Update to 2024-07-22 23:00

2025-08-03 23:26:58 +02:00 · 2024-07-22 23:00:11 +02:00
parent f5421b17f0
commit cd302033bd
112 changed files with 15413 additions and 340 deletions
--- a/roles/jitsi/files/prosody/modules/mod_auth_jitsi-anonymous.lua
+++ b/roles/jitsi/files/prosody/modules/mod_auth_jitsi-anonymous.lua
@@ -0,0 +1,78 @@
+-- Anonymous authentication with extras:
+-- * session resumption
+-- Copyright (C) 2021-present 8x8, Inc.
+
+local generate_uuid = require "util.uuid".generate;
+local new_sasl = require "util.sasl".new;
+local sasl = require "util.sasl";
+local sessions = prosody.full_sessions;
+
+-- define auth provider
+local provider = {};
+
+function provider.test_password(username, password)
+    return nil, "Password based auth not supported";
+end
+
+function provider.get_password(username)
+    return nil;
+end
+
+function provider.set_password(username, password)
+    return nil, "Set password not supported";
+end
+
+function provider.user_exists(username)
+    return nil;
+end
+
+function provider.create_user(username, password)
+    return nil;
+end
+
+function provider.delete_user(username)
+    return nil;
+end
+
+function provider.get_sasl_handler(session)
+    -- Custom session matching so we can resume session even with randomly
+    -- generated user IDs.
+    local function get_username(self, message)
+        if (session.previd ~= nil) then
+            for _, session1 in pairs(sessions) do
+                if (session1.resumption_token == session.previd) then
+                    self.username = session1.username;
+                    break;
+                end
+            end
+        else
+            self.username = message;
+        end
+
+        return true;
+    end
+
+    return new_sasl(module.host, { anonymous = get_username });
+end
+
+module:provides("auth", provider);
+
+local function anonymous(self, message)
+    -- Same as the vanilla anonymous auth plugin
+    local username = generate_uuid();
+
+    -- This calls the handler created in 'provider.get_sasl_handler(session)'
+    local result, err, msg = self.profile.anonymous(self, username, self.realm);
+
+    if result == true then
+        if (self.username == nil) then
+            -- Session was not resumed
+            self.username = username;
+        end
+        return "success";
+    else
+        return "failure", err, msg;
+    end
+end
+
+sasl.registerMechanism("ANONYMOUS", {"anonymous"}, anonymous);