Add pre and post validation for users that want to use their own public keys

This commit is contained in:
Andrei Bora 2020-08-11 17:29:34 +03:00
parent 10c2652a4f
commit 92e6cf7618
2 changed files with 25 additions and 7 deletions

View File

@ -74,18 +74,28 @@ function provider.delete_user(username)
return nil; return nil;
end end
local function validate_result(session, res, error, reason)
if res == false then
log("warn",
"Error verifying token err:%s, reason:%s", error, reason);
session.auth_token = nil;
return res, error, reason;
end
end
function provider.get_sasl_handler(session) function provider.get_sasl_handler(session)
local function get_username_from_token(self, message) local function get_username_from_token(self, message)
local res, error, reason = token_util:process_and_verify_token(session);
if (res == false) then -- retrieve custom public key from server and save it on the session
log("warn", local event_result = prosody.events.fire_event("pre-jitsi-authentication-fetch-key", session);
"Error verifying token err:%s, reason:%s", error, reason); if event_result ~= nil then
session.auth_token = nil; validate_result(session,event_result.res, event_result.error, event_result.reason)
return res, error, reason;
end end
local res, error, reason = token_util:process_and_verify_token(session);
validate_result(session, res, error, reason);
local customUsername local customUsername
= prosody.events.fire_event("pre-jitsi-authentication", session); = prosody.events.fire_event("pre-jitsi-authentication", session);
@ -102,6 +112,11 @@ function provider.get_sasl_handler(session)
self.username = message; self.username = message;
end end
local event_result = prosody.events.fire_event("post-jitsi-authentication", session);
if event_result ~= nil then
validate_result(session,event_result.res, event_result.error, event_result.reason)
end
return res; return res;
end end

View File

@ -301,7 +301,10 @@ function Util:process_and_verify_token(session, acceptedIssuers)
end end
local pubKey; local pubKey;
if self.asapKeyServer and session.auth_token ~= nil then if session.public_key then
module:log("debug","Public key was found on the session");
pubKey = session.public_key;
elseif self.asapKeyServer and session.auth_token ~= nil then
local dotFirst = session.auth_token:find("%."); local dotFirst = session.auth_token:find("%.");
if not dotFirst then return nil, "Invalid token" end if not dotFirst then return nil, "Invalid token" end
local header, err = json_safe.decode(basexx.from_url64(session.auth_token:sub(1,dotFirst-1))); local header, err = json_safe.decode(basexx.from_url64(session.auth_token:sub(1,dotFirst-1)));