changeset 4695:4b3f054666e6

mod_muc_http_auth: External auth services might need to check on the nickname as well
author Seve Ferrer <seve@delape.net>
date Tue, 21 Sep 2021 14:00:01 +0200
parents 6c57b9e31586
children 6a05c9eb964e
files mod_muc_http_auth/README.md mod_muc_http_auth/mod_muc_http_auth.lua
diffstat 2 files changed, 10 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/mod_muc_http_auth/README.md	Sat Sep 18 11:51:48 2021 +0100
+++ b/mod_muc_http_auth/README.md	Tue Sep 21 14:00:01 2021 +0200
@@ -2,9 +2,9 @@
 
 This module externalizes MUC authorization via HTTP.  
 Whenever a user wants to join a MUC, an HTTP GET request is made to `authorization_url`
-with the user bare jid (`userJID`) and the MUC jid (`mucJID`) as GET parameters.  
+with the user's bare jid (`userJID`), the MUC jid (`mucJID`) and the user's nickname (`nickname`) as GET parameters.  
 Example:  
-`https://www.prosody.im/users/can-join/?userJID=romeo@example.com&mucJID=teaparty@chat.example.com`
+`https://www.prosody.im/users/can-join/?userJID=romeo@example.com&mucJID=teaparty@chat.example.com&nickname=Romeo`
 
 This allows an external service to decide whether a user is authorized to join a MUC or not.  
 
@@ -41,7 +41,7 @@
 
 |Name |Description |Default |
 |-----|------------|--------|
-|muc_http_auth_url| URL of the external HTTP service to which send `userJID` and `mucJID` in a GET request | "" |
+|muc_http_auth_url| URL of the external HTTP service to which send `userJID`, `mucJID` and `nickname` in a GET request | "" |
 |muc_http_auth_enabled_for| List of MUC names (node part) to enable this module for | nil |
 |muc_http_auth_disabled_for| List of MUC names (node part) to disable this module for | nil |
 |muc_http_auth_insecure| Disable certificate verification for request. Only intended for development of the external service. | false |
--- a/mod_muc_http_auth/mod_muc_http_auth.lua	Sat Sep 18 11:51:48 2021 +0100
+++ b/mod_muc_http_auth/mod_muc_http_auth.lua	Tue Sep 21 14:00:01 2021 +0200
@@ -4,6 +4,7 @@
 local st = require "util.stanza";
 local jid_node = require "util.jid".node;
 local jid_bare = require "util.jid".bare;
+local jid_resource = require "util.jid".resource;
 
 local authorization_url = module:get_option("muc_http_auth_url", "")
 local enabled_for = module:get_option_set("muc_http_auth_enabled_for",  nil)
@@ -51,7 +52,12 @@
 	if not must_be_authorized(jid_node(room.jid)) then return; end
 
 	local user_bare_jid = jid_bare(stanza.attr.from);
-	local url = authorization_url .. "?userJID=" .. user_bare_jid .."&mucJID=" .. room.jid;
+	local user_nickname = jid_resource(stanza.attr.to);
+
+	-- Nickname is mandatory to enter a MUC
+	if not user_nickname then return; end
+
+	local url = authorization_url .. "?userJID=" .. user_bare_jid .."&mucJID=" .. room.jid .. "&nickname=" .. user_nickname;
 
 	local result = wait_for(http.request(url, options):next(handle_success, handle_error));
 	local response, err = result.response, result.err;