2015-11-02 21:02:50 +00:00
|
|
|
-- Token authentication
|
|
|
|
-- Copyright (C) 2015 Atlassian
|
|
|
|
|
2016-08-23 19:42:49 +00:00
|
|
|
local formdecode = require "util.http".formdecode;
|
2015-12-22 18:51:43 +00:00
|
|
|
local generate_uuid = require "util.uuid".generate;
|
2015-11-02 21:02:50 +00:00
|
|
|
local new_sasl = require "util.sasl".new;
|
2015-12-22 18:51:43 +00:00
|
|
|
local sasl = require "util.sasl";
|
2017-05-03 21:48:49 +00:00
|
|
|
local token_util = module:require "token/util".new(module);
|
|
|
|
|
|
|
|
-- no token configuration
|
|
|
|
if token_util == nil then
|
|
|
|
return;
|
|
|
|
end
|
2015-11-02 21:02:50 +00:00
|
|
|
|
|
|
|
-- define auth provider
|
|
|
|
local provider = {};
|
|
|
|
|
2015-12-22 18:51:43 +00:00
|
|
|
local host = module.host;
|
2015-11-02 21:02:50 +00:00
|
|
|
|
2015-12-22 18:51:43 +00:00
|
|
|
-- Extract 'token' param from BOSH URL when session is created
|
|
|
|
module:hook("bosh-session", function(event)
|
|
|
|
local session, request = event.session, event.request;
|
|
|
|
local query = request.url.query;
|
2017-05-03 21:48:49 +00:00
|
|
|
|
2015-12-22 18:51:43 +00:00
|
|
|
if query ~= nil then
|
2017-07-15 03:08:41 +00:00
|
|
|
local params = formdecode(query);
|
|
|
|
session.auth_token = query and params.token or nil;
|
|
|
|
|
|
|
|
-- The room name from the bosh query
|
|
|
|
session.jitsi_bosh_query_room = params.room;
|
|
|
|
end
|
2016-08-29 14:39:47 +00:00
|
|
|
end);
|
2015-12-22 18:51:43 +00:00
|
|
|
|
|
|
|
function provider.test_password(username, password)
|
|
|
|
return nil, "Password based auth not supported";
|
2015-11-02 21:02:50 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
function provider.get_password(username)
|
|
|
|
return nil;
|
|
|
|
end
|
|
|
|
|
|
|
|
function provider.set_password(username, password)
|
|
|
|
return nil, "Set password not supported";
|
|
|
|
end
|
|
|
|
|
|
|
|
function provider.user_exists(username)
|
|
|
|
return nil;
|
|
|
|
end
|
|
|
|
|
|
|
|
function provider.create_user(username, password)
|
|
|
|
return nil;
|
|
|
|
end
|
|
|
|
|
|
|
|
function provider.delete_user(username)
|
|
|
|
return nil;
|
|
|
|
end
|
|
|
|
|
2015-12-22 18:51:43 +00:00
|
|
|
function provider.get_sasl_handler(session)
|
|
|
|
|
|
|
|
local function get_username_from_token(self, message)
|
2017-08-08 13:48:18 +00:00
|
|
|
local res, error, reason = token_util:process_and_verify_token(session);
|
|
|
|
|
|
|
|
if (res == false) then
|
|
|
|
log("warn",
|
|
|
|
"Error verifying token err:%s, reason:%s", error, reason);
|
|
|
|
end
|
2017-07-15 03:12:56 +00:00
|
|
|
|
|
|
|
local customUsername
|
|
|
|
= prosody.events.fire_event("pre-jitsi-authentication", session);
|
|
|
|
|
|
|
|
if (customUsername) then
|
|
|
|
self.username = customUsername;
|
|
|
|
else
|
|
|
|
self.username = message;
|
|
|
|
end
|
|
|
|
|
|
|
|
return res;
|
2015-12-22 18:51:43 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
return new_sasl(host, { anonymous = get_username_from_token });
|
2015-11-02 21:02:50 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
module:provides("auth", provider);
|
2015-12-22 18:51:43 +00:00
|
|
|
|
|
|
|
local function anonymous(self, message)
|
|
|
|
|
|
|
|
local username = generate_uuid();
|
|
|
|
|
|
|
|
-- This calls the handler created in 'provider.get_sasl_handler(session)'
|
|
|
|
local result, err, msg = self.profile.anonymous(self, username, self.realm);
|
|
|
|
|
|
|
|
if result == true then
|
2016-08-29 14:39:47 +00:00
|
|
|
return "success";
|
2015-12-22 18:51:43 +00:00
|
|
|
else
|
|
|
|
|
2016-08-29 14:39:47 +00:00
|
|
|
return "failure", err, msg;
|
2015-12-22 18:51:43 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
sasl.registerMechanism("ANONYMOUS", {"anonymous"}, anonymous);
|