haskal
/
jiti-meet
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX: prosody: room validation on jibri-queue 

The full room JID is now passed properly to verify_token
verify_token now also expects the correct jid for validation
This commit is contained in:
Aaron van Meerten 2020-08-07 12:10:00 -05:00
parent 9b7e8c98ad
commit c4155575f9
1 changed files with 10 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
resources/prosody-plugins/mod_jibri_queue_component.lua
View File

@ -380,7 +380,7 @@ module:log("info", "Loading jibri_queue_component");
-- @param group name of the group (optional) -- @param group name of the group (optional)
-- @param session the session to use for storing token specific fields -- @param session the session to use for storing token specific fields
-- @return true if values are ok or false otherwise -- @return true if values are ok or false otherwise
function verify_token(token, room_name, session) function verify_token(token, room_jid, session)
if disableTokenVerification then if disableTokenVerification then
return true; return true;
end end
@ -395,22 +395,15 @@ function verify_token(token, room_name, session)
end end
session.auth_token = token; session.auth_token = token;
local verified, reason = token_util:process_and_verify_token(session); local verified, reason, message = token_util:process_and_verify_token(session);
if not verified then if not verified then
log("warn", "not a valid token %s", tostring(reason)); log("warn", "not a valid token %s: %s", tostring(reason), tostring(message));
return false; return false;
end end
local room_address = jid.join(room_name, module:get_host()); if not token_util:verify_room(session, room_jid) then
-- if there is a group we are in multidomain mode and that group is not log("warn", "Token %s not allowed to access: %s",
-- our parent host tostring(token), tostring(room_jid));
if group and group ~= "" and group ~= parentHostName then
room_address = "["..group.."]"..room_address;
end
if not token_util:verify_room(session, room_address) then
log("warn", "Token %s not allowed to join: %s",
tostring(token), tostring(room_address));
return false; return false;
end end
@ -455,11 +448,13 @@ function handle_update_jibri_queue(event)
local position = body["position"]; local position = body["position"];
local requestId = body["requestId"]; local requestId = body["requestId"];
if not verify_token(token, roomAddress, {}) then local room_jid = room_jid_match_rewrite(roomAddress);
if not verify_token(token, room_jid, {}) then
return { status_code = 403; }; return { status_code = 403; };
end end
local room = get_room_from_jid(room_jid_match_rewrite(roomAddress)); local room = get_room_from_jid(room_jid);
if (not room) then if (not room) then
log("error", "no room found %s", roomAddress); log("error", "no room found %s", roomAddress);
return { status_code = 404; }; return { status_code = 404; };