Persistent Passwords on Self Hosted Rooms

This

ok, got it.
and we are still talking about the user “focus” instead of “jicofo”, are we?

if user==‘focus’ and domain==‘auth.foo.bar’ then…

YEAAAAHHHHH!!!
It’s “focus” and it works!!!

Thanks a ton guys, you’re the best!

Two more things if i may:

  • Any option to delete the persitent room after 30 days or so?
  • And any idea on how to force a password creation everytime from the organisator before anyone else can enter a room?

thanks
Sascha

Also,

  • something like a waiting room (noone, even with a password, can enter a room, as long as no organisatior has logged in) would be great.
  • And / Or some knocking feature (guest have to be allowed to enter the room after “knocking” by the organisator)
    Maybe this is all possible allready, and i just can’t find that.

Could someone pls give an exact step-by-step guide, how to make it work?
I am on prosody 0.11.5 but still cannot get it working. I am new to all this stuff. So pls. Bare with me.

Hi @eknori, having had quite some trouble with finding all information by myself
The people on this forum helped so much.
So maybe i can give something back…here you go:

  • first of all, you do need at least prosody 0.11 for this to work, i am on 0.11.5-1 and that seems to be just stable.

  • then continue with the setup:

1.) Write a module, e.g. /usr/share/jitsi-meet/prosody-plugins/mod_whitelist_jicofo.lua with following content:

local MUC_NS = "http://jabber.org/protocol/muc";
local jid = require "util.jid";
module:hook("muc-occupant-pre-join", function (event)
local room, stanza = event.room, event.stanza;

local user, domain, res = jid.split(event.stanza.attr.from);
log("info", "--------------> user %s domain %s res %s pass %s", tostring(user),tostring(domain),tostring(res),tostring(room:get_password()));

if user=='focus' and domain=='auth.foo.bar' then
  local join = stanza:get_child("x", MUC_NS);
  join:tag("password", { xmlns = MUC_NS }):text(room:get_password());
end;

end);

2.) Edit /etc/prosody/conf.avail/your.site.cfg.lua like so:

[…]
Component “conference.foo.bar” “muc”
muc_room_default_persistent = true

storage = “memory”

modules_enabled = {
“muc_meeting_id”;
“muc_domain_mapper”;
"whitelist_jicofo";
}
admins = { “focus@auth.foo.bar” }
[…]

3.) restart prosody and jicofo

4.) enter a new room “test5” and provide it with a password “1234”

5.) everybody leave the room then.

6.) reopen the once created room

7.) you will be asked for a password!

That’s pretty much it, persistent rooms!

Would like to ask again though, if there’s any way these things could be achieved:

  • Any option to delete the persitent room after 30 days or so?
  • And any idea on how to force a password creation everytime from the organisator before anyone else can enter a room?
  • something like a waiting room (noone, even with a password, can enter a room, as long as no organisatior has logged in) would be great.
  • And / Or some knocking feature (guest have to be allowed to enter the room after “knocking” by the organisator)

thanks people, you’re all doing a tremendous job here!
Jitsi is a really cool piece of software, though its documentation being a little…let’s say, fragmented…:slight_smile:

6 Likes

Thanks for your work!!! :slight_smile:

I seems not to work for me yet.
When I try to to re-enter the previously closed room I am ending in a loop continuously trying to enter…

This is jicofo logfile:

Jicofo 2020-05-10 01:14:10.964 WARNING: [87] org.jitsi.impl.protocol.xmpp.ChatRoomImpl.log() Unable to handle packet: <presence to='focus@auth.192.168.2.161/focus30166231561' from='test5@conference.192.168.2.161/focus' id='AGTGm-235' type='error'><x xmlns='http://jabber.org/protocol/muc' xmlns:stream='http://etherx.jabber.org/streams'></x><error type='auth'><not-authorized xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error></presence>
(...)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: org.jivesoftware.smack.XMPPException$XMPPErrorException: XMPP error reply received from test5@conference.192.168.2.161/focus: XMPPError: not-authorized - auth
	at org.jivesoftware.smack.XMPPException$XMPPErrorException.ifHasErrorThenThrow(XMPPException.java:132)
	at org.jivesoftware.smack.StanzaCollector.nextResultOrThrow(StanzaCollector.java:263)
	at org.jivesoftware.smackx.muc.MultiUserChat.enter(MultiUserChat.java:355)
	at org.jivesoftware.smackx.muc.MultiUserChat.createOrJoin(MultiUserChat.java:498)
	at org.jivesoftware.smackx.muc.MultiUserChat.createOrJoin(MultiUserChat.java:444)
	at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.joinAs(ChatRoomImpl.java:240)
	... 17 more

Any ideas would be very much appreciated.

@ tafkaz Thanks. I followed your step-by-step instruction. I have modified the domain part in the lua script to match my environment.
I am on prosody 0.11.5.
I can create a new room and apply a password. When I leave the room and re-enter it, I am ending in a loop

 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
   Caused by: org.jivesoftware.smack.XMPPException$XMPPErrorException: XMPP error reply    received from test12345@conference.meet-eknori.spdns.de/focus: XMPPError: not-authorized - auth
    at org.jivesoftware.smack.XMPPException$XMPPErrorException.ifHasErrorThenThrow(XMPPException.java:132)
    at org.jivesoftware.smack.StanzaCollector.nextResultOrThrow(StanzaCollector.java:263)
    at org.jivesoftware.smackx.muc.MultiUserChat.enter(MultiUserChat.java:355)
    at org.jivesoftware.smackx.muc.MultiUserChat.createOrJoin(MultiUserChat.java:498)
    at org.jivesoftware.smackx.muc.MultiUserChat.createOrJoin(MultiUserChat.java:444)
    at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.joinAs(ChatRoomImpl.java:240)
    ... 17 more

This happens as soon as

muc_room_default_persistent = true

is present.

For me it looks like the mod_whitelist_jicofo.lua is not invoked.

Got it working now. Check the parentheses in your script. If you have copied the code, parentheses are wrong and the .lua is not loaded.

parentheses? Could you please post your working version of the script?

here it is, but i am afraid, the editor will break it again

local MUC_NS = "http://jabber.org/protocol/muc";
local jid = require "util.jid";

module:hook("muc-occupant-pre-join", function (event)

local room, stanza = event.room, event.stanza;
local user, domain, res = jid.split(event.stanza.attr.from);

log("INFO", "--------------> user %s domain %s res %s pass %s", tostring(user),tostring(domain),tostring(res),tostring(room:get_password()));
if user=='focus' and domain=='auth.meet-eknori.spdns.de' then
  local join = stanza:get_child("x", MUC_NS);
  join:tag("password", { xmlns = MUC_NS }):text(room:get_password());
end;
end);

ah, looks good. Compare the parantheses in my code snippet with the original code.

2 Likes

Hi @eknori, yes…right…my bad, sorry.
Very hard to find though :smile:

I edited my walkthrough accordingly, should work now.

Sascha

It does! Thanks a lot! :slight_smile:

There is one question remaining: what to do if I’ve forgotten a password?

I’ve found out that all persisting room passwords will be removed when I restart prosody:

service prosody restart

Is there another way? Let’s say I do not want to remove all passwords but just one password from one specific room?

1 Like

we should really start adding these kind of walk-throughs into the wiki.
let’s make it easier to find documentation on specific topics. nobody wants to read 70 posts in a thread with ghe slight chance to find a solution, don’t you acknowledge?

1 Like

Good idea!
You mean here?

Maybe we should start a new section “addon tutorials” or something like this…

It would also be nice to integrate such useful thins into Jitsi Meet debian package.

4 Likes

You can set storage = “internal” in conference component configuration to survive prosody restart. It will be saved to /var/lib/prosody/conference…

Thanks, sounds good.
However… are there any side effects? The storage directive will also affect other modules like “muc_meeting_id” and “muc_domain_mapper”.

Yes, for example.
We could still discuss feature requests and their approaches in the forum, but we shuld start collecting howtos somewhere, once we have a working solution.
This trial and error game, fetching for billion of information snippets scattered everywhere…doesn’t sound like a good option to me.

1 Like

It seems all room related data will be saved as well.

Will do more testings.

I got it working.

Component "conference.example.com" "muc"
    muc_room_default_persistent = true

   default_storage = "memory"
   modules_enabled = {
    "muc_meeting_id";
    "muc_domain_mapper";
    "whitelist_jicofo";

    }
    storage = {
            config = "internal";
    }

    admins = ...

You can have different stores for different data https://prosody.im/doc/storage

In my configuration, everything is stored in memory except config data. this is stored internal.
And with this setup the room password is available even after a server reboot.

My only concern is that the data is stored unencrypted. Maybe there already is a solution for that.

2 Likes