"Fossies" - the Fresh Open Source Software Archive

Member "jitsi-meet-5186/resources/prosody-plugins/mod_auth_token.lua" (30 Jul 2021, 4238 Bytes) of package /linux/misc/jitsi-meet-5186.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Lua source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file.

    1 -- Token authentication
    2 -- Copyright (C) 2021-present 8x8, Inc.
    3 
    4 local formdecode = require "util.http".formdecode;
    5 local generate_uuid = require "util.uuid".generate;
    6 local new_sasl = require "util.sasl".new;
    7 local sasl = require "util.sasl";
    8 local token_util = module:require "token/util".new(module);
    9 local sessions = prosody.full_sessions;
   10 
   11 -- no token configuration
   12 if token_util == nil then
   13     return;
   14 end
   15 
   16 module:depends("jitsi_session");
   17 
   18 -- define auth provider
   19 local provider = {};
   20 
   21 local host = module.host;
   22 
   23 -- Extract 'token' param from URL when session is created
   24 function init_session(event)
   25     local session, request = event.session, event.request;
   26     local query = request.url.query;
   27 
   28     if query ~= nil then
   29         local params = formdecode(query);
   30 
   31         -- The following fields are filled in the session, by extracting them
   32         -- from the query and no validation is beeing done.
   33         -- After validating auth_token will be cleaned in case of error and few
   34         -- other fields will be extracted from the token and set in the session
   35 
   36         session.auth_token = query and params.token or nil;
   37     end
   38 end
   39 
   40 module:hook_global("bosh-session", init_session);
   41 module:hook_global("websocket-session", init_session);
   42 
   43 function provider.test_password(username, password)
   44     return nil, "Password based auth not supported";
   45 end
   46 
   47 function provider.get_password(username)
   48     return nil;
   49 end
   50 
   51 function provider.set_password(username, password)
   52     return nil, "Set password not supported";
   53 end
   54 
   55 function provider.user_exists(username)
   56     return nil;
   57 end
   58 
   59 function provider.create_user(username, password)
   60     return nil;
   61 end
   62 
   63 function provider.delete_user(username)
   64     return nil;
   65 end
   66 
   67 function provider.get_sasl_handler(session)
   68 
   69     local function get_username_from_token(self, message)
   70 
   71         -- retrieve custom public key from server and save it on the session
   72         local pre_event_result = prosody.events.fire_event("pre-jitsi-authentication-fetch-key", session);
   73         if pre_event_result ~= nil and pre_event_result.res == false then
   74             log("warn",
   75                 "Error verifying token on pre authentication stage:%s, reason:%s", pre_event_result.error, pre_event_result.reason);
   76             session.auth_token = nil;
   77             return pre_event_result.res, pre_event_result.error, pre_event_result.reason;
   78         end
   79 
   80         local res, error, reason = token_util:process_and_verify_token(session);
   81         if res == false then
   82             log("warn",
   83                 "Error verifying token err:%s, reason:%s", error, reason);
   84             session.auth_token = nil;
   85             return res, error, reason;
   86         end
   87 
   88         local customUsername
   89             = prosody.events.fire_event("pre-jitsi-authentication", session);
   90 
   91         if (customUsername) then
   92             self.username = customUsername;
   93         elseif (session.previd ~= nil) then
   94             for _, session1 in pairs(sessions) do
   95                 if (session1.resumption_token == session.previd) then
   96                     self.username = session1.username;
   97                     break;
   98                 end
   99             end
  100         else
  101             self.username = message;
  102         end
  103 
  104         local post_event_result = prosody.events.fire_event("post-jitsi-authentication", session);
  105         if post_event_result ~= nil and post_event_result.res == false then
  106             log("warn",
  107                 "Error verifying token on post authentication stage :%s, reason:%s", post_event_result.error, post_event_result.reason);
  108             session.auth_token = nil;
  109             return post_event_result.res, post_event_result.error, post_event_result.reason;
  110         end
  111 
  112         return res;
  113     end
  114 
  115     return new_sasl(host, { anonymous = get_username_from_token });
  116 end
  117 
  118 module:provides("auth", provider);
  119 
  120 local function anonymous(self, message)
  121 
  122     local username = generate_uuid();
  123 
  124     -- This calls the handler created in 'provider.get_sasl_handler(session)'
  125     local result, err, msg = self.profile.anonymous(self, username, self.realm);
  126 
  127     if result == true then
  128         if (self.username == nil) then
  129             self.username = username;
  130         end
  131         return "success";
  132     else
  133         return "failure", err, msg;
  134     end
  135 end
  136 
  137 sasl.registerMechanism("ANONYMOUS", {"anonymous"}, anonymous);