You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

AuthHandler.js 9.6KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294
  1. /* global APP, config, JitsiMeetJS, Promise */
  2. import { openConnection } from '../../../connection';
  3. import { setJWT } from '../../../react/features/jwt';
  4. import UIUtil from '../util/UIUtil';
  5. import LoginDialog from './LoginDialog';
  6. const ConnectionErrors = JitsiMeetJS.errors.connection;
  7. const logger = require("jitsi-meet-logger").getLogger(__filename);
  8. let externalAuthWindow;
  9. let authRequiredDialog;
  10. let isTokenAuthEnabled
  11. = typeof config.tokenAuthUrl === "string" && config.tokenAuthUrl.length;
  12. let getTokenAuthUrl
  13. = JitsiMeetJS.util.AuthUtil.getTokenAuthUrl.bind(null, config.tokenAuthUrl);
  14. /**
  15. * Authenticate using external service or just focus
  16. * external auth window if there is one already.
  17. *
  18. * @param {JitsiConference} room
  19. * @param {string} [lockPassword] password to use if the conference is locked
  20. */
  21. function doExternalAuth (room, lockPassword) {
  22. if (externalAuthWindow) {
  23. externalAuthWindow.focus();
  24. return;
  25. }
  26. if (room.isJoined()) {
  27. let getUrl;
  28. if (isTokenAuthEnabled) {
  29. getUrl = Promise.resolve(getTokenAuthUrl(room.getName(), true));
  30. initJWTTokenListener(room);
  31. } else {
  32. getUrl = room.getExternalAuthUrl(true);
  33. }
  34. getUrl.then(function (url) {
  35. externalAuthWindow = LoginDialog.showExternalAuthDialog(
  36. url,
  37. function () {
  38. externalAuthWindow = null;
  39. if (!isTokenAuthEnabled) {
  40. room.join(lockPassword);
  41. }
  42. }
  43. );
  44. });
  45. } else {
  46. // If conference has not been started yet
  47. // then redirect to login page
  48. if (isTokenAuthEnabled) {
  49. redirectToTokenAuthService(room.getName());
  50. } else {
  51. room.getExternalAuthUrl().then(UIUtil.redirect);
  52. }
  53. }
  54. }
  55. /**
  56. * Redirect the user to the token authentication service for the login to be
  57. * performed. Once complete it is expected that the service wil bring the user
  58. * back with "?jwt={the JWT token}" query parameter added.
  59. * @param {string} [roomName] the name of the conference room.
  60. */
  61. function redirectToTokenAuthService(roomName) {
  62. UIUtil.redirect(getTokenAuthUrl(roomName, false));
  63. }
  64. /**
  65. * Initializes 'message' listener that will wait for a JWT token to be received
  66. * from the token authentication service opened in a popup window.
  67. * @param room the name fo the conference room.
  68. */
  69. function initJWTTokenListener(room) {
  70. var listener = function ({ data, source }) {
  71. if (externalAuthWindow !== source) {
  72. logger.warn("Ignored message not coming " +
  73. "from external authnetication window");
  74. return;
  75. }
  76. let jwt;
  77. if (data && (jwt = data.jwtToken)) {
  78. logger.info("Received JSON Web Token (JWT):", jwt);
  79. APP.store.dispatch(setJWT(jwt));
  80. var roomName = room.getName();
  81. openConnection({retry: false, roomName: roomName })
  82. .then(function (connection) {
  83. // Start new connection
  84. let newRoom = connection.initJitsiConference(
  85. roomName, APP.conference._getConferenceOptions());
  86. // Authenticate from the new connection to get
  87. // the session-ID from the focus, which wil then be used
  88. // to upgrade current connection's user role
  89. newRoom.room.moderator.authenticate().then(function () {
  90. connection.disconnect();
  91. // At this point we'll have session-ID stored in
  92. // the settings. It wil be used in the call below
  93. // to upgrade user's role
  94. room.room.moderator.authenticate()
  95. .then(function () {
  96. logger.info("User role upgrade done !");
  97. unregister();
  98. }).catch(function (err, errCode) {
  99. logger.error(
  100. "Authentication failed: ", err, errCode);
  101. unregister();
  102. }
  103. );
  104. }).catch(function (error, code) {
  105. unregister();
  106. connection.disconnect();
  107. logger.error(
  108. 'Authentication failed on the new connection',
  109. error, code);
  110. });
  111. }, function (err) {
  112. unregister();
  113. logger.error("Failed to open new connection", err);
  114. });
  115. }
  116. };
  117. var unregister = function () {
  118. window.removeEventListener("message", listener);
  119. };
  120. if (window.addEventListener) {
  121. window.addEventListener("message", listener, false);
  122. }
  123. }
  124. /**
  125. * Authenticate on the server.
  126. * @param {JitsiConference} room
  127. * @param {string} [lockPassword] password to use if the conference is locked
  128. */
  129. function doXmppAuth (room, lockPassword) {
  130. let loginDialog = LoginDialog.showAuthDialog(function (id, password) {
  131. // auth "on the fly":
  132. // 1. open new connection with proper id and password
  133. // 2. connect to the room
  134. // (this will store sessionId in the localStorage)
  135. // 3. close new connection
  136. // 4. reallocate focus in current room
  137. openConnection({id, password, roomName: room.getName()}).then(
  138. function (connection) {
  139. // open room
  140. let newRoom = connection.initJitsiConference(
  141. room.getName(), APP.conference._getConferenceOptions()
  142. );
  143. loginDialog.displayConnectionStatus('connection.FETCH_SESSION_ID');
  144. newRoom.room.moderator.authenticate().then(function () {
  145. connection.disconnect();
  146. loginDialog.displayConnectionStatus(
  147. 'connection.GOT_SESSION_ID');
  148. // authenticate conference on the fly
  149. room.join(lockPassword);
  150. loginDialog.close();
  151. }).catch(function (error, code) {
  152. connection.disconnect();
  153. logger.error('Auth on the fly failed', error);
  154. loginDialog.displayError(
  155. 'connection.GET_SESSION_ID_ERROR', {code: code});
  156. });
  157. }, function (err) {
  158. loginDialog.displayError(err);
  159. });
  160. }, function () { // user canceled
  161. loginDialog.close();
  162. });
  163. }
  164. /**
  165. * Authenticate for the conference.
  166. * Uses external service for auth if conference supports that.
  167. * @param {JitsiConference} room
  168. * @param {string} [lockPassword] password to use if the conference is locked
  169. */
  170. function authenticate (room, lockPassword) {
  171. if (isTokenAuthEnabled || room.isExternalAuthEnabled()) {
  172. doExternalAuth(room, lockPassword);
  173. } else {
  174. doXmppAuth(room, lockPassword);
  175. }
  176. }
  177. /**
  178. * De-authenticate local user.
  179. *
  180. * @param {JitsiConference} room
  181. * @param {string} [lockPassword] password to use if the conference is locked
  182. * @returns {Promise}
  183. */
  184. function logout (room) {
  185. return new Promise(function (resolve) {
  186. room.room.moderator.logout(resolve);
  187. }).then(function (url) {
  188. // de-authenticate conference on the fly
  189. if (room.isJoined()) {
  190. room.join();
  191. }
  192. return url;
  193. });
  194. }
  195. /**
  196. * Notify user that authentication is required to create the conference.
  197. * @param {JitsiConference} room
  198. * @param {string} [lockPassword] password to use if the conference is locked
  199. */
  200. function requireAuth(room, lockPassword) {
  201. if (authRequiredDialog) {
  202. return;
  203. }
  204. authRequiredDialog = LoginDialog.showAuthRequiredDialog(
  205. room.getName(), authenticate.bind(null, room, lockPassword)
  206. );
  207. }
  208. /**
  209. * Close auth-related dialogs if there are any.
  210. */
  211. function closeAuth() {
  212. if (externalAuthWindow) {
  213. externalAuthWindow.close();
  214. externalAuthWindow = null;
  215. }
  216. if (authRequiredDialog) {
  217. authRequiredDialog.close();
  218. authRequiredDialog = null;
  219. }
  220. }
  221. function showXmppPasswordPrompt(roomName, connect) {
  222. return new Promise(function (resolve, reject) {
  223. let authDialog = LoginDialog.showAuthDialog(
  224. function (id, password) {
  225. connect(id, password, roomName).then(function (connection) {
  226. authDialog.close();
  227. resolve(connection);
  228. }, function (err) {
  229. if (err === ConnectionErrors.PASSWORD_REQUIRED) {
  230. authDialog.displayError(err);
  231. } else {
  232. authDialog.close();
  233. reject(err);
  234. }
  235. });
  236. }
  237. );
  238. });
  239. }
  240. /**
  241. * Show Authentication Dialog and try to connect with new credentials.
  242. * If failed to connect because of PASSWORD_REQUIRED error
  243. * then ask for password again.
  244. * @param {string} [roomName] name of the conference room
  245. * @param {function(id, password, roomName)} [connect] function that returns
  246. * a Promise which resolves with JitsiConnection or fails with one of
  247. * ConnectionErrors.
  248. * @returns {Promise<JitsiConnection>}
  249. */
  250. function requestAuth(roomName, connect) {
  251. if (isTokenAuthEnabled) {
  252. // This Promise never resolves as user gets redirected to another URL
  253. return new Promise(() => redirectToTokenAuthService(roomName));
  254. } else {
  255. return showXmppPasswordPrompt(roomName, connect);
  256. }
  257. }
  258. export default {
  259. authenticate,
  260. requireAuth,
  261. requestAuth,
  262. closeAuth,
  263. logout
  264. };