jfinn
/
jitsi_app_c0
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

FIX: prosody: room validation on jibri-queue 

The full room JID is now passed properly to verify_token
verify_token now also expects the correct jid for validation
master
Aaron van Meerten 5 years ago
parent
9b7e8c98ad
commit
c4155575f9
1 changed files with 10 additions and 15 deletions
Unified View Show Diff Stats
  1. 10
    15
      resources/prosody-plugins/mod_jibri_queue_component.lua

+ 10
- 15
resources/prosody-plugins/mod_jibri_queue_component.lua View File

380 
 -- @param group name of the group (optional)
 380 
 -- @param group name of the group (optional)
381 
 -- @param session the session to use for storing token specific fields
 381 
 -- @param session the session to use for storing token specific fields
382 
 -- @return true if values are ok or false otherwise
 382 
 -- @return true if values are ok or false otherwise
383 
-function verify_token(token, room_name, session)
383 
+function verify_token(token, room_jid, session)
384 
     if disableTokenVerification then
 384 
     if disableTokenVerification then
385 
         return true;
 385 
         return true;
386 
     end
 386 
     end
395 
     end
 395 
     end
396
396
397 
     session.auth_token = token;
 397 
     session.auth_token = token;
398 
-    local verified, reason = token_util:process_and_verify_token(session);
398 
+    local verified, reason, message = token_util:process_and_verify_token(session);
399 
     if not verified then
 399 
     if not verified then
400 
-        log("warn", "not a valid token %s", tostring(reason));
400 
+        log("warn", "not a valid token %s: %s", tostring(reason), tostring(message));
401 
         return false;
 401 
         return false;
402 
     end
 402 
     end
403
403
404 
-    local room_address = jid.join(room_name, module:get_host());
405 
-    -- if there is a group we are in multidomain mode and that group is not
406 
-    -- our parent host
407 
-    if group and group ~= "" and group ~= parentHostName then
408 
-        room_address = "["..group.."]"..room_address;
409 
-    end
410 
-
411 
-    if not token_util:verify_room(session, room_address) then
412 
-        log("warn", "Token %s not allowed to join: %s",
413 
-            tostring(token), tostring(room_address));
404 
+    if not token_util:verify_room(session, room_jid) then
405 
+        log("warn", "Token %s not allowed to access: %s",
406 
+            tostring(token), tostring(room_jid));
414 
         return false;
 407 
         return false;
415 
     end
 408 
     end
416
409
455 
     local position = body["position"];
 448 
     local position = body["position"];
456 
     local requestId = body["requestId"];
 449 
     local requestId = body["requestId"];
457
450
458 
-    if not verify_token(token, roomAddress, {}) then
451 
+    local room_jid = room_jid_match_rewrite(roomAddress);
452 
+
453 
+    if not verify_token(token, room_jid, {}) then
459 
         return { status_code = 403; };
 454 
         return { status_code = 403; };
460 
     end
 455 
     end
461
456
462 
-    local room = get_room_from_jid(room_jid_match_rewrite(roomAddress));
457 
+    local room = get_room_from_jid(room_jid);
463 
     if (not room) then
 458 
     if (not room) then
464 
         log("error", "no room found %s", roomAddress);
 459 
         log("error", "no room found %s", roomAddress);
465 
         return { status_code = 404; };
 460 
         return { status_code = 404; };

Write Preview
Loading…
Cancel
Save