Fix authentication for usernames containing uppercase characters

Applies to authentication methods that compare User (normalized) and AuthzId (was not being normalized). These are external, ldap & pam. Fixes #2280
author: Stu Tomlinson <stu@nosnilmot.com> 2018-05-30 15:10:25 +0100
committer: Stu Tomlinson <stu@nosnilmot.com> 2018-05-30 18:43:26 +0100
commit: 4f8af723c6fc5dc4b689f0f1734d4e2b11dd4c82 (patch)
tree: 15b62727675b20799c50661cef4d7bd545d4dd80
parent: Bump xmpp version in order to support language tags validation (diff)
1 files changed, 13 insertions, 10 deletions
diff --git a/src/ejabberd_auth.erl b/src/ejabberd_auth.erl
index 847549c74..39598e527 100644
--- a/src/ejabberd_auth.erl
+++ b/src/ejabberd_auth.erl
@@ -230,19 +230,22 @@ check_password_with_authmodule(User, AuthzId, Server, Password) ->
 check_password_with_authmodule(User, AuthzId, Server, Password, Digest, DigestGen) ->
     case validate_credentials(User, Server) of
 	{ok, LUser, LServer} ->
-	    lists:foldl(
-	      fun(Mod, false) ->
-		      case db_check_password(
-			     LUser, AuthzId, LServer, Password,
+	    case jid:nodeprep(AuthzId) of
+		error ->
+		    false;
+	    LAuthzId ->
+		lists:foldl(
+		  fun(Mod, false) ->
+			case db_check_password(
+			     LUser, LAuthzId, LServer, Password,
 			     Digest, DigestGen, Mod) of
 			  true -> {true, Mod};
 			  false -> false
-		      end;
-		 (_, Acc) ->
-		      Acc
-	      end, false, auth_modules(LServer));
-	_ ->
-	    false
+			end;
+			(_, Acc) ->
+			    Acc
+		  end, false, auth_modules(LServer))
+	    end
     end.
 
 -spec set_password(binary(), binary(), password()) -> ok | {error, atom()}.
author	Stu Tomlinson <stu@nosnilmot.com>	2018-05-30 15:10:25 +0100
committer	Stu Tomlinson <stu@nosnilmot.com>	2018-05-30 18:43:26 +0100
commit	4f8af723c6fc5dc4b689f0f1734d4e2b11dd4c82 (patch)
tree	15b62727675b20799c50661cef4d7bd545d4dd80
parent	Bump xmpp version in order to support language tags validation (diff)