Lobby required displayname (#7197)

* ref: Rename jitsi_bosh_query_room to jitsi_web_query_room. This is no longer bosh only and is available for both bosh and websocket sessions. * feat: Adds feature to disco-info indicating that display name is required. * feat: Adds option to disable checking whether display name is required. * ref: Clears auth_token when verification fails. * squash: Fixing comments. * squash: Updates to latest lib-jitsi-meet.
2020-06-30 08:15:08 -05:00 · 2020-06-30 08:15:08 -05:00 · a4ca247056
parent eac891585b
commit a4ca247056
6 changed files with 75 additions and 11 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -10724,8 +10724,8 @@
      }
    },
    "lib-jitsi-meet": {
-      "version": "github:jitsi/lib-jitsi-meet#4fec06db7fc59a88021ec0b409eda47f21c42902",
-      "from": "github:jitsi/lib-jitsi-meet#4fec06db7fc59a88021ec0b409eda47f21c42902",
+      "version": "github:jitsi/lib-jitsi-meet#8f9bd254bb3813808e6e1f7974aacc4d1414fcdb",
+      "from": "github:jitsi/lib-jitsi-meet#8f9bd254bb3813808e6e1f7974aacc4d1414fcdb",
      "requires": {
        "@jitsi/sdp-interop": "1.0.3",
        "@jitsi/sdp-simulcast": "0.3.0",
--- a/package.json
+++ b/package.json
@ -56,7 +56,7 @@
    "js-md5": "0.6.1",
    "js-utils": "github:jitsi/js-utils#cf11996bd866fdb47326c59a5d3bc24be17282d4",
    "jwt-decode": "2.2.0",
-    "lib-jitsi-meet": "github:jitsi/lib-jitsi-meet#4fec06db7fc59a88021ec0b409eda47f21c42902",
+    "lib-jitsi-meet": "github:jitsi/lib-jitsi-meet#8f9bd254bb3813808e6e1f7974aacc4d1414fcdb",
    "libflacjs": "github:mmig/libflac.js#93d37e7f811f01cf7d8b6a603e38bd3c3810907d",
    "lodash": "4.17.13",
    "moment": "2.19.4",
--- a/resources/prosody-plugins/mod_auth_token.lua
+++ b/resources/prosody-plugins/mod_auth_token.lua
@ -25,15 +25,25 @@ function init_session(event)

 	if query ~= nil then
        local params = formdecode(query);
+
+        -- The following fields are filled in the session, by extracting them
+        -- from the query and no validation is beeing done.
+        -- After validating auth_token will be cleaned in case of error and few
+        -- other fields will be extracted from the token and set in the session
+
        session.auth_token = query and params.token or nil;
        -- previd is used together with https://modules.prosody.im/mod_smacks.html
        -- the param is used to find resumed session and re-use anonymous(random) user id
        -- (see get_username_from_token)
        session.previd = query and params.previd or nil;

-        -- The room name and optional prefix from the bosh query
-        session.jitsi_bosh_query_room = params.room;
-        session.jitsi_bosh_query_prefix = params.prefix or "";
+        -- The room name and optional prefix from the web query
+        session.jitsi_web_query_room = params.room;
+        session.jitsi_web_query_prefix = params.prefix or "";
+
+        -- Deprecated, you should use jitsi_web_query_room and jitsi_web_query_prefix
+        session.jitsi_bosh_query_room = session.jitsi_web_query_room;
+        session.jitsi_bosh_query_prefix = session.jitsi_web_query_prefix;
    end
 end

@ -72,6 +82,7 @@ function provider.get_sasl_handler(session)
        if (res == false) then
            log("warn",
                "Error verifying token err:%s, reason:%s", error, reason);
+            session.auth_token = nil;
            return res, error, reason;
        end

--- a/resources/prosody-plugins/mod_muc_lobby_rooms.lua
+++ b/resources/prosody-plugins/mod_muc_lobby_rooms.lua
@ -28,6 +28,9 @@ local jid_bare = require 'util.jid'.bare;
 local filters = require 'util.filters';
 local st = require 'util.stanza';
 local MUC_NS = 'http://jabber.org/protocol/muc';
+local DISCO_INFO_NS = 'http://jabber.org/protocol/disco#info';
+local DISPLAY_NAME_REQUIRED_FEATURE = 'http://jitsi.org/protocol/lobbyrooms#displayname_required';
+local LOBBY_IDENTITY_TYPE = 'lobbyrooms';

 local is_healthcheck_room = module:require "util".is_healthcheck_room;

@ -42,7 +45,14 @@ if lobby_muc_component_config == nil then
    return ;
 end

-local whitelist = module:get_option_set("muc_lobby_whitelist", {});
+local whitelist;
+local check_display_name_required;
+local function load_config()
+    whitelist = module:get_option_set("muc_lobby_whitelist", {});
+    check_display_name_required
+        = module:get_option_boolean("muc_lobby_check_display_name_required", true);
+end
+load_config();

 local lobby_muc_service;
 local main_muc_service;
@ -84,6 +94,9 @@ function filter_stanza(stanza)
            end

            return nil;
+        elseif stanza.name == 'iq' and stanza:get_child('query', DISCO_INFO_NS) then
+            -- allow disco info from the lobby component
+            return stanza;
        end

        return nil;
@ -125,7 +138,24 @@ function process_lobby_muc_loaded(lobby_muc, host_module)
    filters.add_filter_hook(filter_session);

    -- Advertise lobbyrooms support on main domain so client can pick up the address and use it
-    module:add_identity('component', 'lobbyrooms', lobby_muc_component_config);
+    module:add_identity('component', LOBBY_IDENTITY_TYPE, lobby_muc_component_config);
+
+    -- Tag the disco#info response with a feature that display name is required
+    -- when the conference name from the web request has a lobby enabled.
+    host_module:hook("host-disco-info-node", function (event)
+        local session, reply, node = event.origin, event.reply, event.node;
+        if node == LOBBY_IDENTITY_TYPE
+            and session.jitsi_web_query_room
+            and main_muc_service
+            and check_display_name_required then
+            local room = main_muc_service.get_room_from_jid(
+                jid_bare(session.jitsi_web_query_room .. '@' .. main_muc_component_config));
+            if room and room._data.lobbyroom then
+                reply:tag("feature", { var = DISPLAY_NAME_REQUIRED_FEATURE }):up();
+            end
+        end
+        event.exists = true;
+    end);

    local room_mt = lobby_muc_service.room_mt;
    -- we base affiliations (roles) in lobby muc component to be based on the roles in the main muc
@ -256,3 +286,25 @@ process_host_module(main_muc_component_config, function(host_module, host)
        end
    end, -4); -- the default hook on members_only module is on -5
 end);
+
+-- Extract 'room' param from URL when session is created
+function update_session(event)
+    local session = event.session;
+
+    if session.jitsi_web_query_room then
+        -- no need for an update
+        return;
+    end
+
+    local query = event.request.url.query;
+    if query ~= nil then
+        local params = formdecode(query);
+        -- The room name and optional prefix from the web query
+        session.jitsi_web_query_room = params.room;
+        session.jitsi_web_query_prefix = params.prefix or "";
+    end
+end
+
+module:hook_global("bosh-session", update_session);
+module:hook_global("websocket-session", update_session);
+module:hook_global('config-reloaded', load_config);
--- a/resources/prosody-plugins/mod_muc_poltergeist.lua
+++ b/resources/prosody-plugins/mod_muc_poltergeist.lua
@ -106,8 +106,8 @@ prosody.events.add_handler("pre-jitsi-authentication", function(session)

    if (session.jitsi_meet_context_user) then
        local room = get_room(
-            session.jitsi_bosh_query_room,
-            session.jitsi_bosh_query_prefix);
+            session.jitsi_web_query_room,
+            session.jitsi_web_query_prefix);

        if (not room) then
            return nil;
--- a/resources/prosody-plugins/mod_token_verification.lua
+++ b/resources/prosody-plugins/mod_token_verification.lua
@ -93,7 +93,8 @@ for event_name, method in pairs {
            return;
        end

-        if not session.auth_token then
+        -- jitsi_meet_room is set after the token had been verified
+        if not session.auth_token or not session.jitsi_meet_room then
            session.send(
                st.error_reply(
                    stanza, "cancel", "not-allowed", "Room modification disabled for guests"));