search

nvonahsen / jitsi-token-moderation-plugin

Lua plugin for jitsi which determines whether users are moderator or not based on token contents
MIT License
167 stars 96 forks source link

Failed to grant owner status to xyz #7

Open h0jeZvgoxFepBQ2C opened 4 years ago

h0jeZvgoxFepBQ2C commented 4 years ago 
Jicofo 2020-05-19 15:42:09.486 SEVERE: [28] org.jitsi.jicofo.ChatRoomRoleAndPresence.log() Failed to grant owner status to e9ed9879-fe0f-4530-bf97-acf4ba01616d@myserver123.com/6Ao96YQO
java.lang.RuntimeException: Failed to grant owner: <iq to='focus@auth.myserver123.com/focus16196123808187' from='localhost-3000-quickvideoroom@conference.myserver123.com' id='DzHNr-577' type='error'><error type='modify'><not-acceptable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error></iq>
  at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.grantOwnership(ChatRoomImpl.java:808)
  at org.jitsi.jicofo.ChatRoomRoleAndPresence.grantOwner(ChatRoomRoleAndPresence.java:332)
  at org.jitsi.jicofo.ChatRoomRoleAndPresence.electNewOwner(ChatRoomRoleAndPresence.java:247)
  at org.jitsi.jicofo.ChatRoomRoleAndPresence.memberPresenceChanged(ChatRoomRoleAndPresence.java:159)
  at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.lambda$notifyMemberJoined$1(ChatRoomImpl.java:917)
  at java.util.concurrent.CopyOnWriteArrayList.forEach(CopyOnWriteArrayList.java:891)
  at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.notifyMemberJoined(ChatRoomImpl.java:917)
  at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.processOtherPresence(ChatRoomImpl.java:1206)
  at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.processPresence(ChatRoomImpl.java:1255)
  at org.jivesoftware.smackx.muc.MultiUserChat$3.processStanza(MultiUserChat.java:251)
  at org.jivesoftware.smack.AbstractXMPPConnection$6.run(AbstractXMPPConnection.java:1263)
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
  at java.lang.Thread.run(Thread.java:748)

Do you have any idea why this doesn't work?

h0jeZvgoxFepBQ2C commented 4 years ago

Someone here has the same problem: https://community.jitsi.org/t/focus-issue-on-a-jwt-secured-domain/52240

h0jeZvgoxFepBQ2C commented 4 years ago

Also related: https://community.jitsi.org/t/failed-to-grant-owner-status-in-jicofo-probably-muc-component-connection-failing-in-jicofo/20534/21

fritzfr commented 4 years ago

Same error.

bryanasdev000 commented 4 years ago

Hi @h0jeZvgoxFepBQ2C and @fritzfr!

So, i'm not sure that this error is strictly related to this plugin, I know there is "extra config" to make Jibri works with authentication (any method) you can see #3 for more information and I have no idea about Jigasi.

I'm running this plugin with a fork of luajwt and its working flawless.

Try to remove the this plugin to see how Jitsi handle it, probably this is a misconfiguration of the authentication plugin.

GeoffRichards commented 4 years ago

I think this is the same problem as I was having. I managed to fix it by tweaking the code to match the normal Jitsi affiliation setting, which looks at the 'admins' setting. Added a pull request with that: https://github.com/nvonahsen/jitsi-token-moderation-plugin/pull/10

nvonahsen commented 4 years ago

Have merged @GeoffRichards pull request, i'd noticed this error in the past but never noticed any problems caused by it but hopefully this gives a solution

ne018 commented 4 years ago

it's still persist, i'm still encounter the problem with latest mod_token_moderation, any updates from @h0jeZvgoxFepBQ2C ?

h0jeZvgoxFepBQ2C commented 4 years ago

No sorry, we moved to BigBlueButton anyway due to better performance/featureset..

bryanasdev000 commented 4 years ago

Hi @ne018 !

Do you have any logs that you can share ?

ne018 commented 4 years ago

Hi @ne018 !

Do you have any logs that you can share ?

here's my error log from jicofo: Jicofo 2020-07-09 11:04:04.533 SEVERE: [29] org.jitsi.jicofo.ChatRoomRoleAndPresence.log() Failed to grant owner status to 61a03ffc-9f6e-4771-aa42-194a9ba6d0f5@jitsimeetdomain.com/VMizvxSK java.lang.RuntimeException: Failed to grant owner: <iq to='focus@auth.jitsimeetdomain.com/focus560766649013889' from='d6qa-45p-n7b@conference.jitsimeetdomain.com' id='zzdLw-728' type='error'><error type='modify'><not-acceptable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error></iq> at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.grantOwnership(ChatRoomImpl.java:808) at org.jitsi.jicofo.ChatRoomRoleAndPresence.grantOwner(ChatRoomRoleAndPresence.java:332) at org.jitsi.jicofo.ChatRoomRoleAndPresence.checkGrantOwnerToAuthUser(ChatRoomRoleAndPresence.java:357) at org.jitsi.jicofo.ChatRoomRoleAndPresence.memberPresenceChanged(ChatRoomRoleAndPresence.java:163) at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.lambda$notifyMemberJoined$1(ChatRoomImpl.java:917) at java.util.concurrent.CopyOnWriteArrayList.forEach(CopyOnWriteArrayList.java:891) at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.notifyMemberJoined(ChatRoomImpl.java:917) at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.processOtherPresence(ChatRoomImpl.java:1212) at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.processPresence(ChatRoomImpl.java:1261) at org.jivesoftware.smackx.muc.MultiUserChat$3.processStanza(MultiUserChat.java:251) at org.jivesoftware.smack.AbstractXMPPConnection$6.run(AbstractXMPPConnection.java:1263) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)

then here's my config /etc/prosody/conf.avail/mydomain.com.cfg.lua

`Component "conference.mydomain.com" "muc" storage = "memory" modules_enabled = { "muc_meeting_id"; "muc_domain_mapper"; -- "token_verification"; "token_moderation"; } admins = { "focus@auth.mydomain.com" } muc_room_locking = false muc_room_default_public_jids = true

-- internal muc component `

ne018 commented 4 years ago

Note: if i put back to normal usin token_verification (default), the grant ownership works properly, but if u put back the token_moderation , the error still persist.

bryanasdev000 commented 4 years ago

Note: if i put back to normal usin token_verification (default), the grant ownership works properly, but if u put back the token_moderation , the error still persist.

Hi @ne018 !

As far as I remember you need both, since this plugin only checks the moderation field and does not check the token. That could be the problem.

Could you please send Prosody's log too?

Example of my server:

--- a lot of lines above
Component "conference.jitsi.domain.tld" "muc"
    storage = "memory"
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        "token_verification";
        "token_moderation";
        "presence_logger";
    }
    admins = { "focus@auth.jitsi.domain.tld" }
    muc_room_locking = false
    muc_room_default_public_jids = true
--- a lot of lines below
ne018 commented 4 years ago

even i put it both, the error still persist

mehtapax commented 4 years ago

did anyone found solution to this issue?

emrahcom commented 4 years ago

I sent a pull request for this issue

psi-4ward commented 4 years ago

https://github.com/nvonahsen/jitsi-token-moderation-plugin/pull/14/files#diff-13e6c67cc04b82a531e1a4a8e5508d0fR41

seems to work for me

emrahcom commented 4 years ago

Hello @psi-4ward,

I closed the pull-request because it causes false possitive "Granted owner" messages on the jicofo log. According to the log, someone seems to gain the moderator status but it's not...

psi-4ward commented 4 years ago

Thanks for your reply. Thats interesting and implies that there is no valid fix for the problem?

emrahcom commented 4 years ago

I checked the Jicofo log and it seems that the runtime exception is not harmful. It's not nice to see it on the logs but I think it's better than the false log.

psi-4ward commented 4 years ago

And there is no clean way to circumvent this "harmless" error.

emrahcom commented 4 years ago

I think I found the clean way. It's to disable completely the auto ownership for jicofo

/etc/jitsi/jicofo/sip-communicator.properties

org.jitsi.jicofo.DISABLE_AUTO_OWNER=true
nosmicek commented 4 years ago

Hi, i played with org.jitsi.jicofo.DISABLE_AUTO_OWNER=true when i was trying to solve this thread Grant Moderator with JWT verification and token moderation enabled not working.

Jicofo starts with auto_owning disabled (org.jitsi.jicofo.JitsiMeetGlobalConfig.log() Automatically grant 'owner' role: false), it might work to some extent, but i still see those errors in jicofo log, jicofo (focus user) is still trying to manage ownership for some reasons.

From my analysis of jicofo code, i think that it would need some jicofo modification here, to get rid of those errors in logs. But as you pointed out, it's just "cosmetic" log entry with no real meaning in this situation.

Or let's try another thing:

room.set_affiliation = function(room, actor, jid, affiliation, reason);
    if actor == "token_plugin" then
        return _set_affiliation(room, true, jid, affiliation, reason);
    elseif affiliation == "owner" then
        log('info', 'set_affiliation: room=%s, actor=%s, jid=%s, affiliation=%s, reason=%s', room, actor, jid, affiliation, reason);
        if string.match(tostring(actor), "focus@auth") then
           log('info', 'report set_affiliation to focus as ok');
           return true;
        else
            return _set_affiliation(room, actor, jid, affiliation, reason);
        end;
    else
        return _set_affiliation(room, actor, jid, affiliation, reason);
    end;
end;

Here we report to jicofo user, that affiliation went ok, no error log entries in jicofo. EDIT: The else part in if string.match here is our modification to allow users to grant moderator to other users in their session.

emrahcom commented 4 years ago

I prepared a similar module with a different approch:

New Prosody modules to control a tokenized room