./ct_report/coverage/cyrsasl_external_verification.COVER.html

1 %%%=============================================================================
2 %%% @copyright (C) 1999-2020, Erlang Solutions Ltd
3 %%% @doc cyrsasl external verification backend
4 %%%
5 %%% this module is added only for the demo and testing purposes.
6 %%%
7 %%% if your custom verification backend requires any initialisation/termination
8 %%% logic, it can be added by implementation of 'gen_mod' or 'mongoose_service'
9 %%% behaviour.
10 %%%
11 %%% the next extra fields are added to the mongoose_credentials record by
12 %%% the cyrsasl_external module:
13 %%% * pem_cert - certificate in PEM format
14 %%% * der_cert - certificate in DER format
15 %%% * common_name - CN field (bitstring) of the client's cert (if available)
16 %%% * xmpp_addresses - list of provided "xmppAddr" fields (bare jids) provided in
17 %%% the client's certificate (empty list if not available)
18 %%% * auth_id - authorization identity (bare jid, if provided by the client)
19 %%%
20 %%% this verification module picks user name of a JID provided in one of the following
21 %%% sources:
22 %%% * auth_id (if provided by the client)
23 %%% * xmpp_addresses (ignored if list is empty or contains more than one JID)
24 %%% * common_name
25 %%% sources are checked in the same order as mentioned in the list above, the first
26 %%% successful source is selected. the server part of the JID is verified and it must
27 %%% correspond to the host were user is trying to connect.
28 %%% @end
29 %%%=============================================================================
30 -module(cyrsasl_external_verification).
31 -behaviour(cyrsasl_external).
32
33 %% API
34 -export([verify_creds/1]).
35
36 -include_lib("jid/include/jid.hrl").
37 -include("mongoose_logger.hrl").
38
39 -spec verify_creds(Creds :: mongoose_credentials:t()) ->
40 {ok, Username :: binary()} | {error, Error :: binary()}.
41
42 verify_creds(Creds) ->
43 18 AuthId = mongoose_credentials:get(Creds, auth_id, undefined),
44 18 Addrs = mongoose_credentials:get(Creds, xmpp_addresses),
45 18 XmppAddr = case Addrs of
46 3 [Addr] -> Addr;
47 15 _ -> undefined
48 end,
49 18 CN = mongoose_credentials:get(Creds, common_name, undefined),
50 18 Sources = [AuthId, XmppAddr, CN, <<"">>],
51 18 [JID | _] = [Name || Name <- Sources, Name =/= undefined],
52 18 Server = mongoose_credentials:lserver(Creds),
53 18 case jid:from_binary(JID) of
54 #jid{luser = User, lserver = Server, lresource = <<"">>} when User =/= <<"">> ->
55 12 {ok, User};
56 Result ->
57 6 ?LOG_ERROR(#{what => cyrsasl_external_verification_failed,
58 xmpp_addresses => Addrs, server => Server,
59
:-(
auth_sources => Sources, result => Result}),
60 6 {error, <<"not-authorized">>}
61 end.
Line Hits Source