Class: Vines::Stream::SASL
- Inherits:
-
Object
- Object
- Vines::Stream::SASL
- Includes:
- Log
- Defined in:
- lib/vines/stream/sasl.rb
Overview
Provides plain (username/password) and external (TLS certificate) SASL authentication to client and server streams.
Constant Summary collapse
- EMPTY =
'='.freeze
Instance Method Summary collapse
-
#external_auth(encoded) ⇒ Object
Authenticate s2s streams, comparing their domain to their SSL certificate.
-
#initialize(stream) ⇒ SASL
constructor
A new instance of SASL.
-
#plain_auth(encoded) ⇒ Object
Authenticate c2s streams using a username and password.
Methods included from Log
Constructor Details
#initialize(stream) ⇒ SASL
Returns a new instance of SASL.
11 12 13 |
# File 'lib/vines/stream/sasl.rb', line 11 def initialize(stream) @stream = stream end |
Instance Method Details
#external_auth(encoded) ⇒ Object
Authenticate s2s streams, comparing their domain to their SSL certificate. Return true
if the base64 encoded domain matches the TLS certificate presented earlier in stream negotiation. Raise a SaslError
if authentication failed. xmpp.org/extensions/xep-0178.html#s2s
20 21 22 23 24 25 26 27 28 |
# File 'lib/vines/stream/sasl.rb', line 20 def external_auth(encoded) unless encoded == EMPTY authzid = decode64(encoded) matches_from = (authzid == @stream.remote_domain) raise SaslErrors::InvalidAuthzid unless matches_from end matches_from = @stream.cert_domain_matches?(@stream.remote_domain) matches_from or raise SaslErrors::NotAuthorized end |
#plain_auth(encoded) ⇒ Object
Authenticate c2s streams using a username and password. Return the authenticated User
or raise a SaslError
if authentication failed.
32 33 34 35 36 |
# File 'lib/vines/stream/sasl.rb', line 32 def plain_auth(encoded) jid, password = decode_credentials(encoded) user = authenticate(jid, password) user or raise SaslErrors::NotAuthorized end |