Rename auth_password_types_hidden_in_scram1 option to auth_password_types_hidden_in_sasl1

Also add migration code from old name
2025-10-03 09:49:18 +02:00 · 2025-07-25 09:35:10 +02:00 · 2025-07-25 09:35:10 +02:00 · fe8710fe00
commit fe8710fe00
parent 1a9b147baf
5 changed files with 15 additions and 13 deletions
--- a/src/ejabberd_c2s.erl
+++ b/src/ejabberd_c2s.erl
@ -455,7 +455,7 @@ sasl_mechanisms(Mechs, #{lserver := LServer, stream_encrypted := Encrypted} = St
 	   (<<"EXTERNAL">>) -> maps:get(tls_verify, State, false);
 	   (_) -> false
 	end, Mechs -- Mechs1),
-    case ejabberd_option:auth_password_types_hidden_in_scram1() of
+    case ejabberd_option:auth_password_types_hidden_in_sasl1() of
 	[] -> Mechs2;
 	List ->
 	    Mechs3 = lists:foldl(
--- a/src/ejabberd_config_transformer.erl
+++ b/src/ejabberd_config_transformer.erl
@ -230,6 +230,8 @@ filter(_Host, captcha_host, _, _) ->
 filter(_Host, route_subdomains, _, _) ->
    warn_removed_option(route_subdomains, s2s_access),
    false;
+filter(_Host, auth_password_types_hidden_in_scram1, Val, _) ->
+    {true, {auth_password_types_hidden_in_sasl1, Val}};
 filter(Host, modules, ModOpts, State) ->
    NoDialbackHosts = maps:get(remove_s2s_dialback, State, []),
    ModOpts1 = lists:filter(
--- a/src/ejabberd_option.erl
+++ b/src/ejabberd_option.erl
@ -18,7 +18,7 @@
 -export([auth_method/0, auth_method/1]).
 -export([auth_opts/0, auth_opts/1]).
 -export([auth_password_format/0, auth_password_format/1]).
-export([auth_password_types_hidden_in_scram1/0, auth_password_types_hidden_in_scram1/1]).
+-export([auth_password_types_hidden_in_sasl1/0, auth_password_types_hidden_in_sasl1/1]).
 -export([auth_scram_hash/0, auth_scram_hash/1]).
 -export([auth_stored_password_types/0, auth_stored_password_types/1]).
 -export([auth_use_cache/0, auth_use_cache/1]).
@ -264,12 +264,12 @@ auth_password_format() ->
 auth_password_format(Host) ->
    ejabberd_config:get_option({auth_password_format, Host}).

-spec auth_password_types_hidden_in_scram1() -> ['plain' | 'scram_sha1' | 'scram_sha256' | 'scram_sha512'].
-auth_password_types_hidden_in_scram1() ->
-    auth_password_types_hidden_in_scram1(global).
-spec auth_password_types_hidden_in_scram1(global | binary()) -> ['plain' | 'scram_sha1' | 'scram_sha256' | 'scram_sha512'].
-auth_password_types_hidden_in_scram1(Host) ->
-    ejabberd_config:get_option({auth_password_types_hidden_in_scram1, Host}).
+-spec auth_password_types_hidden_in_sasl1() -> ['plain' | 'scram_sha1' | 'scram_sha256' | 'scram_sha512'].
+auth_password_types_hidden_in_sasl1() ->
+    auth_password_types_hidden_in_sasl1(global).
+-spec auth_password_types_hidden_in_sasl1(global | binary()) -> ['plain' | 'scram_sha1' | 'scram_sha256' | 'scram_sha512'].
+auth_password_types_hidden_in_sasl1(Host) ->
+    ejabberd_config:get_option({auth_password_types_hidden_in_sasl1, Host}).

 -spec auth_scram_hash() -> 'sha' | 'sha256' | 'sha512'.
 auth_scram_hash() ->
--- a/src/ejabberd_options.erl
+++ b/src/ejabberd_options.erl
@ -79,7 +79,7 @@ opt_type(auth_opts) ->
    end;
 opt_type(auth_stored_password_types) ->
    econf:list(econf:enum([plain, scram_sha1, scram_sha256, scram_sha512]));
-opt_type(auth_password_types_hidden_in_scram1) ->
+opt_type(auth_password_types_hidden_in_sasl1) ->
    econf:list(econf:enum([plain, scram_sha1, scram_sha256, scram_sha512]));
 opt_type(auth_password_format) ->
    econf:enum([plain, scram]);
@ -566,7 +566,7 @@ options() ->
     {auth_password_format, plain},
     {auth_scram_hash, sha},
     {auth_stored_password_types, []},
-     {auth_password_types_hidden_in_scram1, []},
+     {auth_password_types_hidden_in_sasl1, []},
     {auth_external_user_exists_check, true},
     {auth_use_cache,
      fun(Host) -> ejabberd_config:get_option({use_cache, Host}) end},
--- a/src/ejabberd_options_doc.erl
+++ b/src/ejabberd_options_doc.erl
@ -399,12 +399,12 @@ doc() ->
               "depends on the _`auth_scram_hash`_ option."), "",
            ?T("The default value is 'plain'."), ""]}},

-     {auth_password_types_hidden_in_scram1,
+     {auth_password_types_hidden_in_sasl1,
      #{value => "[plain | scram_sha1 | scram_sha256 | scram_sha512]",
        note => "added in 25.07",
        desc =>
-        ?T("List of password types that should not be offered in SCRAM1 authenticatication. "
-           "Because SCRAM1, unlike SCRAM2, can't have list of available mechanisms tailored to "
+        ?T("List of password types that should not be offered in SASL1 authenticatication. "
+           "Because SASL1, unlike SASL2, can't have list of available mechanisms tailored to "
           "individual user, it's possible that offered mechanisms will not be compatible "
           "with stored password, especially if new password type was added recently. "
           "This option allows disabling offering some mechanisms in SASL1, to a time until new "