Class: Vines::Stream::SASL

Inherits:

Object

Object
Vines::Stream::SASL

show all

Includes:: Log

Defined in:: lib/vines/stream/sasl.rb

Overview

Provides plain (username/password) and external (TLS certificate) SASL authentication to client and server streams.

Constant Summary collapse

EMPTY =

'='.freeze

Instance Method Summary collapse

#external_auth(encoded) ⇒ Object

Authenticate s2s streams, comparing their domain to their SSL certificate.
#initialize(stream) ⇒ SASL constructor

A new instance of SASL.
#plain_auth(encoded) ⇒ Object

Authenticate c2s streams using a username and password.

Methods included from Log

#log

Constructor Details

#initialize(stream) ⇒ `SASL`

Returns a new instance of SASL.



11
12
13

# File 'lib/vines/stream/sasl.rb', line 11

def initialize(stream)
  @stream = stream
end

Instance Method Details

#external_auth(encoded) ⇒ `Object`

Authenticate s2s streams, comparing their domain to their SSL certificate. Return true if the base64 encoded domain matches the TLS certificate presented earlier in stream negotiation. Raise a SaslError if authentication failed. xmpp.org/extensions/xep-0178.html#s2s

# File 'lib/vines/stream/sasl.rb', line 20

def external_auth(encoded)
  unless encoded == EMPTY
    authzid = decode64(encoded)
    matches_from = (authzid == @stream.remote_domain)
    raise SaslErrors::InvalidAuthzid unless matches_from
  end
  matches_from = @stream.cert_domain_matches?(@stream.remote_domain)
  matches_from or raise SaslErrors::NotAuthorized
end

#plain_auth(encoded) ⇒ `Object`

Authenticate c2s streams using a username and password. Return the authenticated User or raise a SaslError if authentication failed.

# File 'lib/vines/stream/sasl.rb', line 32

def plain_auth(encoded)
  jid, password = decode_credentials(encoded)
  user = authenticate(jid, password)
  user or raise SaslErrors::NotAuthorized
end