jfinn
/
jitsi_app_c0
Tarkkaile 1
Äänestä 0
Fork 0
Koodi Ongelmat 0 Pull-pyynnöt 0 Julkaisut 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9160 Commitit
2 Branchit
Puu: 0c187f180f
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '0c187f180f'
${ noResults }
jitsi_app_c0/resources/prosody-plugins/mod_auth_token.lua

mod_auth_token.lua 4.4KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143 
  1. -- Token authentication

  2. -- Copyright (C) 2021-present 8x8, Inc.

  3. 

  4. local formdecode = require "util.http".formdecode;

  5. local generate_uuid = require "util.uuid".generate;

  6. local new_sasl = require "util.sasl".new;

  7. local sasl = require "util.sasl";

  8. local token_util = module:require "token/util".new(module);

  9. local sessions = prosody.full_sessions;

  10. 

  11. -- no token configuration

  12. if token_util == nil then

  13.     return;

  14. end

  15. 

  16. module:depends("jitsi_session");

  17. 

  18. -- define auth provider

  19. local provider = {};

  20. 

  21. local host = module.host;

  22. 

  23. -- Extract 'token' param from URL when session is created

  24. function init_session(event)

  25. 	local session, request = event.session, event.request;

  26. 	local query = request.url.query;

  27. 

  28. 	if query ~= nil then

  29.         local params = formdecode(query);

  30. 

  31.         -- The following fields are filled in the session, by extracting them

  32.         -- from the query and no validation is beeing done.

  33.         -- After validating auth_token will be cleaned in case of error and few

  34.         -- other fields will be extracted from the token and set in the session

  35. 

  36.         session.auth_token = query and params.token or nil;

  37.     end

  38. end

  39. 

  40. module:hook_global("bosh-session", init_session);

  41. module:hook_global("websocket-session", init_session);

  42. 

  43. function provider.test_password(username, password)

  44. 	return nil, "Password based auth not supported";

  45. end

  46. 

  47. function provider.get_password(username)

  48. 	return nil;

  49. end

  50. 

  51. function provider.set_password(username, password)

  52. 	return nil, "Set password not supported";

  53. end

  54. 

  55. function provider.user_exists(username)

  56. 	return nil;

  57. end

  58. 

  59. function provider.create_user(username, password)

  60. 	return nil;

  61. end

  62. 

  63. function provider.delete_user(username)

  64. 	return nil;

  65. end

  66. 

  67. function provider.get_sasl_handler(session)

  68. 

  69. 	local function get_username_from_token(self, message)

  70. 

  71.         -- retrieve custom public key from server and save it on the session

  72.         local pre_event_result = prosody.events.fire_event("pre-jitsi-authentication-fetch-key", session);

  73.         if pre_event_result ~= nil and pre_event_result.res == false then

  74.             log("warn",

  75.                 "Error verifying token on pre authentication stage:%s, reason:%s", pre_event_result.error, pre_event_result.reason);

  76.             session.auth_token = nil;

  77.             return pre_event_result.res, pre_event_result.error, pre_event_result.reason;

  78.         end

  79. 

  80.         local res, error, reason = token_util:process_and_verify_token(session);

  81.         if res == false then

  82.             log("warn",

  83.                 "Error verifying token err:%s, reason:%s", error, reason);

  84.             session.auth_token = nil;

  85.             return res, error, reason;

  86.         end

  87. 

  88.         local shouldAllow = prosody.events.fire_event("jitsi-access-ban-check", session);

  89.         if shouldAllow == false then

  90.             log("warn", "user is banned")

  91.             return false, "not-allowed", "user is banned";

  92.         end

  93. 

  94.         local customUsername

  95.             = prosody.events.fire_event("pre-jitsi-authentication", session);

  96. 

  97.         if (customUsername) then

  98.             self.username = customUsername;

  99.         elseif (session.previd ~= nil) then

  100.             for _, session1 in pairs(sessions) do

  101.                 if (session1.resumption_token == session.previd) then

  102.                     self.username = session1.username;

  103.                     break;

  104.                 end

  105.         	end

  106.         else

  107.             self.username = message;

  108.         end

  109. 

  110.         local post_event_result = prosody.events.fire_event("post-jitsi-authentication", session);

  111.         if post_event_result ~= nil and post_event_result.res == false then

  112.             log("warn",

  113.                 "Error verifying token on post authentication stage :%s, reason:%s", post_event_result.error, post_event_result.reason);

  114.             session.auth_token = nil;

  115.             return post_event_result.res, post_event_result.error, post_event_result.reason;

  116.         end

  117. 

  118.         return res;

  119. 	end

  120. 

  121. 	return new_sasl(host, { anonymous = get_username_from_token });

  122. end

  123. 

  124. module:provides("auth", provider);

  125. 

  126. local function anonymous(self, message)

  127. 

  128. 	local username = generate_uuid();

  129. 

  130. 	-- This calls the handler created in 'provider.get_sasl_handler(session)'

  131. 	local result, err, msg = self.profile.anonymous(self, username, self.realm);

  132. 

  133. 	if result == true then

  134. 		if (self.username == nil) then

  135. 			self.username = username;

  136. 		end

  137. 		return "success";

  138. 	else

  139. 		return "failure", err, msg;

  140. 	end

  141. end

  142. 

  143. sasl.registerMechanism("ANONYMOUS", {"anonymous"}, anonymous);