Lobby required displayname (#7197)

* ref: Rename jitsi_bosh_query_room to jitsi_web_query_room.

This is no longer bosh only and is available for both bosh and websocket sessions.

* feat: Adds feature to disco-info indicating that display name is required.

* feat: Adds option to disable checking whether display name is required.

* ref: Clears auth_token when verification fails.

* squash: Fixing comments.

* squash: Updates to latest lib-jitsi-meet.

package-lock.json

@@ -10724,8 +10724,8 @@
       }
     },
     "lib-jitsi-meet": {
-      "version": "github:jitsi/lib-jitsi-meet#4fec06db7fc59a88021ec0b409eda47f21c42902",
-      "from": "github:jitsi/lib-jitsi-meet#4fec06db7fc59a88021ec0b409eda47f21c42902",
+      "version": "github:jitsi/lib-jitsi-meet#8f9bd254bb3813808e6e1f7974aacc4d1414fcdb",
+      "from": "github:jitsi/lib-jitsi-meet#8f9bd254bb3813808e6e1f7974aacc4d1414fcdb",
       "requires": {
         "@jitsi/sdp-interop": "1.0.3",
         "@jitsi/sdp-simulcast": "0.3.0",

package.json

@@ -56,7 +56,7 @@
     "js-md5": "0.6.1",
     "js-utils": "github:jitsi/js-utils#cf11996bd866fdb47326c59a5d3bc24be17282d4",
     "jwt-decode": "2.2.0",
-    "lib-jitsi-meet": "github:jitsi/lib-jitsi-meet#4fec06db7fc59a88021ec0b409eda47f21c42902",
+    "lib-jitsi-meet": "github:jitsi/lib-jitsi-meet#8f9bd254bb3813808e6e1f7974aacc4d1414fcdb",
     "libflacjs": "github:mmig/libflac.js#93d37e7f811f01cf7d8b6a603e38bd3c3810907d",
     "lodash": "4.17.13",
     "moment": "2.19.4",

resources/prosody-plugins/mod_auth_token.lua

@@ -25,15 +25,25 @@ function init_session(event)
 
 	if query ~= nil then
         local params = formdecode(query);
+
+        -- The following fields are filled in the session, by extracting them
+        -- from the query and no validation is beeing done.
+        -- After validating auth_token will be cleaned in case of error and few
+        -- other fields will be extracted from the token and set in the session
+
         session.auth_token = query and params.token or nil;
         -- previd is used together with https://modules.prosody.im/mod_smacks.html
         -- the param is used to find resumed session and re-use anonymous(random) user id
         -- (see get_username_from_token)
         session.previd = query and params.previd or nil;
 
-        -- The room name and optional prefix from the bosh query
-        session.jitsi_bosh_query_room = params.room;
-        session.jitsi_bosh_query_prefix = params.prefix or "";
+        -- The room name and optional prefix from the web query
+        session.jitsi_web_query_room = params.room;
+        session.jitsi_web_query_prefix = params.prefix or "";
+
+        -- Deprecated, you should use jitsi_web_query_room and jitsi_web_query_prefix
+        session.jitsi_bosh_query_room = session.jitsi_web_query_room;
+        session.jitsi_bosh_query_prefix = session.jitsi_web_query_prefix;
     end
 end
 
@@ -72,6 +82,7 @@ function provider.get_sasl_handler(session)
         if (res == false) then
             log("warn",
                 "Error verifying token err:%s, reason:%s", error, reason);
+            session.auth_token = nil;
             return res, error, reason;
         end
 

resources/prosody-plugins/mod_muc_lobby_rooms.lua

@@ -28,6 +28,9 @@ local jid_bare = require 'util.jid'.bare;
 local filters = require 'util.filters';
 local st = require 'util.stanza';
 local MUC_NS = 'http://jabber.org/protocol/muc';
+local DISCO_INFO_NS = 'http://jabber.org/protocol/disco#info';
+local DISPLAY_NAME_REQUIRED_FEATURE = 'http://jitsi.org/protocol/lobbyrooms#displayname_required';
+local LOBBY_IDENTITY_TYPE = 'lobbyrooms';
 
 local is_healthcheck_room = module:require "util".is_healthcheck_room;
 
@@ -42,7 +45,14 @@ if lobby_muc_component_config == nil then
     return ;
 end
 
-local whitelist = module:get_option_set("muc_lobby_whitelist", {});
+local whitelist;
+local check_display_name_required;
+local function load_config()
+    whitelist = module:get_option_set("muc_lobby_whitelist", {});
+    check_display_name_required
+        = module:get_option_boolean("muc_lobby_check_display_name_required", true);
+end
+load_config();
 
 local lobby_muc_service;
 local main_muc_service;
@@ -84,6 +94,9 @@ function filter_stanza(stanza)
             end
 
             return nil;
+        elseif stanza.name == 'iq' and stanza:get_child('query', DISCO_INFO_NS) then
+            -- allow disco info from the lobby component
+            return stanza;
         end
 
         return nil;
@@ -125,7 +138,24 @@ function process_lobby_muc_loaded(lobby_muc, host_module)
     filters.add_filter_hook(filter_session);
 
     -- Advertise lobbyrooms support on main domain so client can pick up the address and use it
-    module:add_identity('component', 'lobbyrooms', lobby_muc_component_config);
+    module:add_identity('component', LOBBY_IDENTITY_TYPE, lobby_muc_component_config);
+
+    -- Tag the disco#info response with a feature that display name is required
+    -- when the conference name from the web request has a lobby enabled.
+    host_module:hook("host-disco-info-node", function (event)
+        local session, reply, node = event.origin, event.reply, event.node;
+        if node == LOBBY_IDENTITY_TYPE
+            and session.jitsi_web_query_room
+            and main_muc_service
+            and check_display_name_required then
+            local room = main_muc_service.get_room_from_jid(
+                jid_bare(session.jitsi_web_query_room .. '@' .. main_muc_component_config));
+            if room and room._data.lobbyroom then
+                reply:tag("feature", { var = DISPLAY_NAME_REQUIRED_FEATURE }):up();
+            end
+        end
+        event.exists = true;
+    end);
 
     local room_mt = lobby_muc_service.room_mt;
     -- we base affiliations (roles) in lobby muc component to be based on the roles in the main muc
@@ -256,3 +286,25 @@ process_host_module(main_muc_component_config, function(host_module, host)
         end
     end, -4); -- the default hook on members_only module is on -5
 end);
+
+-- Extract 'room' param from URL when session is created
+function update_session(event)
+    local session = event.session;
+
+    if session.jitsi_web_query_room then
+        -- no need for an update
+        return;
+    end
+
+    local query = event.request.url.query;
+    if query ~= nil then
+        local params = formdecode(query);
+        -- The room name and optional prefix from the web query
+        session.jitsi_web_query_room = params.room;
+        session.jitsi_web_query_prefix = params.prefix or "";
+    end
+end
+
+module:hook_global("bosh-session", update_session);
+module:hook_global("websocket-session", update_session);
+module:hook_global('config-reloaded', load_config);

resources/prosody-plugins/mod_muc_poltergeist.lua

@@ -106,8 +106,8 @@ prosody.events.add_handler("pre-jitsi-authentication", function(session)
 
     if (session.jitsi_meet_context_user) then
         local room = get_room(
-            session.jitsi_bosh_query_room,
-            session.jitsi_bosh_query_prefix);
+            session.jitsi_web_query_room,
+            session.jitsi_web_query_prefix);
 
         if (not room) then
             return nil;

resources/prosody-plugins/mod_token_verification.lua

@@ -93,7 +93,8 @@ for event_name, method in pairs {
             return;
         end
 
-        if not session.auth_token then
+        -- jitsi_meet_room is set after the token had been verified
+        if not session.auth_token or not session.jitsi_meet_room then
             session.send(
                 st.error_reply(
                     stanza, "cancel", "not-allowed", "Room modification disabled for guests"));