jiti-meet/resources/prosody-plugins/mod_auth_token.lua

-- Token authentication
-- Copyright (C) 2015 Atlassian

local formdecode = require "util.http".formdecode;
local generate_uuid = require "util.uuid".generate;
local new_sasl = require "util.sasl".new;
local sasl = require "util.sasl";
local token_util = module:require "token/util".new(module);

-- no token configuration
if token_util == nil then
    return;
end

-- define auth provider
local provider = {};

local host = module.host;

-- Extract 'token' param from BOSH URL when session is created
module:hook("bosh-session", function(event)
	local session, request = event.session, event.request;
	local query = request.url.query;

	if query ~= nil then
        local params = formdecode(query);
        session.auth_token = query and params.token or nil;

        -- The room name from the bosh query
        session.jitsi_bosh_query_room = params.room;
    end
end);

function provider.test_password(username, password)
	return nil, "Password based auth not supported";
end

function provider.get_password(username)
	return nil;
end

function provider.set_password(username, password)
	return nil, "Set password not supported";
end

function provider.user_exists(username)
	return nil;
end

function provider.create_user(username, password)
	return nil;
end

function provider.delete_user(username)
	return nil;
end

function provider.get_sasl_handler(session)

	local function get_username_from_token(self, message)
        local res, error, reason = token_util:process_and_verify_token(session);

        if (res == false) then
            log("warn",
                "Error verifying token err:%s, reason:%s", error, reason);
            return res, error, reason;
        end

        local customUsername
            = prosody.events.fire_event("pre-jitsi-authentication", session);

        if (customUsername) then
            self.username = customUsername;
        else
            self.username = message;
        end

        return res;
	end

	return new_sasl(host, { anonymous = get_username_from_token });
end

module:provides("auth", provider);

local function anonymous(self, message)

	local username = generate_uuid();

	-- This calls the handler created in 'provider.get_sasl_handler(session)'
	local result, err, msg = self.profile.anonymous(self, username, self.realm);

	if result == true then
		return "success";
	else

		return "failure", err, msg;
	end
end

sasl.registerMechanism("ANONYMOUS", {"anonymous"}, anonymous);
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00			`-- Token authentication`
			`-- Copyright (C) 2015 Atlassian`

Add basic ASAP support to mod_auth_token See: http://s2sauth.bitbucket.org/ 2016-08-23 19:42:49 +00:00			`local formdecode = require "util.http".formdecode;`
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`local generate_uuid = require "util.uuid".generate;`
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00			`local new_sasl = require "util.sasl".new;`
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`local sasl = require "util.sasl";`
Moves token related code into util so it can be reused. 2017-05-03 21:48:49 +00:00			`local token_util = module:require "token/util".new(module);`

			`-- no token configuration`
			`if token_util == nil then`
			`return;`
			`end`
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00
			`-- define auth provider`
			`local provider = {};`

New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`local host = module.host;`
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`-- Extract 'token' param from BOSH URL when session is created`
			`module:hook("bosh-session", function(event)`
			`local session, request = event.session, event.request;`
			`local query = request.url.query;`
Moves token related code into util so it can be reused. 2017-05-03 21:48:49 +00:00
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`if query ~= nil then`
Stores the room name from the bosh url into the session. 2017-07-15 03:08:41 +00:00			`local params = formdecode(query);`
			`session.auth_token = query and params.token or nil;`

			`-- The room name from the bosh query`
			`session.jitsi_bosh_query_room = params.room;`
			`end`
mod_auth_token: Add semicolons Remove unnecessary cjson config 2016-08-29 14:39:47 +00:00			`end);`
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00
			`function provider.test_password(username, password)`
			`return nil, "Password based auth not supported";`
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00			`end`

			`function provider.get_password(username)`
			`return nil;`
			`end`

			`function provider.set_password(username, password)`
			`return nil, "Set password not supported";`
			`end`

			`function provider.user_exists(username)`
			`return nil;`
			`end`

			`function provider.create_user(username, password)`
			`return nil;`
			`end`

			`function provider.delete_user(username)`
			`return nil;`
			`end`

New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`function provider.get_sasl_handler(session)`

			`local function get_username_from_token(self, message)`
Installs required basexx when token package is installed. Fixes #1870. Adds some debug messages when token verification fails for some reason. 2017-08-08 13:48:18 +00:00			`local res, error, reason = token_util:process_and_verify_token(session);`

			`if (res == false) then`
			`log("warn",`
			`"Error verifying token err:%s, reason:%s", error, reason);`
On token verification failure return error, reason and stop processing. This was broken with commit c1fb1a7defd00873e8f9c23ab1d99e054148181c, which splits the result in order to print the error reason and in case of error was not returning the error and the message to prosody internals. 2017-10-26 19:01:21 +00:00			`return res, error, reason;`
Installs required basexx when token package is installed. Fixes #1870. Adds some debug messages when token verification fails for some reason. 2017-08-08 13:48:18 +00:00			`end`
Fires event before setting username, allows listeners to override it. This is a hook to override the username that will be used when authenticating token users (which are using anonymous login with auto-generated username). 2017-07-15 03:12:56 +00:00
			`local customUsername`
			`= prosody.events.fire_event("pre-jitsi-authentication", session);`

			`if (customUsername) then`
			`self.username = customUsername;`
			`else`
			`self.username = message;`
			`end`

			`return res;`
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`end`

			`return new_sasl(host, { anonymous = get_username_from_token });`
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00			`end`

			`module:provides("auth", provider);`
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00
			`local function anonymous(self, message)`

			`local username = generate_uuid();`

			`-- This calls the handler created in 'provider.get_sasl_handler(session)'`
			`local result, err, msg = self.profile.anonymous(self, username, self.realm);`

			`if result == true then`
mod_auth_token: Add semicolons Remove unnecessary cjson config 2016-08-29 14:39:47 +00:00			`return "success";`
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`else`

mod_auth_token: Add semicolons Remove unnecessary cjson config 2016-08-29 14:39:47 +00:00			`return "failure", err, msg;`
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`end`
			`end`

			`sasl.registerMechanism("ANONYMOUS", {"anonymous"}, anonymous);`