Merge pull request #4379 from esl/XEP-0484

XEP-0484 Fast Token Auth

Author: NelsonVides

big_tests/default.spec

@@ -17,6 +17,7 @@
 {suites, "tests", amp_big_SUITE}.
 {suites, "tests", anonymous_SUITE}.
 {suites, "tests", bind2_SUITE}.
+{suites, "tests", fast_auth_token_SUITE}.
 {suites, "tests", bosh_SUITE}.
 {suites, "tests", carboncopy_SUITE}.
 {suites, "tests", connect_SUITE}.

big_tests/dynamic_domains.spec

@@ -16,6 +16,7 @@
 {suites, "tests", amp_big_SUITE}.
 {suites, "tests", anonymous_SUITE}.
 {suites, "tests", bind2_SUITE}.
+{suites, "tests", fast_auth_token_SUITE}.
 {suites, "tests", bosh_SUITE}.
 {suites, "tests", carboncopy_SUITE}.
 {suites, "tests", connect_SUITE}.

big_tests/src/time_helper.erl

@@ -0,0 +1,24 @@
+-module(time_helper).
+-export([validate_datetime/1]).
+
+%% @doc Validates that string is in ISO 8601 format
+-spec validate_datetime(string()) -> boolean().
+validate_datetime(TimeStr) ->
+    [Date, Time] = string:tokens(TimeStr, "T"),
+    validate_date(Date) and validate_time(Time).
+
+validate_date(Date) ->
+    [Y, M, D] = string:tokens(Date, "-"),
+    Date1 = {list_to_integer(Y), list_to_integer(M), list_to_integer(D)},
+    calendar:valid_date(Date1).
+
+validate_time(Time) ->
+  [T | _] = string:tokens(Time, "Z"),
+  validate_time1(T).
+
+validate_time1(Time) ->
+    [H, M, S] = string:tokens(Time, ":"),
+    check_list([{H, 24}, {M, 60}, {S, 60}]).
+
+check_list(List) ->
+    lists:all(fun({V, L}) -> I = list_to_integer(V), I >= 0 andalso I < L end, List).

big_tests/tests/fast_auth_token_SUITE.erl

@@ -963,7 +963,7 @@ retrieve_offline(Config) ->
                 #{ "packet" => [{contains, Body}],
                     "from" => binary_to_list(From),
                     "to" => binary_to_list(To),
-                    "timestamp" => [{validate, fun validate_datetime/1}]}
+                    "timestamp" => [{validate, fun time_helper:validate_datetime/1}]}
             end, Expected),
 
             retrieve_and_validate_personal_data(
@@ -1777,28 +1777,6 @@ send_and_assert_is_chat_message(UserFrom, UserTo, Body) ->
     Msg = escalus:wait_for_stanza(UserTo),
     escalus:assert(is_chat_message, [Body], Msg).
 
-validate_datetime(TimeStr) ->
-    [Date, Time] = string:tokens(TimeStr, "T"),
-    validate_date(Date),
-    validate_time(Time).
-
-validate_date(Date) ->
-    [Y, M, D] = string:tokens(Date, "-"),
-    Date1 = {list_to_integer(Y), list_to_integer(M), list_to_integer(D)},
-    calendar:valid_date(Date1).
-
-validate_time(Time) ->
-  [T | _] = string:tokens(Time, "Z"),
-  validate_time1(T).
-
-
-validate_time1(Time) ->
-    [H, M, S] = string:tokens(Time, ":"),
-    check_list([{H, 24}, {M, 60}, {S, 60}]).
-
-check_list(List) ->
-    lists:all(fun({V, L}) -> I = list_to_integer(V), I >= 0 andalso I < L end, List).
-
 expected_header(mod_roster) -> ["jid", "name", "subscription",
                               "ask", "groups", "askmessage", "xs"].
 

big_tests/tests/gdpr_SUITE.erl

@@ -21,9 +21,18 @@ load_all_sasl2_modules(HostType) ->
                {mod_sasl2, default_mod_config(mod_sasl2)},
                {mod_csi, default_mod_config(mod_csi)},
                {mod_carboncopy, default_mod_config(mod_carboncopy)},
-               {mod_stream_management, mod_config(mod_stream_management, SMOpts)}],
+               {mod_stream_management, mod_config(mod_stream_management, SMOpts)}]
+        ++ rdbms_mods(),
     dynamic_modules:ensure_modules(HostType, Modules).
 
+rdbms_mods() ->
+    case mongoose_helper:is_rdbms_enabled(domain_helper:host_type()) of
+        true ->
+            [{mod_fast_auth_token, mod_config(mod_fast_auth_token, #{backend => rdbms})}];
+        false ->
+            []
+    end.
+
 apply_steps(Steps, Config) ->
     apply_steps(Steps, Config, undefined, #{}).
 

big_tests/tests/sasl2_helper.erl

@@ -99,6 +99,9 @@ This applies to situations such as sending messages or presences to mobile/SMS/e
 Implements [XEP-0215: External Service Discovery](http://xmpp.org/extensions/xep-0215.html) for discovering information about services external to the XMPP network.
 The main use-case is to help discover STUN/TURN servers to allow for negotiating media exchanges.
 
+### [mod_fast_auth_token](../modules/mod_fast_auth_token.md)
+A module that implements [XEP-0484: Fast Authentication Streamlining Tokens](https://xmpp.org/extensions/xep-0484.html)..
+
 ### [mod_http_upload](../modules/mod_http_upload.md)
 Implements [XEP-0363: HTTP File Upload](https://xmpp.org/extensions/xep-0363.html) for coordinating with an XMPP server to upload files via HTTP and receive URLs that can be shared in messages.
 

doc/configuration/Modules.md

@@ -0,0 +1,39 @@
+## Module Description
+
+This module implements [XEP-0484: Fast Authentication Streamlining Tokens](https://xmpp.org/extensions/xep-0484.html).
+It provides services necessary to:
+
+* issue auth tokens for authenticated users;
+* reconnect to the server using the tokens instead of the original auth method.
+
+Tokens are stored in RDBMS.
+
+It is not related to another similar module `mod_auth_token`.
+
+## Options
+
+### `modules.mod_fast_auth_token.backend`
+* **Syntax:** non-empty string
+* **Default:** `"rdbms"`
+* **Example:** `backend = "rdbms"`
+
+Token storage backend. Currently only `"rdbms"` is supported.
+
+### `modules.mod_fast_auth_token.validity_period`
+* **Syntax:** TOML table. Each key is either `access` or `rotate_before_expire`.Each value is a nested TOML table with the following mandatory keys: `value` (non-negative integer) and `unit` (`"days"`, `"hours"`, `"minutes"` or `"seconds"`).
+* **Default:** `{access = {value = 3, unit = "days"}, rotate_before_expire = {value = 6, unit = "hours"}}`
+* **Example:** `validity_period.access = {value = 30, unit = "minutes"}`
+
+The user can use each token for `access` period of time before it expired.
+
+The server would [send](https://xmpp.org/extensions/xep-0484.html#token-rotation)
+a new token at the login time `rotate_before_expire` time before it expires.
+Set it to 0 to disable automatic rotation.
+
+## Example configuration
+
+```toml
+[modules.mod_fast_auth_token]
+  validity_period.access = {value = 1, unit = "days"}
+  validity_period.rotate_before_expire = {value = 0, unit = "days"}
+```

doc/modules/mod_fast_auth_token.md

@@ -85,6 +85,7 @@
 -define(NS_SESSION,             <<"urn:ietf:params:xml:ns:xmpp-session">>).
 -define(NS_BIND,                <<"urn:ietf:params:xml:ns:xmpp-bind">>).
 -define(NS_BIND_2,              <<"urn:xmpp:bind:0">>).
+-define(NS_FAST,                <<"urn:xmpp:fast:0">>).
 
 -define(NS_FEATURE_IQAUTH,      <<"http://jabber.org/features/iq-auth">>).
 -define(NS_FEATURE_IQREGISTER,  <<"http://jabber.org/features/iq-register">>).

include/mongoose_ns.hrl

@@ -133,6 +133,7 @@ nav:
           - 'RabbitMQ backend': 'modules/mod_event_pusher_rabbit.md'
           - 'SNS backend': 'modules/mod_event_pusher_sns.md'
       - 'mod_extdisco': 'modules/mod_extdisco.md'
+      - 'mod_fast_auth_token': 'modules/mod_fast_auth_token.md'
       - 'mod_global_distrib': 'modules/mod_global_distrib.md'
       - 'mod_http_upload': 'modules/mod_http_upload.md'
       - 'mod_inbox': 'modules/mod_inbox.md'