jfinn
/
jitsi_app_c0
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Add pre and post validation for users that want to use their own public keys

master
Andrei Bora 5 years ago
parent
10c2652a4f
commit
92e6cf7618
2 changed files with 25 additions and 7 deletions
Unified View Show Diff Stats
  1. 21
    6
      resources/prosody-plugins/mod_auth_token.lua
  2. 4
    1
      resources/prosody-plugins/token/util.lib.lua

+ 21
- 6
resources/prosody-plugins/mod_auth_token.lua View File

74 
 	return nil;
 74 
 	return nil;
75 
 end
 75 
 end
76
76
77 
+local function validate_result(session, res, error, reason)
78 
+    if res == false then
79 
+        log("warn",
80 
+            "Error verifying token err:%s, reason:%s", error, reason);
81 
+        session.auth_token = nil;
82 
+        return res, error, reason;
83 
+    end
84 
+end
85 
+
77 
 function provider.get_sasl_handler(session)
 86 
 function provider.get_sasl_handler(session)
78
87
79 
 	local function get_username_from_token(self, message)
 88 
 	local function get_username_from_token(self, message)
80 
-        local res, error, reason = token_util:process_and_verify_token(session);
81
89
82 
-        if (res == false) then
83 
-            log("warn",
84 
-                "Error verifying token err:%s, reason:%s", error, reason);
85 
-            session.auth_token = nil;
86 
-            return res, error, reason;
90 
+        -- retrieve custom public key from server and save it on the session
91 
+        local event_result = prosody.events.fire_event("pre-jitsi-authentication-fetch-key", session);
92 
+        if event_result ~= nil then
93 
+            validate_result(session,event_result.res, event_result.error, event_result.reason)
87 
         end
 94 
         end
88
95
96 
+        local res, error, reason = token_util:process_and_verify_token(session);
97 
+        validate_result(session, res, error, reason);
98 
+
89 
         local customUsername
 99 
         local customUsername
90 
             = prosody.events.fire_event("pre-jitsi-authentication", session);
 100 
             = prosody.events.fire_event("pre-jitsi-authentication", session);
91
101
102 
             self.username = message;
 112 
             self.username = message;
103 
         end
 113 
         end
104
114
115 
+        local event_result = prosody.events.fire_event("post-jitsi-authentication", session);
116 
+        if event_result ~= nil then
117 
+            validate_result(session,event_result.res, event_result.error, event_result.reason)
118 
+        end
119 
+
105 
         return res;
 120 
         return res;
106 
 	end
 121 
 	end
107
122

+ 4
- 1
resources/prosody-plugins/token/util.lib.lua View File

301 
     end
 301 
     end
302
302
303 
     local pubKey;
 303 
     local pubKey;
304 
-    if self.asapKeyServer and session.auth_token ~= nil then
304 
+    if session.public_key then
305 
+        module:log("debug","Public key was found on the session");
306 
+        pubKey = session.public_key;
307 
+    elseif self.asapKeyServer and session.auth_token ~= nil then
305 
         local dotFirst = session.auth_token:find("%.");
 308 
         local dotFirst = session.auth_token:find("%.");
306 
         if not dotFirst then return nil, "Invalid token" end
 309 
         if not dotFirst then return nil, "Invalid token" end
307 
         local header, err = json_safe.decode(basexx.from_url64(session.auth_token:sub(1,dotFirst-1)));
 310 
         local header, err = json_safe.decode(basexx.from_url64(session.auth_token:sub(1,dotFirst-1)));

Write Preview
Loading…
Cancel
Save