ejabberd - Comments for "Issue with registration of users over BOSH"

Thanks, works like a charm!

prasadv — Mon, 18 Apr 2016 20:02:24 +0000

Thanks, works like a charm!

Now I have hit a further blocker and have started a new thread for that. The problem being, as it seems, BOSH is still using default authentication, whereas I have used SCRAM in other modules.

So does BOSH support SCRAM authentication, and if it does want changes do I need to make?

Thanks.

Right, it expects a new

badlop — Mon, 18 Apr 2016 16:41:55 +0000

Right, it expects a new argument called AuthzId, so let's accept it even if it isn't used:

diff --git a/ejabberd_auth_http/src/ejabberd_auth_http.erl b/ejabberd_auth_http/src/ejabberd_auth_http.erl
index ba24194..85c59a1 100644
--- a/ejabberd_auth_http/src/ejabberd_auth_http.erl
+++ b/ejabberd_auth_http/src/ejabberd_auth_http.erl
@@ -15,8 +15,8 @@
 %% External exports
 -export([start/1,
          set_password/3,
-         check_password/3,
-         check_password/5,
+         check_password/4,
+         check_password/6,
          try_register/3,
          dirty_get_registered_users/0,
          get_vh_registered_users/1,
@@ -69,8 +69,8 @@ plain_password_required() ->
 store_type() ->
     ejabberd_auth_odbc:store_type().
 
--spec check_password(ejabberd:luser(), ejabberd:lserver(), binary()) -> boolean().
-check_password(LUser, LServer, Password) ->
+-spec check_password(ejabberd:luser(), binary(), ejabberd:lserver(), binary()) -> boolean().
+check_password(LUser, _AuthzId, LServer, Password) ->
     case scram2:enabled(LServer) of
         false ->
             case make_req(get, <<"check_password">>, LUser, LServer, Password) of
@@ -81,8 +81,8 @@ check_password(LUser, LServer, Password) ->
             {ok, true} =:= verify_scram_password(LUser, LServer, Password)
     end.
 
--spec check_password(ejabberd:luser(), ejabberd:lserver(), binary(), binary(), fun()) -> boolean().
-check_password(LUser, LServer, Password, Digest, DigestGen) ->
+-spec check_password(ejabberd:luser(), binary(), ejabberd:lserver(), binary(), binary(), fun()) -> boolean().
+check_password(LUser, _AuthzId, LServer, Password, Digest, DigestGen) ->
     case make_req(get, <<"get_password">>, LUser, LServer, <<"">>) of
         {error, _} ->
             false;
diff --git a/ejabberd_auth_http/src/scram2.erl b/ejabberd_auth_http/src/scram2.erl
index 065cef0..fda4771 100644
--- a/ejabberd_auth_http/src/scram2.erl
+++ b/ejabberd_auth_http/src/scram2.erl
@@ -179,8 +179,15 @@ scram_to_tuple(Scram) ->
 
 -spec check_digest(scram(), binary(), fun(), binary()) -> boolean().
 check_digest(#scram{storedkey = StoredKey}, Digest, DigestGen, Password) ->
-    Passwd = base64:decode(StoredKey),
-    ejabberd_auth:check_digest(Digest, DigestGen, Password, Passwd).
+    Passwd = jlib:decode_base64(StoredKey),
+    DigRes = if Digest /= <<"">> ->
+	      Digest == DigestGen(Passwd);
+	      true -> false
+	   end,
+    if DigRes -> true;
+       true -> (Passwd == Password) and (Password /= <<"">>)
+    end.
+
 
 -ifdef(no_crypto_hmac).
 crypto_hmac(sha, Key, Data) ->

Well, remember to compile and copy the beam file to the "proper place".

Hi Badlop, Thank you for this

prasadv — Fri, 15 Apr 2016 22:09:23 +0000

Hi Badlop,

Thank you for this patch, now further it appears that the API methods check_password/3 and check_password/5 have been changed to check_password/4 and check_password/6 respectively in auth modules, so encountering below error:

gen_fsm <0.580.0> in state wait_for_sasl_response terminated with reason: call to undefined function ejabberd_auth_http:check_password(<<"user">>, <<"password">>, <<"server">>, <<>>, <<"8021545d530d14a388d17f094d195a7b">>, #Fun)

If you have a patch for this as well it would be helpful.
Else please help me understand the new argument "AuthzId".

UPDATE: The changes made in the ejabberd_auth_http file to implement check_password methods with 4 and 6 arguments are not reflected even after successful compilation of this module. Why could this be?

Thanks.

Try with this patch: ---

badlop — Wed, 13 Apr 2016 13:29:25 +0000

Try with this patch:

--- a/ejabberd_auth_http/src/scram2.erl
+++ b/ejabberd_auth_http/src/scram2.erl
@@ -179,8 +179,15 @@ scram_to_tuple(Scram) ->
 
 -spec check_digest(scram(), binary(), fun(), binary()) -> boolean().
 check_digest(#scram{storedkey = StoredKey}, Digest, DigestGen, Password) ->
-    Passwd = base64:decode(StoredKey),
-    ejabberd_auth:check_digest(Digest, DigestGen, Password, Passwd).
+    Passwd = jlib:decode_base64(StoredKey),
+    DigRes = if Digest /= <<"">> ->
+             Digest == DigestGen(Passwd);
+             true -> false
+          end,
+    if DigRes -> true;
+       true -> (Passwd == Password) and (Password /= <<"">>)
+    end.
+
 
 -ifdef(no_crypto_hmac).
 crypto_hmac(sha, Key, Data) ->