use lua lookup for userdb
This commit is contained in:
parent
72e4c437a8
commit
576f19df7e
@ -10,7 +10,12 @@ passdb {
|
|||||||
args = /etc/dovecot/dovecot-oauth2.plain.conf.ext
|
args = /etc/dovecot/dovecot-oauth2.plain.conf.ext
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#userdb {
|
||||||
|
# driver = static
|
||||||
|
# args = uid=vmail gid=vmail username_format=%n home=/var/lib/vmail/mail/%n
|
||||||
|
#}
|
||||||
|
|
||||||
userdb {
|
userdb {
|
||||||
driver = static
|
driver = lua
|
||||||
args = uid=vmail gid=vmail username_format=%n home=/var/lib/vmail/mail/%n
|
args = file=/etc/dovecot/oauth2-userdb-lua blocking=yes
|
||||||
}
|
}
|
||||||
|
@ -9,3 +9,4 @@ use_grant_password = no
|
|||||||
pass_attrs = pass=%{oauth2:access_token}
|
pass_attrs = pass=%{oauth2:access_token}
|
||||||
debug = yes
|
debug = yes
|
||||||
username_format = %n
|
username_format = %n
|
||||||
|
|
||||||
|
44
rootfs/etc/dovecot/oauth2-userdb.lua
Normal file
44
rootfs/etc/dovecot/oauth2-userdb.lua
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
local rapidjson = require('rapidjson')
|
||||||
|
|
||||||
|
local clientId = os.getenv("CLIENT_ID")
|
||||||
|
local clientSecret = os.getenv("CLIENT_SECRET")
|
||||||
|
local username = os.getenv("OAUTH_ADMIN_USER")
|
||||||
|
local password = os.getenv("OAUTH_ADMIN_PASSWORD")
|
||||||
|
local tokenUrl = os.getenv("GRANT_URL")
|
||||||
|
local userUrl = os.getenv("USER_URL")
|
||||||
|
|
||||||
|
function os.capture(cmd, raw)
|
||||||
|
local f = assert(io.popen(cmd, 'r'))
|
||||||
|
local s = assert(f:read('*a'))
|
||||||
|
f:close()
|
||||||
|
|
||||||
|
return s
|
||||||
|
end
|
||||||
|
|
||||||
|
function auth_userdb_lookup(req)
|
||||||
|
local tokenCmd = "curl -L --silent -X POST -d \"grant_type=password\""
|
||||||
|
tokenCmd = tokenCmd .. " -d \"client_id=" .. clientId .. "\""
|
||||||
|
tokenCmd = tokenCmd .. " -d \"client_secret=" .. clientSecret .. "\""
|
||||||
|
tokenCmd = tokenCmd .. " -d \"username=" .. username .. "\""
|
||||||
|
tokenCmd = tokenCmd .. " -d \"password=" .. password .. "\""
|
||||||
|
tokenCmd = tokenCmd .. " \"" .. tokenUrl .. "\""
|
||||||
|
|
||||||
|
local tokenRaw = os.capture(tokenCmd)
|
||||||
|
local tokenJson = rapidjson.decode(tokenRaw)
|
||||||
|
local accessToken = tokenJson.access_token
|
||||||
|
|
||||||
|
local userCmd = "curl -L --silent -H \"Authorization: Bearer " .. accessToken .. "\" \"" .. userUrl .. req.username .. "\""
|
||||||
|
local userRaw = os.capture(userCmd)
|
||||||
|
local userJson = rapidjson.decode(userRaw)
|
||||||
|
|
||||||
|
if #userJson == 0 then
|
||||||
|
return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user"
|
||||||
|
end
|
||||||
|
|
||||||
|
if userJson[1].username == req.username then
|
||||||
|
return dovecot.auth.USERDB_RESULT_OK, "uid=vmail gid=vmail home=/var/lib/vmail/mail/%n"
|
||||||
|
end
|
||||||
|
|
||||||
|
return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user"
|
||||||
|
end
|
||||||
|
|
Loading…
Reference in New Issue
Block a user