feature: empty token verification allow list
This commit is contained in:
parent
c30d1e7479
commit
a49b6140e0
|
@ -5,6 +5,7 @@ local log = module._log;
|
||||||
local host = module.host;
|
local host = module.host;
|
||||||
local st = require "util.stanza";
|
local st = require "util.stanza";
|
||||||
local um_is_admin = require "core.usermanager".is_admin;
|
local um_is_admin = require "core.usermanager".is_admin;
|
||||||
|
local jid_split = require "util.jid".split;
|
||||||
|
|
||||||
|
|
||||||
local function is_admin(jid)
|
local function is_admin(jid)
|
||||||
|
@ -39,8 +40,11 @@ log("debug",
|
||||||
|
|
||||||
-- option to disable room modification (sending muc config form) for guest that do not provide token
|
-- option to disable room modification (sending muc config form) for guest that do not provide token
|
||||||
local require_token_for_moderation;
|
local require_token_for_moderation;
|
||||||
|
-- option to not require tokens for certain users and domains
|
||||||
|
local token_empty_allow_list;
|
||||||
local function load_config()
|
local function load_config()
|
||||||
require_token_for_moderation = module:get_option_boolean("token_verification_require_token_for_moderation");
|
require_token_for_moderation = module:get_option_boolean("token_verification_require_token_for_moderation");
|
||||||
|
token_empty_allow_list = module:get_option_set("token_verification_empty_allow_list");
|
||||||
end
|
end
|
||||||
load_config();
|
load_config();
|
||||||
|
|
||||||
|
@ -57,6 +61,19 @@ local function verify_user(session, stanza)
|
||||||
return true;
|
return true;
|
||||||
end
|
end
|
||||||
|
|
||||||
|
-- if token is empty and user matches allow list, skip verification and allow user to join
|
||||||
|
local user, domain, res = jid_split(user_jid);
|
||||||
|
if session.auth_token == nil and user ~= nil and domain ~= nil and token_empty_allow_list then
|
||||||
|
if token_empty_allow_list:contains(domain) then
|
||||||
|
log("debug", "Token not required from user: %s in allowed domain: %s", user_jid, domain);
|
||||||
|
return true;
|
||||||
|
end
|
||||||
|
if token_empty_allow_list:contains(user..'@'..domain) then
|
||||||
|
log("debug", "Token not required from user in allowed list: %s", user_jid);
|
||||||
|
return true;
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
log("debug",
|
log("debug",
|
||||||
"Will verify token for user: %s, room: %s ", user_jid, stanza.attr.to);
|
"Will verify token for user: %s, room: %s ", user_jid, stanza.attr.to);
|
||||||
if not token_util:verify_room(session, stanza.attr.to) then
|
if not token_util:verify_room(session, stanza.attr.to) then
|
||||||
|
|
Loading…
Reference in New Issue