Commit Graph

28 Commits

Author SHA1 Message Date
Andrei Bora b765adca75 Solve review issues and add retries for http call 2020-08-19 17:11:18 +03:00
Andrei Bora 92e6cf7618 Add pre and post validation for users that want to use their own public keys 2020-08-19 16:50:24 +03:00
Aaron van Meerten 36565f0c50 FIX: token util keyurl definition move to above callback definition 2020-08-14 15:23:54 -05:00
Aaron van Meerten 0c48e205d7
Merge branch 'master' into aaronkvanmeerten/jibri-queue-component-modules 2020-08-14 14:21:13 -05:00
Aaron van Meerten 5e35b69fc9 FIX: prosody token util handles race on timeout gracefully 2020-08-14 14:14:29 -05:00
Aaron van Meerten e439d065b7 FEAT: token util better logging for timeouts, verification 2020-08-14 13:52:25 -05:00
Aaron van Meerten d05fa32413 FIX: add flag to control whether to check room claim in JWT validation
jibri queue component stop checking room validation in token
Jibri queue component debug output when bad token is found
2020-08-12 14:43:34 -05:00
Aaron van Meerten 6fc9606c0d FEAT: support updating accepted issuer/aud for token lib 2020-08-10 15:21:31 -05:00
Aaron van Meerten 0bd100f027 FIX: prosody: comment on destroy_request 2020-08-07 13:16:17 -05:00
Aaron van Meerten f14a595462 FIX: prosody: destroy_request check 2020-08-07 13:15:55 -05:00
Aaron van Meerten 11ee71a51c FEAT: jwt pubkey cache inside object
Allows each module that does token validation to have its own cache
2020-08-07 11:51:44 -05:00
damencho 6d3d15a64b feat: Adds an option to validate a recording token. 2020-07-02 12:51:14 -05:00
Wuriyanto 1b8e5d0244 change cjson to cjson.safe and cath error from decode function 2020-05-11 05:46:07 -05:00
Aaron van Meerten 7ce44f85ca changed to using a setter for the asapKeyServer 2019-06-06 15:22:38 -05:00
Aaron van Meerten 41e0d782ce allows override of asap key server in token utility 2019-06-06 14:41:46 -05:00
jmacelroy 573cc64fcd Normalizing subdomain when checking JWTs; similar to room. 2019-02-01 13:19:33 -06:00
Aaron van Meerten 13165990fc supports a '*' in the sub claim to allow access to any room 2019-01-28 16:19:43 -06:00
Дамян Минков ac834326e7
Token based features (#3075)
* Adds an option to disable features based on token data.

Reverts changes from b84e910086, removes disableDesktopSharing option and an interface_config option.

* Disable recording button based on token features data.

Hide recording if local participant isGuest and roles based on token.
When enableUserRolesBasedOnToken is enabled we were not hiding the record button for guests.

* Adds filtering of jibri iqs and rayo based on features.

Moves feature checking in separate utility function.
Renames utility method.

* Adds a footer text when outbound-call is not feature enabled.

* Fixes comments.
2018-06-15 13:10:22 -05:00
Aaron van Meerten 622d4ba89c added checks for audience and issuer values (#1772)
* added checks for audience and issuer values
default audience and issuer checks to validate only appId
added missing documentation lines from the previous PR for context_user and context_group session values

* support for accepting any audience
option set to accept any audience by default
2017-07-13 13:30:17 -05:00
Aaron van Meerten fac6c30b1c use "sub" instead of "aud" to confirm tenant domain settings
stick user and group from token context into session if available
2017-07-12 12:57:55 -05:00
damencho 00afc32b6b Handles '*' as room name in jwt.
Allows '*' in jwt to allow connecting to any room.
2017-06-26 10:51:06 -05:00
damencho 34be638fca Fixes using public key to verify tokens. 2017-05-25 16:45:08 -05:00
damencho 9e728e4b25 Fixes crashing jwt util for anonymous domains.
Room name verification crashes when we have a configured anonymousdomain as it doesn't have any token extracted data. It is safe to skip this check as room creation is verified by jicofo and we have the option restrict_room_creation to admin users.
Removes obsolete print when updating jitsi-meet-tokens.
2017-05-16 08:21:46 -05:00
damencho 88a58a057e Removes not needed parameter token in process_and_verify_token. 2017-05-08 11:23:13 -05:00
damencho 4bb51516bb Adds domain name verification and multidomain support.
Adds option to enable/disable domain checking, disabled by default. Domain verification for multiple domains depends on new option muc_mapper_domain_base.
2017-05-08 11:23:13 -05:00
damencho 0805b9e99e Removes disableRoomNameConstraints option.
This option is useless, as if we do not need to verify room name, we just disable the mod_token_verification module.
2017-05-08 11:23:13 -05:00
damencho 82b27b45fe Moves token related code into util so it can be reused. 2017-05-08 11:23:13 -05:00
Saúl Ibarra Corretgé b01ad360da Move miscellaneous files to resources 2017-02-23 10:01:19 +01:00
Renamed from prosody-plugins/token/util.lib.lua (Browse further)