Persistent Passwords on Self Hosted Rooms

Just look some posts above:

Thank you. It works.

But there is another problem… (

The password is set. But I see a message that the password was set by other participants. And I don’t see what password is set. I create rooms via JWT. Can I see the password?

Yes. Currently, room passwords are not encrypted. You can view them at this location:

/var/lib/prosody/conference%2eXXXX/persistent_muc_passwds/

(XXXX is the domain name; dots are replaced by %2e)

Did you find a solution to this problem?

I hope not. :slight_smile:

I think it’s good if moderators can change or delete room passwords. Why shouldn’t they be allowed to do this?

Yes. I agree, but in our case we would like the original meeting creator to stay moderator even if they get disconnected or come back a few days later to the persistent password-protected meeting. (We want to deactivate the delegation of moderation rights (and updating the password) to other users other than the original meeting creator

I never really looked for a solution as this does not affect our usecase. I think a viable approach could be to make use of JWTs for authentication combined with token moderation and allowing empty tokens for guests. Just an idea though, I did not drill down on this…

1 Like

The persistent password and lobby feature does not go along. Independently lobby feature does work. I guess it has to do something with the storage component. Going to check that and keep everyone posted here.
When persistent password is enabled, the lobby feature no more works.
This is what I get in the prosody logs when I click on the checkbox to enable lobby feature-
stack traceback:
/usr/lib/prosody/util/async.lua:211: in function ‘run’
/usr/lib/prosody/modules/mod_bosh.lua:447: in function ‘cb_handlestanza’
/usr/lib/prosody/util/xmppstream.lua:182: in function </usr/lib/prosody/util/xmppstream.lua:162>
[C]: in function ‘parse’
/usr/lib/prosody/util/xmppstream.lua:282: in function ‘feed’
/usr/lib/prosody/modules/mod_bosh.lua:133: in function ‘?’
/usr/lib/prosody/util/events.lua:79: in function </usr/lib/prosody/util/events.lua:75>
(…tail calls…)
/usr/lib/prosody/net/http/server.lua:228: in function </usr/lib/prosody/net/http/server.lua:176>
[C]: in function ‘xpcall’
/usr/lib/prosody/net/http/server.lua:108: in function ‘process_next’
/usr/lib/prosody/net/http/server.lua:124: in function ‘success_cb’
/usr/lib/prosody/net/http/parser.lua:177: in function ‘feed’
/usr/lib/prosody/net/http/server.lua:155: in function </usr/lib/prosody/net/http/server.lua:154>
(…tail calls…)
/usr/lib/prosody/net/server_select.lua:915: in function </usr/lib/prosody/net/server_select.lua:899>
[C]: in function ‘xpcall’
/usr/bin/prosody:76: in function ‘loop’
/usr/bin/prosody:86: in main chunk
[C]: in ?

Any idea on this @eknori . Please take a look into this. Thank you!

Just tried the lobby feature with the first lua module solution posted by @plokta and it works fine here.
First made the lobby feature work without the module, then followed the steps from this post.

1 Like

Thanks for the help mate. I’ll try it out and keep you posted!

It does work thanks!

thanks for the @damencho, can you tell me how can i use http.query in lua?
local pass = http.query.for.password for this event.room;
how can i get http variable?

Here is an example https://github.com/jitsi/jitsi-meet/blob/ac17db9df5d61db173f9341017e0515a45cd0d53/resources/prosody-plugins/util.lib.lua#L226

Thank you so much @damencho

Hi @damencho, i have set password using " event.room:set_password(pass); " so when one user enters into room then it’s ok but when other user try to join room then loop begin “Unfortunately, something went wrong.” Can you tell about this?

errors are:
jicofo_1 | Jicofo 2020-09-03 13:34:25.125 WARNING: [55] org.jitsi.jicofo.xmpp.FocusComponent.processIQ() (serving component ‘Jitsi Meet Focus’) Unexpected exception while processing IQ stanza:
jicofo_1 | net.java.sip.communicator.service.protocol.OperationFailedException: Failed to join the room

You need to make sure jicofo can enter that room.
The flow is:

  • client sends an iq to invite jicofo to a room
  • if jicofo does not know anything about this room, creates it by joining of it is already created, skips this step
  • than returns positive response to the client, so client can join the room.
  • the client joins the room

Thansk @damencho, can you tell me how can i do this well i am using jitsi first time.

Thanks @damencho it’s working.

Thx for the code, it really helps and seems to do the trick for me. However, I have a hard time to understand the component configuration. First I copied as you have written it. This did not work, obviously it was not attached to any working config object.

Then, I copied the code to my conference component, and it looks like it seems to work. This is what I have right now:

Component "conference.meet.example.com" "muc"
    storage = "memory"
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        -- "token_verification";
    }
    admins = { "focus@auth.meet.example.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true
    -- here comes the copy & paste
    default_storage = "memory";
    storage =  {
            persistent_muc_passwds = "internal";
    }
    days_to_persist_muc_passwds = 7;
    modules_enabled = {
            "persist_muc_passwords";
    }

While it looks like it works, I have not clue at all what exactly this config is doing. (and how, e.g., the storage designators work).

I would greatly appreciate if you could provide me a link (or search term hint) to what to look out for to understand that part.

Thx,
Rainer

You can read up on the different storage backends in the prosody docs: https://prosody.im/doc/storage

TL/DR: In the config you define different storage backends to be used by the muc component. The default storage backend is set to memory, so data the muc component produces is only kept in memory and lost once the prosody process is restarted or stopped. (This is the default configuration anyway, as the global config already sets memory as storage backend.) Since we want to persist the muc password across restarts, we need to set a different storage backend to be used by the password module. To this end, we use the storage backend called internal which simply writes the data as JSON blob to a file on the harddisk.

Regarding your component config, you don’t need mutliple blocks for storage nor for modules_enabled and you can therefore simplify your config to something like this:

Component "conference.meet.example.com" "muc"
    default_storage = "memory";
    storage =  {
            persistent_muc_passwds = "internal";
    }
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        -- "token_verification";
        "persist_muc_passwords";
    }
    admins = { "focus@auth.meet.example.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true
    days_to_persist_muc_passwds = 7;
1 Like