Jitsi + JWT + special chars in room name

ula.uvula · April 1, 2021, 10:03am

Hi community,
I have successfully running Jitsi + JWT. It works fine.
Prosody version is: Prosody trunk nightly build 1415 (2021-03-24, 671f6b867e0d)

When I use a room name with a blank inside (e.g: “for demo”), it will throw an exception:
token_verification error

Digging in token/util.lib.lua-> verify room:
The variable “room” has the room name url-encoded like “for%20demo”
The variable “auth_room” has room name not url-encode like “for demo”

Any hints?
Thanks in advanced
Uwe

damencho · April 1, 2021, 11:56am

I think this one comes from the jwt, how do you have it in jwt token, it should be URL encoded?

ula.uvula · April 1, 2021, 12:00pm

In JWT I have:
“room”: “for demo”

I try url encoding and testing.
Thanks for quick reply.

ula.uvula · April 6, 2021, 7:41am

Tested.
In general it works, if I url encode my room name in the JWT. So, I have as room name “for demo”. JWT will have now “for%20demo” and it works.

BUT, if I put some other special chars like german umlaute (äöüÄÖÜß) it get strange.

Example without a blank: room name = “abcdefäöüßende”

In /usr/share/jitsi-meet/prosody-plugins/token/util.lib.lua, adding logging information:

Apr 06 09:29:06 general info Room: abcdef%25e4%25f6%25fc%25dfende
Apr 06 09:29:06 general info AuthRoom: abcdefäöüßende

So the room is ISO_8859_1 encoded? And the percent char is escaped (twice)?

If I do this hack in JWT too, so I generate url encode with ISO_8859_1 plus substituting % with %25, it will work.
I can go into the room as organisator.

With “secure domain” setup a guest will not join my room. If I enter the room name from above “abcdefäöüßende” into the meet form,
the meet url is just the same https://my domain/abcdefäöüßende
But I get the information, the organisator is not here and I get a room name “abcdef%c3%a4%c3%b6%c3%bc%c3%9fende”

So it seems, here UTF-8 is used.

ula.uvula · April 6, 2021, 9:56am

Sorry for confusing.
I found the problem with ISO_8859_1/UTF-8 coding.

My web application, generating the JWT will offer the URL to the Jitsi meeting room with the JWT.
Here I just use Tomcat/Primefaces/JSF with <h:outputLink>. Not found yet, but <h:outputLink> will transform the URL to the ISO8859_1 format, so the rooms will not join.

Actual code in my app is just using
URLEncoder + replacing the “+” char to “%20”. See URLEncoder behavior.
urlRoom = URLEncoder.encode(urlRoom, StandardCharsets.UTF_8.name()).replaceAll("\+", “%20”);

So this is all, with this behavior I can handle “blanks” and other special german chars in the room name.
It works fine in my prototype.

ula.uvula · April 8, 2021, 1:27pm

Some additional information for the community.

a.)
If you have special chars in the room name like german umlaute (äöüÄÖÜß).
The “roomName” is mapped to lowercase → äöüÄÖÜß
util.lib.lua: the “auth_room” is not mapped to lowercase
My solution: I map in the JWT the roomname to lowercase (plus URL encoding as above)

b.)
other special chars like brackets are completely dropped from the roomname
But not from “auth_room”, so the names are not matching.
Either remove from JWT too, in my case, I do not allow such special chars.
My pattern:
@Pattern(regexp = “^[- _|a-zA-Z0-9\u00e4\u00c4\u00f6\u00d6\u00fc\u00dc\u00df]+$”)
(using Primeface: pattern will be send to client side validation, so do not use java char classes like \p{Alnum}. JavaScript can’t handle it).