When returning the error and showing to user not allowed screen we were not completely halting the prejoin operation when token verification fails on room join and the token is valid in general.
Display name for lobby operations notifications are taken from the list of knocking participants which is available only to moderators. In case of not all moderators the notifications were broken.
* feat: Sends json messages notifying for lobby actions.
* squash: Fixes quotes to be consistent.
* fix: Fixes attempt to call global 'formdecode' (a nil value).
* ref: Rename jitsi_bosh_query_room to jitsi_web_query_room.
This is no longer bosh only and is available for both bosh and websocket sessions.
* feat: Adds feature to disco-info indicating that display name is required.
* feat: Adds option to disable checking whether display name is required.
* ref: Clears auth_token when verification fails.
* squash: Fixing comments.
* squash: Updates to latest lib-jitsi-meet.
* fix: Fixes using token with no user context.
* feat(moderated): Adds option to add moderated rooms and subdomains.
When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room.
* squash: Renames function.
* ref: Removes filtering jicofo setting owners.
This will be disabled on jicofo side and will greatly simplify logic.
Also check the checks to avoid jwt for main domain to access subdomains and the other way around.
* fix: Skips allowners logic for admins.
* Adding whitelist and move away from using custom field for password.
We re-use room lock for lobby password.
* Make sure we do not run muc-occupant-pre-join for non members only rooms.
* Destroying lobby room, when main room is destroyed or membersonly is disabled.
* Adds destroy reason.
* Clears lobby room instance on destroy.
Fixes problem with on/off/on of lobby feature.
* Add lobby room jid only when members only is on.
* Sends main room jid on lobby destroy.
We can use that in client loggic to auto-join lobby participants to main room as lobby is disabled while waiting.
* fix: Fixes using is_healthcheck_room.
* squash: Enables lobby rooms feature by default.
* chore(deps): Update lib-jitsi-meet, to enable lobby rooms.
* Added module for filtering transcription requests from presence stanzas when the users making the requests do not have access to the transcription feature
* Add comments explaining the functionality and configuration for the transcription filtering module.
Co-authored-by: drimovecz <daniel.rimovecz@8x8.com>
It's starting at 1 hour because os.time(os.date("!*t") returns the wrong
time depending on system timezone. os.time() already returns the number
of seconds since epoch in UTC so just use that.
Fixes#5595
In a typical Jitsi Meet setup, this plugin can be used to limit the number of
occupants in a meeting room, while ignoring "utility" users. Such a
configuration could be:
muc_max_occupants = 2
muc_access_whitelist = {
"focus@auth.meet.jitsi";
}
It would be expected that this configuration allows two users to attend the
meeting room, but in practice only one is allowed, because the whitelist is not
honoured.
This commit fixes it by actually updating the `user` and `domain` variables
being checked. After this change, the scenario above works just fine.
The 'previd' query parameter will be use to match user id of the session
being resumed when the smacks module and token authentication are
enabled in Prosody. Otherwise user gets new random id every time and
this doesn't work with the smacks module.
* fixes async_handler_wrapper
adds missing runner variable from async to async_handler_wrapper
removes redundant have_async definition in wrap_async_run, defined at top of module
* only use async handler wrapper,
remove async_wrap_run
* Adds package that can configure using turnserver for jitsi-meet.
Activates http2 on the nginx host and uses the alpn send with the web requests to multiplex traffic to be served as web of proxied to the turn server.
It needs nginx at least v1.13.10.
Adds turncredentials module from Philipp Hancke, with small modification (all int values for hosts need to be strings/tostring()) in order to be able to use the module with prosody 0.11.
* Moves loading of stream after loading stream module (50-..).
* Leaves DISABLE_TCP_HARVESTER to be handled by jvb.
* Fixes comments.
* Properly detect first time coturn install and configure it.
* Handles upgrading from jetty serving web.
* Does not create jvb user if already exists.
* Fixes let's encrypt and adds turnserver handling.
* Enables use of turn server in config.js if available.
* Adds a check whether prosody config exists.
There are cases where deployments can still have configured prosody in the main prosody config in /etc/prosody.
There are modules that will not work with prosody 0.10 as they depend on util.async. Adds a safeguard and print error about it in the logs.
And others that just do not work because of the muc module API that they use.
Adds the component which receives the messages from client and a module which enabled on a virtual host will start advertising the component. When clients discover the component they will send message to the component with the name of the room where the dominant speaker event happen.
The original presence stanza generation code for a poltergeist
has been re-factored and simplified a bit. Every time a
poltergeist presence is updated we first check that the poltergeist
still exists.
* Adds an option to disable features based on token data.
Reverts changes from b84e910086, removes disableDesktopSharing option and an interface_config option.
* Disable recording button based on token features data.
Hide recording if local participant isGuest and roles based on token.
When enableUserRolesBasedOnToken is enabled we were not hiding the record button for guests.
* Adds filtering of jibri iqs and rayo based on features.
Moves feature checking in separate utility function.
Renames utility method.
* Adds a footer text when outbound-call is not feature enabled.
* Fixes comments.
Previously a new call id was generated for INVITE and CANCEL.
Now the id generated during the initial INVITE will be used for
corresponding CANCEL events. Also, adding the ability to
trigger a call cancel via the poltergeist update api.
The current poltergeist http api immediately returns
and does not wait for async work in the handler to finish. This
mostly occurs when a public asap key needs to be fetched due
to a cache miss. The fix implements the strategy described at
https://prosody.im/doc/developers/http.html
When combined with mod_muc_poltergeist mod_muc_call allows
for enabling call features using a proper ext_events.lib.lua
implementation. By default when the module is configured only
stub implementations are used for ext_events.lib.lua as these
are unique between deployments.
* add a prosody module to insert identity information (when available) into
presence
prosody will check for jitsi_meet_context_user and
jitsi_meet_context_group in the session and, if they are present, insert
them into presence (we do this in prosody so they cannot be spoofed).
* remove unused 'presence' variable
* refactor to modify presence message in place
* make object member access consistent
* make the group information optional
This was broken with commit c1fb1a7def, which splits the result in order to print the error reason and in case of error was not returning the error and the message to prosody internals.
Thanks to Matthew Wild for the initial help of creating these.
Module with REST interface to create poltergeist participants and change their statuses.
When user with same id joins the room, the poltergeist is removed. We also make sure that that user uses same username when authenticates. This way we are sure that user will join the room with the same nick as the poltergeist.
This is a hook to override the username that will be used when authenticating token users (which are using anonymous login with auto-generated username).
* added checks for audience and issuer values
default audience and issuer checks to validate only appId
added missing documentation lines from the previous PR for context_user and context_group session values
* support for accepting any audience
option set to accept any audience by default
Room name verification crashes when we have a configured anonymousdomain as it doesn't have any token extracted data. It is safe to skip this check as room creation is verified by jicofo and we have the option restrict_room_creation to admin users.
Removes obsolete print when updating jitsi-meet-tokens.
Returns forbidden error message if module is enabled and the user sending a dialout rayo command is not authenticated through jwt token or is not allowed to enter the room name from the rayo iq.
Checks for a parameter named subdomain and if it exists, adds it to the roomname as used in multiple domain mode ([subdomain]roomname@conference.example.com).
Moves muc_size module to per-host module and adds token verification.
Adds option to enable/disable domain checking, disabled by default. Domain verification for multiple domains depends on new option muc_mapper_domain_base.