| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 |
- function auth_password_verify(request, password)
- if request.domain == nil then
- return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "No such user"
- end
- local json = require "cjson"
- local ltn12 = require "ltn12"
- local https = require "ssl.https"
- https.TIMEOUT = 30
- local req = {
- username = request.user,
- password = password,
- real_rip = request.real_rip,
- service = request.service
- }
- local req_json = json.encode(req)
- local res = {}
- local b, c = https.request {
- method = "POST",
- url = "https://nginx:9082",
- source = ltn12.source.string(req_json),
- headers = {
- ["content-type"] = "application/json",
- ["content-length"] = tostring(#req_json)
- },
- sink = ltn12.sink.table(res),
- insecure = true
- }
- -- Returning PASSDB_RESULT_PASSWORD_MISMATCH will reset the user's auth cache entry.
- -- Returning PASSDB_RESULT_INTERNAL_FAILURE keeps the existing cache entry,
- -- even if the TTL has expired. Useful to avoid cache eviction during backend issues.
- if c ~= 200 and c ~= 401 then
- dovecot.i_info("HTTP request failed with " .. c .. " for user " .. request.user)
- return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, "Upstream error"
- end
- local response_str = table.concat(res)
- local is_response_valid, response_json = pcall(json.decode, response_str)
- if not is_response_valid then
- dovecot.i_info("Invalid JSON received: " .. response_str)
- return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, "Invalid response format"
- end
- if response_json.success == true then
- return dovecot.auth.PASSDB_RESULT_OK, ""
- end
- return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, "Failed to authenticate"
- end
- function auth_passdb_lookup(req)
- return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, ""
- end
|
