mirror of
https://github.com/processone/ejabberd.git
synced 2024-06-14 22:00:16 +02:00
checking stringprep in scram authentication
This commit is contained in:
parent
afaf68159d
commit
ede5a353e8
|
@ -76,9 +76,11 @@ mech_step(#state{step = 2} = State, ClientIn) ->
|
||||||
UserName ->
|
UserName ->
|
||||||
case parse_attribute(ClientNonceAttribute) of
|
case parse_attribute(ClientNonceAttribute) of
|
||||||
{$r, ClientNonce} ->
|
{$r, ClientNonce} ->
|
||||||
case (State#state.get_password)(UserName) of
|
{Ret, _AuthModule} = (State#state.get_password)(UserName),
|
||||||
|
case {Ret, jlib:resourceprep(Ret)} of
|
||||||
{false, _} -> {error, <<"not-authorized">>, UserName};
|
{false, _} -> {error, <<"not-authorized">>, UserName};
|
||||||
{Ret, _AuthModule} ->
|
{_, error} -> ?WARNING_MSG("invalid password", []), {error, <<"not-authorized">>, UserName};
|
||||||
|
{Ret, _} ->
|
||||||
{StoredKey, ServerKey, Salt, IterationCount} =
|
{StoredKey, ServerKey, Salt, IterationCount} =
|
||||||
if is_tuple(Ret) -> Ret;
|
if is_tuple(Ret) -> Ret;
|
||||||
true ->
|
true ->
|
||||||
|
|
Loading…
Reference in New Issue
Block a user