MojoAuth module

Permits use of MojoAuth (http://mojoauth.mojolingo.com/) in ejabberd. MojoAuth is a set of standard approaches to cross-app authentication based on HMAC which is specified in RFC2104.
processone · Apr 14, 2015 · 5603ceb · 5603ceb
1 parent 07ec735
commit 5603ceb
Show file tree

Hide file tree

Showing 3 changed files with 101 additions and 1 deletion.
diff --git a/rebar.config.script b/rebar.config.script
@@ -62,6 +62,7 @@ Deps = [{p1_cache_tab, ".*", {git, "git://github.com/processone/cache_tab"}},
 	{p1_stun, ".*", {git, "git://github.com/processone/stun"}},
         {p1_yaml, ".*", {git, "git://github.com/processone/p1_yaml"}},
         {ehyperloglog, ".*", {git, "https://github.com/vaxelfel/eHyperLogLog.git"}},
+        {mojoauth, ".*", {git, "https://github.com/mojolingo/mojoauth.erl.git"}},
         {p1_utils, ".*", {git, "git://github.com/processone/p1_utils"}}],
 
 ConfigureCmd = fun(Pkg, Flags) ->

diff --git a/src/ejabberd_auth.erl b/src/ejabberd_auth.erl
@@ -134,7 +134,7 @@ check_password(User, AuthzId, Server, Password, Digest,
 %%     {true, AuthModule} | false
 %% where
 %%   AuthModule = ejabberd_auth_anonymous | ejabberd_auth_external
-%%                 | ejabberd_auth_internal | ejabberd_auth_ldap
+%%                 | ejabberd_auth_internal | ejabberd_auth_ldap | ejabberd_auth_mojoauth
 %%                 | ejabberd_auth_odbc | ejabberd_auth_pam | ejabberd_auth_riak
 -spec check_password_with_authmodule(binary(), binary(), binary(), binary()) -> false |
                                                                       {true, atom()}.

diff --git a/src/ejabberd_auth_mojoauth.erl b/src/ejabberd_auth_mojoauth.erl
@@ -0,0 +1,99 @@
+%%%----------------------------------------------------------------------
+%%% File    : ejabberd_auth_mojoauth.erl
+%%% Author  : Ben Langfeld <[email protected]>
+%%% Purpose : Authentication via MojoAuth (http://mojoauth.mojolingo.com/)
+%%% Created : 18 February 2015 by Ben Langfeld <[email protected]>
+%%%
+%%%
+%%% ejabberd, Copyright (C) 2002-2015   ProcessOne
+%%%
+%%% This program is free software; you can redistribute it and/or
+%%% modify it under the terms of the GNU General Public License as
+%%% published by the Free Software Foundation; either version 2 of the
+%%% License, or (at your option) any later version.
+%%%
+%%% This program is distributed in the hope that it will be useful,
+%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%%% General Public License for more details.
+%%%
+%%% You should have received a copy of the GNU General Public License along
+%%% with this program; if not, write to the Free Software Foundation, Inc.,
+%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+%%%
+%%%----------------------------------------------------------------------
+
+-module(ejabberd_auth_mojoauth).
+
+-author('[email protected]').
+
+-behaviour(ejabberd_auth).
+
+%% External exports
+-export([start/1, set_password/3, check_password/4,
+		 check_password/6, try_register/3,
+		 dirty_get_registered_users/0, get_vh_registered_users/1,
+		 get_vh_registered_users/2,
+		 get_vh_registered_users_number/1,
+		 get_vh_registered_users_number/2, get_password/2,
+		 get_password_s/2, is_user_exists/2, remove_user/2,
+		 remove_user/3, store_type/0,
+		 plain_password_required/0]).
+
+-include("ejabberd.hrl").
+-include("logger.hrl").
+
+%%%----------------------------------------------------------------------
+%%% API
+%%%----------------------------------------------------------------------
+start(Host) ->
+	ejabberd_auth_internal:start(Host).
+
+plain_password_required() -> true.
+
+store_type() -> external.
+
+secret(Server) ->
+  LServer = jlib:nameprep(Server),
+	ejabberd_config:get_option(
+		{mojoauth_secret, LServer},
+		fun(V) -> iolist_to_binary(V) end,
+		"mojoauth").
+
+check_password(User, AuthzId, Server, Password) ->
+	case mojoauth:test_credentials([{username, User}, {password, Password}], secret(Server)) of
+		{ok, AuthzId} -> true;
+		_ -> false
+	end.
+
+check_password(User, AuthzId, Server, Password, _Digest, _DigestGen) ->
+	check_password(User, AuthzId, Server, Password).
+
+set_password(_User, _Server, _Password) -> {error, not_allowed}.
+
+try_register(_User, _Server, _Password) -> {error, not_allowed}.
+
+dirty_get_registered_users() ->
+	ejabberd_auth_internal:dirty_get_registered_users().
+
+get_vh_registered_users(Server) ->
+	ejabberd_auth_internal:get_vh_registered_users(Server).
+
+get_vh_registered_users(Server, Data) ->
+	ejabberd_auth_internal:get_vh_registered_users(Server, Data).
+
+get_vh_registered_users_number(Server) ->
+	ejabberd_auth_internal:get_vh_registered_users_number(Server).
+
+get_vh_registered_users_number(Server, Data) ->
+	ejabberd_auth_internal:get_vh_registered_users_number(Server, Data).
+
+get_password(_User, _Server) -> false.
+
+get_password_s(_User, _Server) -> <<"">>.
+
+is_user_exists(_User, _Server) -> true.
+
+remove_user(_User, _Server) -> false.
+
+remove_user(_User, _Server, _Password) -> false.