Add pre and post validation for users that want to use their own public keys

This commit is contained in:
Andrei Bora 2020-08-11 17:29:34 +03:00
parent 10c2652a4f
commit 92e6cf7618
2 changed files with 25 additions and 7 deletions

View File

@ -74,17 +74,27 @@ function provider.delete_user(username)
return nil;
end
function provider.get_sasl_handler(session)
local function get_username_from_token(self, message)
local res, error, reason = token_util:process_and_verify_token(session);
if (res == false) then
local function validate_result(session, res, error, reason)
if res == false then
log("warn",
"Error verifying token err:%s, reason:%s", error, reason);
session.auth_token = nil;
return res, error, reason;
end
end
function provider.get_sasl_handler(session)
local function get_username_from_token(self, message)
-- retrieve custom public key from server and save it on the session
local event_result = prosody.events.fire_event("pre-jitsi-authentication-fetch-key", session);
if event_result ~= nil then
validate_result(session,event_result.res, event_result.error, event_result.reason)
end
local res, error, reason = token_util:process_and_verify_token(session);
validate_result(session, res, error, reason);
local customUsername
= prosody.events.fire_event("pre-jitsi-authentication", session);
@ -102,6 +112,11 @@ function provider.get_sasl_handler(session)
self.username = message;
end
local event_result = prosody.events.fire_event("post-jitsi-authentication", session);
if event_result ~= nil then
validate_result(session,event_result.res, event_result.error, event_result.reason)
end
return res;
end

View File

@ -301,7 +301,10 @@ function Util:process_and_verify_token(session, acceptedIssuers)
end
local pubKey;
if self.asapKeyServer and session.auth_token ~= nil then
if session.public_key then
module:log("debug","Public key was found on the session");
pubKey = session.public_key;
elseif self.asapKeyServer and session.auth_token ~= nil then
local dotFirst = session.auth_token:find("%.");
if not dotFirst then return nil, "Invalid token" end
local header, err = json_safe.decode(basexx.from_url64(session.auth_token:sub(1,dotFirst-1)));