1 |
|
%%% @doc Behaviour and API for authentication backends |
2 |
|
-module(mongoose_gen_auth). |
3 |
|
|
4 |
|
-export([start/2, |
5 |
|
stop/2, |
6 |
|
config_spec/1, |
7 |
|
supports_sasl_module/3, |
8 |
|
authorize/2, |
9 |
|
check_password/5, |
10 |
|
check_password/7, |
11 |
|
set_password/5, |
12 |
|
try_register/5, |
13 |
|
get_registered_users/4, |
14 |
|
get_registered_users_number/4, |
15 |
|
get_password/4, |
16 |
|
get_password_s/4, |
17 |
|
does_user_exist/4, |
18 |
|
supported_features/1, |
19 |
|
remove_user/4, |
20 |
|
remove_domain/3]). |
21 |
|
|
22 |
|
-ignore_xref([behaviour_info/1]). |
23 |
|
|
24 |
|
-import(mongoose_lib, [is_exported/3]). |
25 |
|
|
26 |
|
-type t() :: module(). |
27 |
|
-export_type([t/0]). |
28 |
|
|
29 |
|
%% Mandatory callbacks |
30 |
|
|
31 |
|
-callback start(HostType :: mongooseim:host_type()) -> ok. |
32 |
|
|
33 |
|
-callback stop(HostType :: mongooseim:host_type()) -> ok. |
34 |
|
|
35 |
|
-callback config_spec() -> mongoose_config_spec:config_section(). |
36 |
|
|
37 |
|
-callback supports_sasl_module(HostType :: mongooseim:host_type(), |
38 |
|
Module :: cyrsasl:sasl_module()) -> |
39 |
|
boolean(). |
40 |
|
|
41 |
|
-callback does_user_exist(HostType :: mongooseim:host_type(), |
42 |
|
User :: jid:luser(), |
43 |
|
Server :: jid:lserver()) -> |
44 |
|
boolean() | {error, atom()}. |
45 |
|
|
46 |
|
%% credentials already contain host type |
47 |
|
-callback authorize(mongoose_credentials:t()) -> {ok, mongoose_credentials:t()} |
48 |
|
| {error, any()}. |
49 |
|
|
50 |
|
%% Optional callbacks |
51 |
|
|
52 |
|
-callback try_register(HostType :: mongooseim:host_type(), |
53 |
|
User :: jid:luser(), |
54 |
|
Server :: jid:lserver(), |
55 |
|
Password :: binary()) -> |
56 |
|
ok | {error, exists | not_allowed | term()}. |
57 |
|
|
58 |
|
-callback get_registered_users(HostType :: mongooseim:host_type(), |
59 |
|
Server :: jid:lserver(), |
60 |
|
Opts :: list()) -> |
61 |
|
[jid:simple_bare_jid()]. |
62 |
|
|
63 |
|
-callback get_registered_users_number(HostType :: mongooseim:host_type(), |
64 |
|
Server :: jid:lserver(), |
65 |
|
Opts :: list()) -> |
66 |
|
non_neg_integer(). |
67 |
|
|
68 |
|
-callback get_password(HostType :: mongooseim:host_type(), |
69 |
|
User :: jid:luser(), |
70 |
|
Server :: jid:lserver()) -> |
71 |
|
ejabberd_auth:passterm() | false. |
72 |
|
|
73 |
|
-callback get_password_s(HostType :: mongooseim:host_type(), |
74 |
|
User :: jid:luser(), |
75 |
|
Server :: jid:lserver()) -> |
76 |
|
binary(). |
77 |
|
|
78 |
|
-callback set_password(HostType :: mongooseim:host_type(), |
79 |
|
User :: jid:luser(), |
80 |
|
Server :: jid:lserver(), |
81 |
|
Password :: binary()) -> |
82 |
|
ok | {error, not_allowed | invalid_jid | user_not_found}. |
83 |
|
|
84 |
|
-callback remove_user(HostType :: mongooseim:host_type(), |
85 |
|
User :: jid:luser(), |
86 |
|
Server :: jid:lserver()) -> |
87 |
|
ok | {error, not_allowed}. |
88 |
|
|
89 |
|
-callback remove_domain(HostType :: mongooseim:host_type(), Server :: jid:lserver()) -> |
90 |
|
ok | {error, term()}. |
91 |
|
|
92 |
|
-callback supported_features() -> [Feature::atom()]. |
93 |
|
|
94 |
|
%% Implementation of check_password callbacks is required |
95 |
|
%% for the corresponding check_password interfaces of ejabberd_auth module. |
96 |
|
%% |
97 |
|
%% With the help of ejabberd_auth:authorize_with_check_password/2 function, |
98 |
|
%% these callbacks can be reused to simplify implementation of the M:authorize/1 interface. |
99 |
|
-callback check_password(HostType :: mongooseim:host_type(), |
100 |
|
LUser :: jid:luser(), |
101 |
|
LServer :: jid:lserver(), |
102 |
|
Password :: binary()) -> boolean(). |
103 |
|
|
104 |
|
-callback check_password(HostType :: mongooseim:host_type(), |
105 |
|
LUser :: jid:luser(), |
106 |
|
LServer :: jid:lserver(), |
107 |
|
Password :: binary(), |
108 |
|
Digest :: binary(), |
109 |
|
DigestGen :: fun()) -> boolean(). |
110 |
|
|
111 |
|
%% See the API function definitions below for default values |
112 |
|
-optional_callbacks([config_spec/0, |
113 |
|
try_register/4, |
114 |
|
get_registered_users/3, |
115 |
|
get_registered_users_number/3, |
116 |
|
get_password/3, |
117 |
|
get_password_s/3, |
118 |
|
set_password/4, |
119 |
|
remove_user/3, |
120 |
|
remove_domain/2, |
121 |
|
supported_features/0, |
122 |
|
check_password/4, |
123 |
|
check_password/6]). |
124 |
|
|
125 |
|
-include("mongoose_config_spec.hrl"). |
126 |
|
|
127 |
|
%% API |
128 |
|
|
129 |
|
-spec start(ejabberd_auth:authmodule(), mongooseim:host_type()) -> ok. |
130 |
|
start(Mod, HostType) -> |
131 |
562 |
Mod:start(HostType). |
132 |
|
|
133 |
|
-spec stop(ejabberd_auth:authmodule(), mongooseim:host_type()) -> ok. |
134 |
|
stop(Mod, HostType) -> |
135 |
1 |
Mod:stop(HostType). |
136 |
|
|
137 |
|
-spec config_spec(ejabberd_auth:authmodule()) -> mongoose_config_spec:config_section(). |
138 |
|
config_spec(Mod) -> |
139 |
1872 |
case is_exported(Mod, config_spec, 0) of |
140 |
1456 |
true -> Mod:config_spec(); |
141 |
416 |
false -> #section{} |
142 |
|
end. |
143 |
|
|
144 |
|
-spec supports_sasl_module(ejabberd_auth:authmodule(), mongooseim:host_type(), |
145 |
|
cyrsasl:sasl_module()) -> boolean(). |
146 |
|
supports_sasl_module(Mod, HostType, SASLModule) -> |
147 |
169412 |
Mod:supports_sasl_module(HostType, SASLModule). |
148 |
|
|
149 |
|
-spec does_user_exist(ejabberd_auth:authmodule(), mongooseim:host_type(), |
150 |
|
jid:luser(), jid:lserver()) -> |
151 |
|
boolean() | {error, atom()}. |
152 |
|
does_user_exist(Mod, HostType, LUser, LServer) -> |
153 |
16485 |
Mod:does_user_exist(HostType, LUser, LServer). |
154 |
|
|
155 |
|
-spec authorize(ejabberd_auth:authmodule(), mongoose_credentials:t()) -> |
156 |
|
{ok, mongoose_credentials:t()} | {error, any()}. |
157 |
|
authorize(Mod, Creds) -> |
158 |
7004 |
Mod:authorize(Creds). |
159 |
|
|
160 |
|
-spec try_register(ejabberd_auth:authmodule(), mongooseim:host_type(), |
161 |
|
jid:luser(), jid:lserver(), binary()) -> |
162 |
|
ok | {error, exists | not_allowed | term()}. |
163 |
|
try_register(Mod, HostType, LUser, LServer, Password) -> |
164 |
6087 |
case is_exported(Mod, try_register, 4) of |
165 |
6086 |
true -> Mod:try_register(HostType, LUser, LServer, Password); |
166 |
1 |
false -> {error, not_allowed} |
167 |
|
end. |
168 |
|
|
169 |
|
-spec get_registered_users(ejabberd_auth:authmodule(), mongooseim:host_type(), |
170 |
|
jid:lserver(), list()) -> |
171 |
|
[jid:simple_bare_jid()]. |
172 |
|
get_registered_users(Mod, HostType, LServer, Opts) -> |
173 |
271 |
case is_exported(Mod, get_registered_users, 3) of |
174 |
271 |
true -> Mod:get_registered_users(HostType, LServer, Opts); |
175 |
:-( |
false -> [] |
176 |
|
end. |
177 |
|
|
178 |
|
-spec get_registered_users_number(ejabberd_auth:authmodule(), mongooseim:host_type(), |
179 |
|
jid:lserver(), list()) -> |
180 |
|
non_neg_integer(). |
181 |
|
get_registered_users_number(Mod, HostType, LServer, Opts) -> |
182 |
6336 |
case is_exported(Mod, get_registered_users_number, 3) of |
183 |
6331 |
true -> Mod:get_registered_users_number(HostType, LServer, Opts); |
184 |
5 |
false -> 0 |
185 |
|
end. |
186 |
|
|
187 |
|
-spec get_password(ejabberd_auth:authmodule(), mongooseim:host_type(), |
188 |
|
jid:luser(), jid:lserver()) -> |
189 |
|
ejabberd_auth:passterm() | false. |
190 |
|
get_password(Mod, HostType, LUser, LServer) -> |
191 |
129 |
case is_exported(Mod, get_password, 3) of |
192 |
129 |
true -> Mod:get_password(HostType, LUser, LServer); |
193 |
:-( |
false -> false |
194 |
|
end. |
195 |
|
|
196 |
|
-spec get_password_s(ejabberd_auth:authmodule(), mongooseim:host_type(), |
197 |
|
jid:luser(), jid:lserver()) -> |
198 |
|
binary(). |
199 |
|
get_password_s(Mod, HostType, LUser, LServer) -> |
200 |
17 |
case is_exported(Mod, get_password_s, 3) of |
201 |
17 |
true -> Mod:get_password_s(HostType, LUser, LServer); |
202 |
:-( |
false -> <<>> |
203 |
|
end. |
204 |
|
|
205 |
|
-spec set_password(ejabberd_auth:authmodule(), mongooseim:host_type(), |
206 |
|
jid:luser(), jid:lserver(), binary()) -> |
207 |
|
ok | {error, not_allowed | invalid_jid}. |
208 |
|
set_password(Mod, HostType, LUser, LServer, Password) -> |
209 |
11 |
case is_exported(Mod, set_password, 4) of |
210 |
11 |
true -> Mod:set_password(HostType, LUser, LServer, Password); |
211 |
:-( |
false -> {error, not_allowed} |
212 |
|
end. |
213 |
|
|
214 |
|
-spec remove_user(ejabberd_auth:authmodule(), mongooseim:host_type(), |
215 |
|
jid:luser(), jid:lserver()) -> |
216 |
|
ok | {error, not_allowed}. |
217 |
|
remove_user(Mod, HostType, LUser, LServer) -> |
218 |
6064 |
case is_exported(Mod, remove_user, 3) of |
219 |
6064 |
true -> Mod:remove_user(HostType, LUser, LServer); |
220 |
:-( |
false -> {error, not_allowed} |
221 |
|
end. |
222 |
|
|
223 |
|
-spec remove_domain(ejabberd_auth:authmodule(), mongooseim:host_type(), jid:lserver()) -> |
224 |
|
ok | {error, term()}. |
225 |
|
remove_domain(Mod, HostType, Domain) -> |
226 |
26 |
case is_exported(Mod, remove_domain, 2) of |
227 |
26 |
true -> Mod:remove_domain(HostType, Domain); |
228 |
:-( |
false -> ok |
229 |
|
end. |
230 |
|
|
231 |
|
-spec supported_features(ejabberd_auth:authmodule()) -> [atom()]. |
232 |
|
supported_features(Mod) -> |
233 |
249 |
case is_exported(Mod, supported_features, 0) of |
234 |
249 |
true -> Mod:supported_features(); |
235 |
:-( |
false -> [] |
236 |
|
end. |
237 |
|
|
238 |
|
-spec check_password(ejabberd_auth:authmodule(), mongooseim:host_type(), |
239 |
|
jid:luser(), jid:lserver(), binary()) -> boolean(). |
240 |
|
check_password(Mod, HostType, LUser, LServer, Password) -> |
241 |
6961 |
case is_exported(Mod, check_password, 4) of |
242 |
6961 |
true -> Mod:check_password(HostType, LUser, LServer, Password); |
243 |
:-( |
false -> false |
244 |
|
end. |
245 |
|
|
246 |
|
-spec check_password(ejabberd_auth:authmodule(), mongooseim:host_type(), |
247 |
|
jid:luser(), jid:lserver(), binary(), binary(), fun()) -> boolean(). |
248 |
|
check_password(Mod, HostType, LUser, LServer, Password, Digest, DigestGen) -> |
249 |
1 |
case is_exported(Mod, check_password, 6) of |
250 |
1 |
true -> Mod:check_password(HostType, LUser, LServer, Password, Digest, DigestGen); |
251 |
:-( |
false -> false |
252 |
|
end. |