Skip to content

Commit

Permalink
Add a second shared secret to allow rotation if necessary. (#14378)
Browse files Browse the repository at this point in the history
  • Loading branch information
bgrozev authored Feb 15, 2024
1 parent 8679119 commit 2a1f472
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions resources/prosody-plugins/mod_auth_jitsi-shared-secret.lua
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ local saslprep = require "util.encodings".stringprep.saslprep;
local secure_equals = require "util.hashes".equals;

local shared_secret = module:get_option_string('shared_secret');
local shared_secret_prev = module:get_option_string('shared_secret_prev');
if shared_secret == nil then
module:log('error', 'No shared_secret specified. No secret to operate on!');
return;
Expand All @@ -24,6 +25,9 @@ function provider.test_password(username, password)

if secure_equals(password, saslprep(shared_secret)) then
return true;
elseif (shared_secret_prev ~= nil and secure_equals(password, saslprep(shared_secret_prev))) then
module:log("info", "Accepting login using previous shared secret, username=%s", username);
return true;
else
return nil, "Auth failed. Invalid username or password.";
end
Expand Down

0 comments on commit 2a1f472

Please sign in to comment.