Add pre and post validation for users that want to use their own public keys
This commit is contained in:
parent
10c2652a4f
commit
92e6cf7618
|
@ -74,18 +74,28 @@ function provider.delete_user(username)
|
||||||
return nil;
|
return nil;
|
||||||
end
|
end
|
||||||
|
|
||||||
|
local function validate_result(session, res, error, reason)
|
||||||
|
if res == false then
|
||||||
|
log("warn",
|
||||||
|
"Error verifying token err:%s, reason:%s", error, reason);
|
||||||
|
session.auth_token = nil;
|
||||||
|
return res, error, reason;
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
function provider.get_sasl_handler(session)
|
function provider.get_sasl_handler(session)
|
||||||
|
|
||||||
local function get_username_from_token(self, message)
|
local function get_username_from_token(self, message)
|
||||||
local res, error, reason = token_util:process_and_verify_token(session);
|
|
||||||
|
|
||||||
if (res == false) then
|
-- retrieve custom public key from server and save it on the session
|
||||||
log("warn",
|
local event_result = prosody.events.fire_event("pre-jitsi-authentication-fetch-key", session);
|
||||||
"Error verifying token err:%s, reason:%s", error, reason);
|
if event_result ~= nil then
|
||||||
session.auth_token = nil;
|
validate_result(session,event_result.res, event_result.error, event_result.reason)
|
||||||
return res, error, reason;
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
local res, error, reason = token_util:process_and_verify_token(session);
|
||||||
|
validate_result(session, res, error, reason);
|
||||||
|
|
||||||
local customUsername
|
local customUsername
|
||||||
= prosody.events.fire_event("pre-jitsi-authentication", session);
|
= prosody.events.fire_event("pre-jitsi-authentication", session);
|
||||||
|
|
||||||
|
@ -102,6 +112,11 @@ function provider.get_sasl_handler(session)
|
||||||
self.username = message;
|
self.username = message;
|
||||||
end
|
end
|
||||||
|
|
||||||
|
local event_result = prosody.events.fire_event("post-jitsi-authentication", session);
|
||||||
|
if event_result ~= nil then
|
||||||
|
validate_result(session,event_result.res, event_result.error, event_result.reason)
|
||||||
|
end
|
||||||
|
|
||||||
return res;
|
return res;
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -301,7 +301,10 @@ function Util:process_and_verify_token(session, acceptedIssuers)
|
||||||
end
|
end
|
||||||
|
|
||||||
local pubKey;
|
local pubKey;
|
||||||
if self.asapKeyServer and session.auth_token ~= nil then
|
if session.public_key then
|
||||||
|
module:log("debug","Public key was found on the session");
|
||||||
|
pubKey = session.public_key;
|
||||||
|
elseif self.asapKeyServer and session.auth_token ~= nil then
|
||||||
local dotFirst = session.auth_token:find("%.");
|
local dotFirst = session.auth_token:find("%.");
|
||||||
if not dotFirst then return nil, "Invalid token" end
|
if not dotFirst then return nil, "Invalid token" end
|
||||||
local header, err = json_safe.decode(basexx.from_url64(session.auth_token:sub(1,dotFirst-1)));
|
local header, err = json_safe.decode(basexx.from_url64(session.auth_token:sub(1,dotFirst-1)));
|
||||||
|
|
Loading…
Reference in New Issue