl
+++ b/src/ejabberd_auth.erl
@@ -197,16 +197,21 @@ plain_password_required(Server) ->
 
 -spec store_type(binary()) -> plain | scram | external.
 store_type(Server) ->
-    lists:foldl(
-      fun(_, external) -> external;
-	 (M, scram) ->
-	      case M:store_type(Server) of
-		  external -> external;
-		  _ -> scram
-	      end;
-	 (M, plain) ->
-	      M:store_type(Server)
-      end, plain, auth_modules(Server)).
+    case auth_modules(Server) of
+	[ejabberd_auth_anonymous] -> external;
+	Modules ->
+	    lists:foldl(
+		fun(ejabberd_auth_anonymous, Type) -> Type;
+		   (_, external) -> external;
+		   (M, scram) ->
+		       case M:store_type(Server) of
+			   external -> external;
+			   _ -> scram
+		       end;
+		   (M, plain) ->
+		       M:store_type(Server)
+		end, plain, Modules)
+    end.
 
 -spec check_password(binary(), binary(), binary(), binary()) -> boolean().
 check_password(User, AuthzId, Server, Password) ->