jsxc / xmpp-cloud-auth Goto Github PK

View Code? Open in Web Editor NEW

60.0 15.0 18.0 474 KB

:key: Authentication hub for Nextcloud+JSXC→Prosody, ejabberd, saslauthd, Postfix

Home Page: https://www.jsxc.org

License: MIT License

Python 76.10% Shell 2.37% Lua 8.67% Perl 7.75% PHP 0.66% Makefile 4.44%

nextcloud prosody ejabberd external-auth xmpp-server xmpp-cloud saslauthd postfix

xmpp-cloud-auth's Introduction

JavaScript XMPP Client

Real-time chat app. This app requires an external XMPP server (openfire, ejabberd etc.).

😍 Features

JSXC provides the following features:

Federated real-time communication with XMPP
One-to-one conversation
Multi-user conversation
File transfer
Video calls
Internationalisation
Desktop notifications
End-to-end encrypted two-party communication
Responsive layout
Emoticons 💕
Multi-Tab
Screen sharing

You find a full list of features, supported protocols and browsers on our homepage.

📷 Screenshots

🚀 Installation

If you are looking for install instructions or developer notes, please check out our official documentation.

👏 Contribution

Contribution is greatly appreciated. Following a couple of ideas, how you can contribute:

Please note that this project is released with a Contributor Code of Conduct. By participating in this project, you agree to abide by its terms.

xmpp-cloud-auth's People

Contributors

Stargazers

Watchers

Forkers

enigmabridge idevwebs awakenedy wenzhuoz stevensedory circls gibberfishinc scurrvy2020 alec7 failure404 relder415 ediboko1980 mtchatplant7 doap inquattro renowncoder pinkbluersglobal blacs30

xmpp-cloud-auth's Issues

typo in wiki regarding dns srv records

https://github.com/jsxc/xmpp-cloud-auth/wiki/dns - wrong lines:

_xmpp-server.conference._tcp.example.org. SRV  10 1 5269 xmpp.example.org.
_xmpp-server.pubsub._tcp.example.org.     SRV  10 1 5269 xmpp.example.org.

corrected, it should look like this:

_xmpp-server._tcp.conference.example.org. SRV  10 1 5269 xmpp.example.org.
_xmpp-server._tcp.pubsub.example.org.     SRV  10 1 5269 xmpp.example.org.

First connection is broken

I installed xcauth on my server (as in #44) and I find that the first time I try to connect I get Unable to interpret data from auth process, [62 bytes] in my prosody logs:

socket                        debug	server.lua: accepted new client connection from 216.16.230.126:46026 to 5222
c2s1169710                    info	Client connected
c2s1169710                    debug	Client sent opening <stream:stream> to sunflowercollective.org
c2s1169710                    debug	Sent reply <stream:stream> to client
c2s1169710                    debug	Not offering authentication on insecure connection
c2s1169710                    debug	Received[c2s_unauthed]: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
socket                        debug	server.lua: we need to do tls, but delaying until send buffer empty
c2s1169710                    debug	TLS negotiation started for c2s_unauthed...
socket                        debug	server.lua: attempting to start tls on tcp{client}: 0x10fba08
socket                        debug	server.lua: ssl handshake done
c2s1169710                    debug	Client sent opening <stream:stream> to sunflowercollective.org
c2s1169710                    debug	Sent reply <stream:stream> to client
c2s1169710                    info	Stream encrypted (TLSv1.2 with ECDHE-RSA-AES256-GCM-SHA384)
c2s1169710                    debug	Received[c2s_unauthed]: <auth mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
sunflowercollective.org:auth_external  debug	Started auth process
sunflowercollective.org:auth_external  warn	Unable to interpret data from auth process, [62 bytes]
sunflowercollective.org:saslauth       debug	sasl reply: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/><text>Unable to authorize you with the authentication credentials you&apos;ve sent.</text></failure>
socket                                 debug	server.lua: client 216.16.230.126:46026 read error: closed
c2s1169710                             info	Client disconnected: closed
c2s1169710                             debug	Destroying session for (unknown) ((unknown)@sunflowercollective.org): closed
socket                                 debug	server.lua: closed client handler and removed socket from list

But if I sign in a second time immediately after I get

socket                                 debug	server.lua: accepted new client connection from 216.16.230.126:46046 to 5222
c2s127c340                             info	Client connected
c2s127c340                             debug	Client sent opening <stream:stream> to sunflowercollective.org
c2s127c340                             debug	Sent reply <stream:stream> to client
c2s127c340                             debug	Not offering authentication on insecure connection
c2s127c340                             debug	Received[c2s_unauthed]: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
socket                                 debug	server.lua: we need to do tls, but delaying until send buffer empty
c2s127c340                             debug	TLS negotiation started for c2s_unauthed...
socket                                 debug	server.lua: attempting to start tls on tcp{client}: 0x1278888
socket                                 debug	server.lua: ssl handshake done
c2s127c340                             debug	Client sent opening <stream:stream> to sunflowercollective.org
c2s127c340                             debug	Sent reply <stream:stream> to client
c2s127c340                             info	Stream encrypted (TLSv1.2 with ECDHE-RSA-AES256-GCM-SHA384)
c2s127c340                             debug	Received[c2s_unauthed]: <auth mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
c2s127c340                             info	Authenticated as [email protected]
sunflowercollective.org:saslauth       debug	sasl reply: <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>

I sniffed the conversation prosody is having with xcauth and all I see is

auth:kousu:sunflowercollective.org:*************************
1
auth:kousu:sunflowercollective.org:*************************
1

The first auth line fails, the second succeeds. I don't know what 62 bytes could refer to; it's also a consistent 62 bytes. Do you have a clue? Have you seen this?

Maybe this is actually a bug in mod_auth_external.

When changing the authentication mechanism of e.g. ejabberd from sql to extauth, SCRAM will be disabled. Some clients, notably Conversations, will refuse to connect afterwards, as they assume this is a downgrade attack iNPUTmice/Conversations#2498.

A (unfortunately) nontrivial solution would be to offer SCRAM support. (Requiring in-depth changes to ejabberd, Prosody, extauth, JSXC, and ownCloud/Nextcloud.)

(The current proposal is to delete the account in the Conversations app and then immediately add it again.)

Python error on testing external_cloud.py

Hey folks,
So I followed the instructions I thought to a 'T'

The nextcloud instance can talk the 'bosh'
'internal_plain' works to login

When I try to use this I am not able to login, on the client says not authorized, so I tried to run
./external_cloud.py -c /etc/external_cloud.conf -l /var/log/prosody/ -I <nextcloud user> <nextcloud domain>

2017-06-07 19:02:08,548 INFO: Start external auth script 0.2.0+ for prosody with endpoint: https://nextcloud.dev.glocal.coop/index.php/apps/ojsxc/ajax/externalApi.php
2017-06-07 19:02:08,572 INFO: Starting new HTTPS connection (1): nextcloud.dev.glocal.coop
Traceback (most recent call last):
  File "./external_cloud.py", line 262, in <module>
    success = is_user(ISUSER_TEST[0], ISUSER_TEST[1])
  File "./external_cloud.py", line 180, in is_user
    if is_user_cloud(username, server):
  File "./external_cloud.py", line 103, in is_user_cloud
    'domain':server
  File "./external_cloud.py", line 43, in send_request
    logging.warn('An error occured during the request: %s' % err)
TypeError: __str__ returned non-string (type Error)

Not sure where to start

No JSON object could be decoded

Hello, and thanks for the code !

When i try to log in to the tchat via nextcloud it fail and i got, in extauth.err :

   obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python2.7/json/decoder.py", line 382, in raw_decode
    raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
Traceback (most recent call last):
  File "/opt/ejabberd-cloud-auth/external_cloud.py", line 102, in <module>
    data = from_ejabberd()
  File "/opt/ejabberd-cloud-auth/external_cloud.py", line 18, in from_ejabberd
    (size,) = unpack('>h', input_length)
struct.error: unpack requires a string argument of length 2

Maybe my ejabberd.yml is wrong ?
extauth_program: "/opt/ejabberd-cloud-auth/external_cloud.py --url=https://cloud.lebib.org/ocs/v2.php/cloud/ --secret=********* "

Popup for new users to log-out and log in again for it to work?

It seems like a new user will not work on the first login, but after logging out and then in again it seems to work.

This is a bit confusing especially when testing. Maybe a pop-up message of some sort, or extending the no-connection text in the JSXC side-bar to try logging out and in again would help?

Mark as python2

This code is python2-only. Would you change the shebangs to "#!/usr/bin/python2"?

Prosody authentication problem: Password always wrong

@rev138 commented in #13:

JSXC v3.2.0-beta3
Nextcloud 12.0.0
Prosody

It seems auth script is not starting.
Testing with -A works.

xcauth.py is not killed when prosody shuts down

xcauth.py is not killed when prosody shuts down. There is an upstream fix of mod_auth_external which resolves the problem. I backported it along with other recent cosmetic changes.

diff --git a/prosody-modules/mod_auth_external.lua b/prosody-modules/mod_auth_external.lua
index dfcd9a8..9ed9fcc 100644
--- a/prosody-modules/mod_auth_external.lua
+++ b/prosody-modules/mod_auth_external.lua
@@ -34,7 +34,8 @@ else
 	log("info", "External auth with pty command %s", command);
 	pty_options = { throw_errors = false, no_local_echo = true, use_path = false };
 end
-assert(script_type == "ejabberd" or script_type == "generic", "Config error: external_auth_protocol must be 'ejabberd' or 'generic'");
+assert(script_type == "ejabberd" or script_type == "generic",
+	"Config error: external_auth_protocol must be 'ejabberd' or 'generic'");
 assert(not host:find(":"), "Invalid hostname");
 
 
@@ -52,6 +53,14 @@ for i = 1, auth_processes do
 	ptys[i] = lpty.new(pty_options);
 end
 
+function module.unload()
+	for i = 1, auth_processes do
+		ptys[i]:endproc();
+	end
+end
+
+module:hook_global("server-cleanup", module.unload);
+
 local curr_process = 0;
 function send_query(text)
 	curr_process = (curr_process%auth_processes)+1;
@@ -126,12 +135,12 @@ function do_query(kind, username, password)
 		(script_type == "generic" and response:gsub("\r?\n$", "") == "1") then
 			return true;
 	else
-		log("warn", "Unable to interpret data from auth process, %s", (response:match("^error:") and response) or ("["..#response.." bytes]"));
+		log("warn", "Unable to interpret data from auth process, %s",
+			(response:match("^error:") and response) or ("["..#response.." bytes]"));
 		return nil, "internal-server-error";
 	end
 end
 
-local host = module.host;
 local provider = {};
 
 function provider.test_password(username, password)
@@ -146,7 +155,9 @@ function provider.user_exists(username)
 	return do_query("isuser", username);
 end
 
-function provider.create_user(username, password) return nil, "Account creation/modification not available."; end
+function provider.create_user(username, password) -- luacheck: ignore 212
+	return nil, "Account creation/modification not available.";
+end
 
 function provider.get_sasl_handler()
 	local testpass_authentication_profile = {

root@nc:/opt/prosody-modules/mod_auth_external# hg log . -r 2827:2834
changeset:   2827:45380b77303d
user:        Kim Alvefur <[email protected]>
date:        Sat Nov 18 00:34:47 2017 +0100
summary:     mod_auth_external: Split long lines [luacheck]

changeset:   2828:3ba36b66f297
user:        Kim Alvefur <[email protected]>
date:        Sat Nov 18 00:35:36 2017 +0100
summary:     mod_auth_external: Remove duplicated local variable [luacheck]

changeset:   2829:8082bfc10e65
user:        Kim Alvefur <[email protected]>
date:        Sat Nov 18 00:36:22 2017 +0100
summary:     mod_auth_external: Silence warnings about unused arguments [luacheck]

changeset:   2830:92f6f82397c9
user:        Kim Alvefur <[email protected]>
date:        Sat Nov 18 00:37:42 2017 +0100
summary:     mod_auth_external: Shut down all auth processes when module is unloaded (fixes #674) (thanks ZNikke)

changeset:   2834:3fb5f173f213
user:        Kim Alvefur <[email protected]>
date:        Sat Nov 18 01:01:59 2017 +0100
summary:     mod_auth_external: Make sure processes are killed when Prosody shuts down

XMPP server (encryption setup problem)

Hello,
I can't setting up my xmpp server, I tried to ask for help in the forum of nextcloud but unsuccessfully.
sualko said i can ask the help here.

My xmpp server and my nextcloud is in the same machine.

I have a message :

So i use bind9 for my domain name.
My config :

My config apache :

my config prosody.cfg.lua :

@@ -26,6 +26,9 @@
 -- For more information see: http://prosody.im/doc/libevent
 --use_libevent = true;
 

+plugin_paths = { "/opt/xmpp-cloud-auth/prosody-modules" }

 -- This is the list of modules Prosody will load on startup.
 -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
 -- Documentation on modules can be found at: http://prosody.im/doc/modules
@@ -52,14 +55,14 @@
 		"time"; -- Let others know the time here on this server
 		"ping"; -- Replies to XMPP pings with pongs
 		"pep"; -- Enables users to publish their mood, activity, playing music and more
		"register"; -- Allow users to register on this server using a client and change passwords
+		-- "register"; -- Allow users to register on this server using a client and change passwords
 
 	-- Admin interfaces
 		"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
 		--"admin_telnet"; -- Opens telnet console interface on localhost port 5582
 	
 	-- HTTP modules
-		--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
		"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
 		--"http_files"; -- Serve static files from a directory over HTTP
 
 	-- Other specific functionality
@@ -80,6 +83,8 @@
 	-- "s2s"; -- Handle server-to-server connections
 };
 
cross_domain_bosh = true;

 -- Disable account creation by default, for security
 -- For more information see http://prosody.im/doc/creating_accounts
 allow_registration = false;
@@ -98,14 +103,14 @@
 -- These are the SSL/TLS-related settings. If you don't want
 -- to use SSL/TLS, you may comment or remove this
 ssl = {

+	key = "/etc/letsencrypt/live/example.org/privkey.pem";
+	certificate = "/etc/letsencrypt/live/example.org/fullchain.pem";
 }
 
 -- Force clients to use encrypted connections? This option will
 -- prevent clients from authenticating unless they are using encryption.
 

c2s_require_encryption = true
 
 -- Force certificate authentication for server-to-server connections?
 -- This provides ideal security, but requires servers you communicate
@@ -113,7 +118,7 @@
 -- NOTE: Your version of LuaSec must support certificate verification!
 -- For more information see http://prosody.im/doc/s2s#security
 

s2s_secure_auth = true
 
 -- Many servers don't support encryption or have invalid or self-signed
 -- certificates. You can list domains here that will not be required to
@@ -133,7 +138,8 @@
 -- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed
 -- for information about using the hashed backend.
 

authentication = "external"

 -- Select the storage backend to use. By default Prosody uses flat files
 -- in its configured data directory, but it also supports more backends
@@ -166,17 +172,12 @@
 -- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
 -- Settings under each VirtualHost entry apply *only* to that host.

+VirtualHost "projet.tut"
 
 	-- Assign this host a certificate for TLS, otherwise it would use the one
 	-- set in the global section (if any).
 	-- Note that old-style SSL on port 5223 only supports one certificate, and will always
 	-- use the global one.
-	ssl = {
-		key = "/etc/prosody/certs/example.com.key";
-		certificate = "/etc/prosody/certs/example.com.crt";
-	}
 
 ------ Components ------
 -- You can specify components to add hosts that provide special services,

I have question..
I need https ? i need ssl ?

+	key = "/etc/letsencrypt/live/example.org/privkey.pem";
+	certificate = "/etc/letsencrypt/live/example.org/fullchain.pem";

it's important ?

i'm beginner in the xmpp server... sorry.

Step 1 : Installing the software : OK
Step 2 : Setting up DNS entries : OK
Step 3 : Setting up Apache with a Let’s Encrypt certificate : Apache ok, but Let’s encrypt don't setting up
Step 4 : Prosody : Not okay… I tried to modify the file " / etc. / prosody / prosody.cfg.lua

Thanks for your answer

Install on FreeBSD?

I'm trying to get ejabberd and xmpp-cloud-auth up and running on FreeBSD but the install.sh is not setup for FreeBSD. Any plans for FreeBSD installs?

Prosody's ejabberd mode is not working

https://prosody.im/issues/issue/842

Arch install instructions

Here's what I had to do to get this running on a current Arch, with prosody for the server:

(nb #43 = #43)

mkdir /opt
cd /opt/
git clone --depth 1 https://github.com/jsxc/xmpp-cloud-auth
vim xmpp-cloud-auth/xcauth.py # -> change shebang to say "python2" as noted in #43
cat xmpp-cloud-auth/install.sh 
useradd -c "XMPP Cloud Authentication" -d /var/cache/xcauth -m -r -s /usr/bin/nologin xcauth
mkdir -p /var/{log,lib,cache}/xcauth
chmod 770 /var/{log,lib,cache}/xcauth
chown xcauth:xcauth /var/{log,lib,cache}/xcauth
usermod -a -G xcauth prosody 

cd /usr/lib/prosody
hg clone https://hg.prosody.im/prosody-modules/ community-modules
vi /etc/prosody/prosody.cfg.lua # -> set plugin_paths = {"/usr/lib/prosody/community-modules"} and add "auth_external" to modules {}
sudo pacman -S luarocks5.1
luarocks-5.1 install lpty

vi /etc/prosody/prosody.cfg.lua # -> add authentication = "external"; external_auth_command = "/opt/xmpp-cloud-auth/xcauth.py"

You can test if things are working with

sudo -u prosody /opt/xmpp-cloud-auth/xcauth.py

Omemo message from android conversations to Nextcloud JSXC, not supported? or if so how do I enable it.

I setup my ejabberd server to properly work with Omemo and Conversations for android.

I have Nextcloud JSXC external auth working, but not with OMEMO encryption on
Nextcloud chat receives a message that looks like this:

I sent you an OMEMO encrypted message but your client doesn’t seem to support that. Find more information on https://conversations.im/omemo

Any help or information is appreciated.

xcauth.py tests correct but when try login from nextcloud - can't.

As on the Topic.

What I noticed, i run prosody in console mode and it show me:

socket                                    debug server.lua: auto-starting ssl negotiation...
socket                                    debug server.lua: attempting to start tls on tcp{client}: 0x15fab68
socket                                    debug server.lua: accepted new client connection from 172.17.238.1:44740 to 5281
socket                                    debug server.lua: ssl handshake done
mod_bosh                                  debug Handling new request table: 0x160a1d0: <body xml:lang='en' xmpp:version='1.0' xmlns='http://jabber.org/protocol/httpbind' content='text/xml; charset=utf-8' to='mydomain.com' ver='1.6' rid='3480731015' wait='60' hold='1' xmlns:xmpp='urn:xmpp:xbosh'/>
----------
mod_bosh                                  debug BOSH body open (sid: <none>)
mod_bosh                                  debug BOSH client tried to connect to unknown host: mydomain.com
mod_bosh                                  debug Request destroyed: table: 0x1606a30
socket                                    debug server.lua: closed client handler and removed socket from list

I did everything step by step using this tutorial: https://github.com/jsxc/xmpp-cloud-auth/wiki

I really don't know what i'm doing wrong ....
In my opinion maybe this url is wrong? "http://jabber.org/protocol/httpbind"
shouldn't be https://mydomain.com/http-bind ??
But i added this url in prosody config ...

Thank you for help!!

P.S.
when i start prosody i got:

 * Starting Prosody XMPP Server prosody                                                                                                        general             info        Hello and welcome to Prosody version 0.9.1
general             info        Prosody is using the select backend for connection handling
hostmanager         debug       Activated host: mydomain.com
mydomain.com:auth_external  info External auth with pty command /usr/lib/prosody-modules/xmpp-cloud-auth/xcauth.py
usermanager                        debug        host 'mydomain.com' now set to use user provider 'external'
portmanager                        debug        No active service for http, activating...
socket                             warn server.lua, [::]:5280: Address family not supported by protocol
portmanager                        error        Failed to open server port 5280 on ::, Address family not supported by protocol
socket                             debug        server.lua: new server listener on '[*]:5280'
portmanager                        debug        Added listening service http to [*]:5280
portmanager                        info Activated service 'http' on [*]:5280
portmanager                        debug        No active service for https, activating...
socket                             warn server.lua, [::]:5281: Address family not supported by protocol
portmanager                        error        Failed to open server port 5281 on ::, Address family not supported by protocol
socket                             debug        server.lua: new ssl server listener on '[*]:5281'
portmanager                        debug        Added listening service https to [*]:5281
portmanager                        info Activated service 'https' on [*]:5281
portmanager                        debug        No active service for s2s, activating...
socket                             warn server.lua, [::]:5269: Address family not supported by protocol
portmanager                        error        Failed to open server port 5269 on ::, Address family not supported by protocol
socket                             debug        server.lua: new server listener on '[*]:5269'
portmanager                        debug        Added listening service s2s to [*]:5269
portmanager                        info Activated service 's2s' on [*]:5269
portmanager                        debug        No active service for c2s, activating...
socket                             warn server.lua, [::]:5222: Address family not supported by protocol
portmanager                        error        Failed to open server port 5222 on ::, Address family not supported by protocol
socket                             debug        server.lua: new server listener on '[*]:5222'
portmanager                        debug        Added listening service c2s to [*]:5222
portmanager                        info Activated service 'c2s' on [*]:5222
portmanager                        debug        No active service for legacy_ssl, activating...
portmanager                        info Activated service 'legacy_ssl' on no ports

SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2018-01-02 19:27:11,784 WARNING: An error occured during the request to https://xxxxxxxxxx/apps/ojsxc/ajax/externalApi.php for domain xxxxxxxxxx: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

How to not verify certificate ?

Greetings.

when non-ascii based user cames with 'bad' ideas about securing their passwords..

bellow is a result from xcauth.py --auth-test with made up password containing few central-european characters and its output

user@machine:~$ sudo -u ejabberd /opt/xmpp-cloud-auth/xcauth.py \
--auth-test 'nonasciiuser' 'example.com' 'ÜTýEfPássword'
2018-06-14 15:50:17,134 DEBUG: Start external auth script 1.0.0+ for ejabberd with endpoint: https://machine.example.com/index.php/apps/ojsxc/ajax/externalApi.php
2018-06-14 15:50:17,135 DEBUG: Could not decode token (maybe not a token?)
Traceback (most recent call last):
  File "/opt/xmpp-cloud-auth/xcauth.py", line 14, in <module>
    perform(args)
  File "/opt/xmpp-cloud-auth/xclib/authops.py", line 68, in perform
    success = sc.auth()
  File "/opt/xmpp-cloud-auth/xclib/auth.py", line 120, in auth
    r = self.auth_cloud()
  File "/opt/xmpp-cloud-auth/xclib/auth.py", line 51, in auth_cloud
    'password': self.password
  File "/opt/xmpp-cloud-auth/xclib/sigcloud.py", line 29, in cloud_request
    success, code, message, text = self.verbose_cloud_request(data)
  File "/opt/xmpp-cloud-auth/xclib/sigcloud.py", line 49, in verbose_cloud_request
    payload = utf8(urllib.parse.urlencode(data))
  File "/usr/lib/python3.5/urllib/parse.py", line 800, in urlencode
    v = quote_via(str(v), safe, encoding, errors)
  File "/usr/lib/python3.5/urllib/parse.py", line 723, in quote_plus
    return quote(string, safe, encoding, errors)
  File "/usr/lib/python3.5/urllib/parse.py", line 706, in quote
    string = string.encode(encoding, errors)
UnicodeEncodeError: 'utf-8' codec can't encode character '\udcc3' in position 0: surrogates not allowed

Prosody authentication: "Unable to interpret data from auth process, [xx bytes]"

This was experienced by @Carpintonto on Ubuntu 16.04.2 LTS:

Prosody log /var/log/prosody/prosody.log shows messages akin to:

example.com:auth_external warn Unable to interpret data from auth process, [41 bytes]

Not working with Prosody and Nextcloud

Hi, I try (and so far: failed) to setup JSXC Nextcloud plugin on a Nextcloud 10 instance with an external Prosody XMPP server.

My guess is that for some reason Prosody doesn't run external_auth_command, but I'm not sure.

The system is Debian 9 Stretch with Prosody 0.9.12, Nextcloud 10 and latest OJSXC 3.2.0-beta.1
mod_auth_external is enabled in the Prosody config (tried both the latest version from Prosody Modules and the one from your repo)
xmpp-cloud-auth is cloned to /opt/jsxc/xmpp-cloud-auth and external_cloud.py made executable (chmod +x)
Prosody is configured according to the README:

modules_enabled = {
               [...]
               "bosh";
               "auth_external";
};
[...]
authentication = "external"
external_auth_command = "/opt/jsxc/xmpp-cloud-auth/external_cloud.py -t prosody -u https://cloud.domain.tld/index.php/apps/ojsxc/ajax/externalApi.php -s ****** -l /var/log/prosody"

Apache Proxy for /http-bind/ is configured and works
The settings in OJSXC App are as follows (settings with empty values stripped down):

       "ojsxc": {
            "apiSecret": "******",
            "boshUrl": "/http-bind/",
            "enabled": "yes",
            "installed_version": "3.2.0-beta.1",
            "ocsid": "162257",
            "serverType": "external",
            "timeLimitedToken": "false",
            "types": "prelogin",
            "xmppDomain": "cloud.domain.tld",
            "xmppOverwrite": "false",
            "xmppPreferMail": "false",
            "xmppResource": "",
            "xmppStartMinimized": "false"
        },

When I try to login to Nextcloud, the login takes forever and in prosody.log I see the following log messages:

Apr 05 20:52:47 socket	debug	server.lua: accepted new client connection from 127.0.0.1:45304 to 5280
Apr 05 20:52:47 http.server	debug	Firing event: POST cloud.domain.tld/http-bind/
Apr 05 20:52:47 mod_bosh	debug	Handling new request table: 0x55ad71c75fd0: <body rid='3419421983' xmlns='http://jabber.org/protocol/httpbind' to='cloud.domain.tld' xml:lang='en' wait='60' hold='1' content='text/xml; charset=utf-8' ver='1.6' xmpp:version='1.0' xmlns:xmpp='urn:xmpp:xbosh'/>
----------
Apr 05 20:52:47 mod_bosh	debug	BOSH body open (sid: <none>)
Apr 05 20:52:47 bosh7434778b-8b67-481d-9da1-f1edc1af4baa	debug	BOSH session created for request from *.*.*.*
Apr 05 20:52:47 mod_bosh	info	New BOSH session, assigned it sid '7434778b-8b67-481d-9da1-f1edc1af4baa'
Apr 05 20:52:47 mod_bosh	debug	We have an open request, so sending on that
Apr 05 20:52:47 mod_bosh	debug	Request destroyed: table: 0x55ad71c7ba10
Apr 05 20:52:47 bosh7434778b-8b67-481d-9da1-f1edc1af4baa	debug	BOSH session marked as inactive (for 60s)
Apr 05 20:52:47 mod_bosh	debug	Session 7434778b-8b67-481d-9da1-f1edc1af4baa has 0 out of 1 requests open
Apr 05 20:52:47 mod_bosh	debug	and there are 0 things in the send_buffer:
Apr 05 20:52:47 http.server	debug	Firing event: POST cloud.domain.tld/http-bind/
Apr 05 20:52:47 mod_bosh	debug	Handling new request table: 0x55ad71c180c0: <body rid='3419421984' xmlns='http://jabber.org/protocol/httpbind' sid='7434778b-8b67-481d-9da1-f1edc1af4baa'/>
----------
Apr 05 20:52:47 mod_bosh	debug	BOSH body open (sid: 7434778b-8b67-481d-9da1-f1edc1af4baa)
Apr 05 20:52:47 mod_bosh	debug	Session 7434778b-8b67-481d-9da1-f1edc1af4baa has 1 out of 1 requests open
Apr 05 20:52:47 mod_bosh	debug	and there are 0 things in the send_buffer:
Apr 05 20:52:47 mod_bosh	debug	Have nothing to say, so leaving request unanswered for now

and then ~1 minute later:

Apr 05 20:53:00 boshe842c651-fa5d-4d0b-a356-04ba6065d405	debug	BOSH client inactive too long, destroying session at 1491418380
Apr 05 20:53:00 boshe842c651-fa5d-4d0b-a356-04ba6065d405	debug	Destroying session for (unknown) ((unknown)@cloud.domain.tld): BOSH client silent for over 60 seconds
Apr 05 20:53:35 mod_bosh	debug	table: 0x55ad71dd0db0 was soon to timeout (at 1491418418, now 1491418418), sending empty response
Apr 05 20:53:35 mod_bosh	debug	We have an open request, so sending on that
Apr 05 20:53:35 mod_bosh	debug	Request destroyed: table: 0x55ad71dd0db0
Apr 05 20:53:35 bosh0dbbb355-7c98-4b94-a58e-7d99d2861aab	debug	BOSH session marked as inactive (for 60s)
Apr 05 20:53:44 mod_bosh	debug	table: 0x55ad71bd2c50 was soon to timeout (at 1491418427, now 1491418427), sending empty response
Apr 05 20:53:44 mod_bosh	debug	We have an open request, so sending on that
Apr 05 20:53:44 mod_bosh	debug	Request destroyed: table: 0x55ad71bd2c50
Apr 05 20:53:44 bosh7434778b-8b67-481d-9da1-f1edc1af4baa	debug	BOSH session marked as inactive (for 60s)
Apr 05 20:53:44 http.server	debug	Firing event: POST cloud.domain.tld/http-bind/
Apr 05 20:53:44 mod_bosh	debug	Handling new request table: 0x55ad71c48d00: <body rid='3419421985' xmlns='http://jabber.org/protocol/httpbind' sid='7434778b-8b67-481d-9da1-f1edc1af4baa'/>
----------
Apr 05 20:53:44 mod_bosh	debug	BOSH body open (sid: 7434778b-8b67-481d-9da1-f1edc1af4baa)
Apr 05 20:53:44 mod_bosh	debug	Session 7434778b-8b67-481d-9da1-f1edc1af4baa has 1 out of 1 requests open
Apr 05 20:53:44 mod_bosh	debug	and there are 0 things in the send_buffer:
Apr 05 20:53:44 mod_bosh	debug	Have nothing to say, so leaving request unanswered for now

Do you have an idea what's going wrong here? The same setup with internal XMPP server from the App works great but now with an external Prosody XMPP server (running on the same host) obviously something's wrong.

Thanks for the work on JSXC by the way, it's a great peace of software!

New users can't add contacts

from jsxc/jsxc#506 @wargreen

Hi,
with 3.2.0 beta in nextcloud, new users can't add any contacts.
The extauth.log file show "2017-04-06 16:28:54,639 INFO: Receive operation isuser" at each try, but nothing more happen in any logs.

Old users can add theses users and tchat.

Cannot authenticate users on prosody

After a couple of retries i have managed to get the BOSH Server running over SSL.

When I want to Authenticate my nextcloud users, which are authenticated over LDAP and are in the following format "user@domain", I get a couple of Errors:

Jul 18 15:36:57 domain.ch:auth_external warn Auth process exited unexpectedly with exit 1, restarting
Jul 18 15:36:57 domain.ch:auth_external warn Error while waiting for result from auth process: unknown error
Jul 18 15:36:57 c2s247fe20 info c2s stream for <172.20.4.17> closed: session closed
Jul 18 15:36:57 c2s247fe20 info Client disconnected: connection closed

Also what I have seen is, that the installation guide has not been adjusted to the most recent version of xmpp-cloud-auth.

A local test using xcauth.py gives me the following error:
./xcauth.py -t prosody -A 'user' 'domain.ch' 'UserPassword

2017-07-18 16:04:58,498 DEBUG: Start external auth script 0.9.0+ for prosody with endpoint: https://domain.ch/index.php/apps/ojsxc/ajax/externalApi.php
2017-07-18 16:04:58,501 DEBUG: Token is too short: 7 != 23 (maybe not a token?)
2017-07-18 16:04:58,507 INFO: Starting new HTTPS connection (1): domain.ch
2017-07-18 16:04:58,587 DEBUG: "POST /index.php/apps/ojsxc/ajax/externalApi.php HTTP/1.1" 500 61
2017-07-18 16:04:58,594 INFO: UNREACHABLE: Cache says password for [email protected] is False
False

I am Using nextcloud 12.0 on an ubuntu 16.04.

When you need some more informations, I can gladly server them to you.

Thank you!

Mention somewhere that it depends on lua-lpty

When trying to get this to run using prosody 0.10 with postgres backend (confirmed working with internal user from JSXC Nextcloud) and the new tutorial (which by the way doesn't mention the execution permissions for external_cloud.py so that the prosody user can run it).

One of the things that came up is that there was an error in the log about "lua-lpty" missing. After installing it on my Ubuntu 16.04 VPS where the Prosody server runs (different from the Nextcloud server), I can again log into the Nextcloud instance with the chat enabled.

Prosody does not allow script arguments

Until https://prosody.im/issues/issue/841 is fixed, https://github.com/jsxc/ejabberd-cloud-auth/blob/master/prosody-modules/mod_auth_external.lua can be used.

can't login to chat on nextcloud

Hello!

I am trying to set up an external prosody xmpp server setup (on the same machine)
I can't seem to login through nextcloud, although I can login to the xmpp server directly just fine.
The log from the browser seems to tell what is going on,

      Content Security Policy: Ignoring duplicate source 'unsafe-inline'  (unknown)
      Content Security Policy: Couldn’t parse invalid host 'unsafe-inline'  (unknown)
      Content Security Policy: Directive ‘frame-src’ has been deprecated. Please use directive ‘child-src’ instead.  (unknown)
      JQMIGRATE: Migrate is installed, version 1.4.0  core.js:7:542
      State changed to INITIATING  jsxc.js:183:10
      State changed to SUSPEND  jsxc.js:183:10
      [WARN] Unable to create user prefix jsxc.js:183:10
      [WARN] Unable to create user prefix jsxc.js:183:10
      State changed to ESTABLISHING  jsxc.js:183:10
      New connection  jsxc.js:183:10
      CONNECTING: null  jsxc.js:183:10
      close dialog

Any help would be appreciated!

Compatibility with OpenOTP Two Factor Authentication?

I'm experimenting with Prosody and after setting everything up it appears to work, I have lines like this in the /var/log/prosody/prosody.log file:

May 31 11:09:40 mod_bosh        info    New BOSH session, assigned it sid 'XXX'

However it appears that I can only login to Nextcloud after disabling the OpenOTP Two Factor Authentication app via occ app:disable twofactor_totp — is JavaScript XMPP Chat incompatible with OpenOTP Two Factor Authentication?

Sometimes fails to authenticate (OJSXC, Nextcloud, Prosody, xmpp-cloud-auth)

Sometimes the authentication fails. My impression is that this happens when this particular user didn't login for several minutes/hours. If I logout+login immediately, the authentication against Prosody succeeds. The relevant log from prosody.log is:

Apr 07 10:37:19 mod_bosh	debug	BOSH body open (sid: e4332ffc-e8ab-4fd3-ae75-2f008ffa9e16)
Apr 07 10:37:19 mod_bosh	debug	BOSH stanza received: <auth mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>

Apr 07 10:37:19 boshe4332ffc-e8ab-4fd3-ae75-2f008ffa9e16	debug	Received[c2s_unauthed]: <auth mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
Apr 07 10:37:19 cloud.example.org:auth_external	debug	Sent 44 bytes
Apr 07 10:37:19 cloud.example.org:auth_external	warn	Unable to interpret data from auth process, [2 bytes]
Apr 07 10:37:19 cloud.example.org:auth_external	warn	Unable to interpret data from auth process, [2 bytes]
Apr 07 10:37:19 cloud.example.org:saslauth	debug	sasl reply: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/><text>Unable to authorize you with the authentication credentials you&apos;ve sent.</text></failure>
Apr 07 10:37:19 mod_bosh	debug	We have an open request, so sending on that
Apr 07 10:37:19 mod_bosh	debug	Request destroyed: table: 0x561dda266780
Apr 07 10:37:19 boshe4332ffc-e8ab-4fd3-ae75-2f008ffa9e16	debug	BOSH session marked as inactive (for 60s)
Apr 07 10:37:19 mod_bosh	debug	Session e4332ffc-e8ab-4fd3-ae75-2f008ffa9e16 has 0 out of 1 requests open
Apr 07 10:37:19 mod_bosh	debug	and there are 0 things in the send_buffer:

extauth.log says:

2017-04-07 10:37:19,808 INFO: Receive operation auth
2017-04-07 10:37:19,809 DEBUG: Token is too short
2017-04-07 10:37:19,810 DEBUG: Starting new HTTPS connection (1): cloud.example.org
2017-04-07 10:37:19,941 DEBUG: https://cloud.example.org:443 "POST /index.php/apps/ojsxc/ajax/externalApi.php HTTP/1.1" 200 48
2017-04-07 10:37:19,944 INFO: Cloud says this password is valid

Working configs for Nextcloud user@domain accounts?

I'm using v3.2.0-beta3 with NC 12.0.0 and prosody. Following the README precisely, this does not work for me, nor do I get any useful error messages. It doesn't look like the auth script is starting.

Can someone with working config please provide their complete prosody.cfg.lua and nextcloud admin settings?

Thanks

Groups buddies not shown, ejabberdctl returned non-zero exit status 1

Hi,
When logging in nextcloud with an user, the group's buddies isn't shown in the roster.
In the xcauth.log i get :

017-12-10 19:23:26,729 DEBUG: Receive operation auth
2017-12-10 19:23:26,730 DEBUG: Token is too short: 10 != 23 (maybe not a token?)
2017-12-10 19:23:26,732 DEBUG: Resetting dropped connection: cloud.lebib.org
2017-12-10 19:23:30,653 DEBUG: https://cloud.lebib.org:443 "POST /apps/ojsxc/ajax/externalApi.php HTTP/1.1" 200 43
2017-12-10 19:23:30,654 INFO: SUCCESS: Cloud says password for test2@localhost is valid
2017-12-10 19:23:31,188 DEBUG: https://cloud.lebib.org:443 "POST /apps/ojsxc/ajax/externalApi.php HTTP/1.1" 200 173
2017-12-10 19:23:31,190 DEBUG: roster_thread for {u'test': {u'name': u'test', u'groups': [u'test']}, u'test3': {u'name': u'test3', u'groups': [u'test']}, u'test2': {u'name': u'test2', u'groups': [u'test']}}
2017-12-10 19:23:31,190 DEBUG: /usr/sbin/ejabberdctl['srg_create', 'test', 'localhost', 'test', 'test', 'test']
2017-12-10 19:23:31,631 WARNING: ejabberdctl /usr/sbin/ejabberdctl['srg_create', 'test', 'localhost', 'test', 'test', 'test'] failed with Command '['/usr/sbin/ejabberdctl', 'srg_create', 'test', 'localhost', 'test', 'test', 'test']' returned non-zero exit status 1
2017-12-10 19:23:31,632 DEBUG: /usr/sbin/ejabberdctl['srg_get_members', 'test', 'localhost']
2017-12-10 19:23:32,038 WARNING: ejabberdctl /usr/sbin/ejabberdctl['srg_get_members', 'test', 'localhost'] failed with Command '['/usr/sbin/ejabberdctl', 'srg_get_members', 'test', 'localhost']' returned non-zero exit status 1
2017-12-10 19:23:39,015 DEBUG: Receive operation isuser
2017-12-10 19:23:39,018 DEBUG: Resetting dropped connection: cloud.lebib.org
2017-12-10 19:23:39,154 DEBUG: https://cloud.lebib.org:443 "POST /apps/ojsxc/ajax/externalApi.php HTTP/1.1" 200 43
2017-12-10 19:23:39,155 INFO: Cloud says user test2@localhost exists

Nothing in ejabberd.log, even with loglevel: 5.

Fail to add contacts (OJSXC, Nextcloud, Prosody, xmpp-cloud-auth)

Hi,

I'm following up on the latest problem I described in #6 (comment).

After setting up Prosody with xmpp-cloud-auth and switching from the internal XMPP server to the external Prosody in OJSXC, the contact list of OJSXC is empty and I fail to add new contacts to it.

When trying to add a new contact, the auto-completion works: after inserting at least one character, I get a list of all contacts that match it for selection. So reading in the list of contacts seems to work. But when I submit by pressing 'Hinzufügen' ('add contact'), nothing happens. The formular closes, but no contact is actually added to the contact list.

The relevant logs are attached below.

prosody.log:

Apr 07 10:19:29 http.server	debug	Firing event: POST cloud.example.org/http-bind/
Apr 07 10:19:29 mod_bosh	debug	Handling new request table: 0x561dda3f4f40: <body rid='1264566821' xmlns='http://jabber.org/protocol/httpbind' sid='d71eb9fd-dbd1-4a8f-8b99-655630cbbaca'><iq type='set' xmlns='jabber:client' id='d1ef7c12-716d-443a-8b65-72ae777d7a6d:sendIQ'><query xmlns='jabber:iq:roster'><item jid='[email protected]' name='test_user'/></query></iq><presence to='[email protected]' type='subscribe' xmlns='jabber:client'/></body>
----------
Apr 07 10:19:29 mod_bosh	debug	BOSH body open (sid: d71eb9fd-dbd1-4a8f-8b99-655630cbbaca)
Apr 07 10:19:29 mod_bosh	debug	BOSH stanza received: <iq id='d1ef7c12-716d-443a-8b65-72ae777d7a6d:sendIQ' type='set'>

Apr 07 10:19:29 boshd71eb9fd-dbd1-4a8f-8b99-655630cbbaca	debug	Received[c2s]: <iq id='d1ef7c12-716d-443a-8b65-72ae777d7a6d:sendIQ' type='set'>
Apr 07 10:19:29 cloud.example.org:auth_external	debug	Sent 32 bytes
Apr 07 10:19:29 rostermanager	debug	not saving roster for [email protected]: the user doesn't exist
Apr 07 10:19:29 mod_bosh	debug	BOSH stanza received: <presence to='[email protected]' type='subscribe'>

Apr 07 10:19:29 boshd71eb9fd-dbd1-4a8f-8b99-655630cbbaca	debug	Received[c2s]: <presence to='[email protected]' type='subscribe'>
Apr 07 10:19:29 cloud.example.org:presence	debug	outbound presence subscribe from [email protected] for [email protected]
Apr 07 10:19:29 rostermanager	debug	load_roster: asked for: [email protected]
Apr 07 10:19:29 cloud.example.org:presence	debug	inbound presence subscribe from [email protected] for [email protected]
Apr 07 10:19:29 rostermanager	debug	load_roster: asked for: [email protected]
Apr 07 10:19:29 rostermanager	debug	load_roster: loading for offline user: [email protected]
Apr 07 10:19:29 rostermanager	debug	load_roster: asked for: [email protected]
Apr 07 10:19:29 rostermanager	debug	load_roster: loading for offline user: [email protected]
Apr 07 10:19:29 cloud.example.org:auth_external	debug	Sent 37 bytes
Apr 07 10:19:29 rostermanager	debug	not saving roster for [email protected]: the user doesn't exist
Apr 07 10:19:29 mod_bosh	debug	We have an open request, so sending on that

Apr 07 10:19:29 mod_bosh	debug	Request destroyed: table: 0x561dda25f1c0
Apr 07 10:19:29 mod_bosh	debug	Session d71eb9fd-dbd1-4a8f-8b99-655630cbbaca has 1 out of 1 requests open
Apr 07 10:19:29 mod_bosh	debug	and there are 0 things in the send_buffer:
Apr 07 10:19:29 mod_bosh	debug	Have nothing to say, so leaving request unanswered for now

And extauth.log:

2017-04-07 10:19:29,027 INFO: Receive operation isuser
2017-04-07 10:19:29,027 INFO: Receive operation isuser

Apparently Prosody doesn't know about the users even though the auth_external_command successfully verifies that the user exists:

Apr 07 10:19:29 rostermanager	debug	not saving roster for [email protected]: the user doesn't exist
[...]
Apr 07 10:19:29 rostermanager	debug	not saving roster for [email protected]: the user doesn't exist

Kind regards,
jonas

Prosody authentication: Apache SSL Proxy problem

@marxistvegan commented in #13:

Has user@domain accounts
Can successfully test for a user with -I user domain
Cannot authenticate with -A user domain password
Has fixed the expired certificate from #17

Would it be possible to get access to that instance? (API secret, Nextcloud account, maybe even shell? By mail to [email protected]; PGP accepted)

xcdbm.py and KEY/VALUE with multiple Domains

Hello,

I want to use more then one cloud instance and more domains.

./xcdbm.py -c /etc/xcauth.conf -b /var/lib/xcauth/dynamic-domains.db -u nextexturl -s secrettoken -P
KEY VALUE
Whats KEY and VALUE and how to use it with prosody?

(With -G KEY I can view the VALUE)

With one domain and instance, without /var/lib/xcauth/dynamic-domains.db it works nice.
How to setup, more then one domain/instances?

When I set any KEY and VALUE, I get this error:
Could not authenticate user [email protected]: noauth

Thanks, 4 help,
bsfd80

/etc/xcauth.conf

type=prosody
secret=secrettoken1
url=externalapiurl1
timeout=5
domain-db=/var/lib/xcauth/dynamic-domains.db
log=/var/log/xcauth
cache-query-ttl=4h
cache-verification-ttl=1d
cache-unreachable-ttl=1w
#debug

can't auth new users

All work well with my user, but with a new test user :

ejabberd.log

2017-04-06 15:35:37.845 [error] <0.580.0>@extauth:loop:130 extauth call '[<<"auth">>,<<"test1">>,<<"localhost">>,<<"*********">>]' didn't receive response
2017-04-06 15:35:37.846 [info] <0.579.0>@ejabberd_c2s:wait_for_feature_request:757 ({socket_state,ejabberd_http_bind,{http_bind,<0.578.0>,{{0,0,0,0,0,0,0,1},53071}},ejabberd_http_bind}) Failed authentication for test1@localhost from IP ::1
2017-04-06 15:35:55.923 [info] <0.578.0>@ejabberd_http_bind:handle_info:519 Session timeout. Closing the HTTP bind session: <<"41aed1083f062fa504764bc7c8b07ef9372b6212">>

extauth.err

TraceTraceback (most recent call last):
  File "/opt/xmpp-cloud-auth/external_cloud.py", line 176, in <module>
    success = auth(data[1], data[2], data[3])
  File "/opt/xmpp-cloud-auth/external_cloud.py", line 113, in auth
    if verify_token(username, server, password):
  File "/opt/xmpp-cloud-auth/external_cloud.py", line 23, in verify_token
    token = b64decode(password.translate(usersafe_encoding) + "=======")
  File "/usr/lib/python2.7/base64.py", line 78, in b64decode
    raise TypeError(msg)
TypeError: Incorrect paddingback (most recent call last):
  File "/opt/xmpp-cloud-auth/external_cloud.py", line 176, in <module>
    success = auth(data[1], data[2], data[3])
  File "/opt/xmpp-cloud-auth/external_cloud.py", line 113, in auth
    if verify_token(username, server, password):
  File "/opt/xmpp-cloud-auth/external_cloud.py", line 23, in verify_token
    token = b64decode(password.translate(usersafe_encoding) + "=======")
  File "/usr/lib/python2.7/base64.py", line 78, in b64decode
    raise TypeError(msg)
TypeError: Incorrect padding

Feature Request: Check app passwords

I have xmpp-cloud-auth successfully running on my nextcloud 12 install. I use the 2FA plugins, and I sync my apps with app passwords.

I would like this plugin to check app passwords as well for login. This is a great security feature, and right now, as it is setup, not only do App passwords not work, this plugin by-passes 2FA security present on nextcloud.

What I would like to see:

If 2FA is activated

Don't check main password(Unless 2FA, or OAUTH is somehow supported)
Check app passwords.

The authentication stopped working out of the blue

Hello,

About a month ago I managed to set up Nexcloud JSXC to work with a local Prosody server. However, since two days ago authentication started failing for some users (just after the latest update of the JSXC app in Nextcloud). Since yesterday, though, neither the Nextcloud app nor external clients can authenticate anymore. From the Prosody logs, it looks like mod_auth_external.lua is the problem. I have attached Prosody log form a failed authentication attempt

Aug 30 10:13:24 socket  debug   server.lua: auto-starting ssl negotiation...
Aug 30 10:13:24 socket  debug   server.lua: attempting to start tls on tcp{client}: 0x27c3288
Aug 30 10:13:24 socket  debug   server.lua: accepted new client connection from 127.0.0.1:54570 to 5281
Aug 30 10:13:24 socket  debug   server.lua: ssl handshake done
Aug 30 10:13:24 http.server     debug   Firing event: POST my.domain.com/http-bind/
Aug 30 10:13:24 mod_bosh        debug   Handling new request table: 0x27d1670: <body rid='3155859811' xmlns='http://jabber.org/protocol/httpbind' to='my.domain.com' xml:lang='en' wait='60' hold='1'$
----------
Aug 30 10:13:24 mod_bosh        debug   BOSH body open (sid: <none>)
Aug 30 10:13:24 bosh73c688fd-5296-4049-828e-473349724e05        debug   BOSH session created for request from 123.456.789.123
Aug 30 10:13:24 mod_bosh        info    New BOSH session, assigned it sid '73c688fd-5296-4049-828e-473349724e05'
Aug 30 10:13:24 mod_bosh        debug   We have an open request, so sending on that
Aug 30 10:13:24 mod_bosh        debug   Request destroyed: table: 0x27ca6e0
Aug 30 10:13:24 bosh73c688fd-5296-4049-828e-473349724e05        debug   BOSH session marked as inactive (for 60s)
Aug 30 10:13:24 mod_bosh        debug   Session 73c688fd-5296-4049-828e-473349724e05 has 0 out of 1 requests open
Aug 30 10:13:24 mod_bosh        debug   and there are 0 things in the send_buffer:
Aug 30 10:13:24 http.server     debug   Firing event: POST my.domain.com/http-bind/
Aug 30 10:13:24 mod_bosh        debug   Handling new request table: 0x27d44c0: <body rid='3155859812' xmlns='http://jabber.org/protocol/httpbind' sid='73c688fd-5296-4049-828e-473349724e05'><auth xmlns='u$
----------
Aug 30 10:13:24 mod_bosh        debug   BOSH body open (sid: 73c688fd-5296-4049-828e-473349724e05)
Aug 30 10:13:24 mod_bosh        debug   BOSH stanza received: <auth mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>

Aug 30 10:13:24 bosh73c688fd-5296-4049-828e-473349724e05        debug   Received[c2s_unauthed]: <auth mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
Aug 30 10:13:24 mod_bosh        error   Traceback[bosh]: /opt/xmpp-cloud-auth/prosody-modules/mod_auth_external.lua:64: attempt to index local 'pty' (a nil value)
stack traceback:
        /opt/xmpp-cloud-auth/prosody-modules/mod_auth_external.lua:64: in function 'send_query'
        /opt/xmpp-cloud-auth/prosody-modules/mod_auth_external.lua:118: in function </opt/xmpp-cloud-auth/prosody-modules/mod_auth_external.lua:103>
        (tail call): ?
        (tail call): ?
        /opt/xmpp-cloud-auth/prosody-modules/mod_auth_external.lua:154: in function 'plain_test'
        /usr/lib64/prosody/util/sasl/plain.lua:72: in function </usr/lib64/prosody/util/sasl/plain.lua:38>
        (tail call): ?
        /usr/lib64/prosody/modules/mod_saslauth.lua:77: in function </usr/lib64/prosody/modules/mod_saslauth.lua:66>
        (tail call): ?
        /usr/lib64/prosody/util/events.lua:67: in function 'fire_event'
        ...
        /usr/lib64/prosody/net/http/server.lua:109: in function 'process_next'
        /usr/lib64/prosody/net/http/server.lua:125: in function 'success_cb'
        /usr/lib64/prosody/net/http/parser.lua:173: in function 'feed'
        /usr/lib64/prosody/net/http/server.lua:154: in function </usr/lib64/prosody/net/http/server.lua:153>
        (tail call): ?
        /usr/lib64/prosody/net/server_select.lua:868: in function </usr/lib64/prosody/net/server_select.lua:850>
        [C]: in function 'xpcall'
        /usr/lib64/prosody/../../bin/prosody:376: in function 'loop'
        /usr/lib64/prosody/../../bin/prosody:407: in main chunk
        [C]: ?
Aug 30 10:13:24 mod_bosh        debug   Session 73c688fd-5296-4049-828e-473349724e05 has 1 out of 1 requests open
Aug 30 10:13:24 mod_bosh        debug   and there are 0 things in the send_buffer:
Aug 30 10:13:24 mod_bosh        debug   Have nothing to say, so leaving request unanswered for now
Aug 30 10:13:25 socket  debug   server.lua: auto-starting ssl negotiation...
Aug 30 10:13:25 socket  debug   server.lua: attempting to start tls on tcp{client}: 0x27d9858
Aug 30 10:13:25 socket  debug   server.lua: accepted new client connection from 127.0.0.1:54576 to 5281
Aug 30 10:13:25 socket  debug   server.lua: ssl handshake done
Aug 30 10:13:25 http.server     debug   Firing event: POST my.domain.com/http-bind/
Aug 30 10:13:25 mod_bosh        debug   Handling new request table: 0x27ea2e0: <body rid='3155859812' xmlns='http://jabber.org/protocol/httpbind' sid='73c688fd-5296-4049-828e-473349724e05'><auth xmlns='u$
----------
Aug 30 10:13:25 mod_bosh        debug   BOSH body open (sid: 73c688fd-5296-4049-828e-473349724e05)
Aug 30 10:13:25 bosh73c688fd-5296-4049-828e-473349724e05        debug   rid repeated, ignoring: 3155859812 (diff 0)
Aug 30 10:13:25 mod_bosh        debug   Session 73c688fd-5296-4049-828e-473349724e05 has 2 out of 1 requests open
Aug 30 10:13:25 mod_bosh        debug   and there are 0 things in the send_buffer:
Aug 30 10:13:25 mod_bosh        debug   We are holding too many requests, so...
Aug 30 10:13:25 mod_bosh        debug   ...sending an empty response
Aug 30 10:13:25 mod_bosh        debug   We have an open request, so sending on that
Aug 30 10:13:25 mod_bosh        debug   Request destroyed: table: 0x27d45c0
Aug 30 10:13:25 mod_bosh        debug   Have nothing to say, so leaving request unanswered for now
Aug 30 10:13:31 http.server     debug   Firing event: POST my.domain.com/http-bind/
Aug 30 10:13:31 mod_bosh        debug   Handling new request table: 0x27e69e0: <body rid='122237649' xmlns='http://jabber.org/protocol/httpbind' to='my.domain.com' xml:lang='en' wait='60' hold='1' $
----------
Aug 30 10:13:31 mod_bosh        debug   BOSH body open (sid: <none>)
Aug 30 10:13:31 bosh1929425a-a666-4eb5-a46d-82c12cfa48c6        debug   BOSH session created for request from 123.456.789.123
Aug 30 10:13:31 mod_bosh        info    New BOSH session, assigned it sid '1929425a-a666-4eb5-a46d-82c12cfa48c6'
Aug 30 10:13:31 mod_bosh        debug   We have an open request, so sending on that
Aug 30 10:13:31 mod_bosh        debug   Request destroyed: table: 0x27e7730
Aug 30 10:13:31 bosh1929425a-a666-4eb5-a46d-82c12cfa48c6        debug   BOSH session marked as inactive (for 60s)
Aug 30 10:13:31 mod_bosh        debug   Session 1929425a-a666-4eb5-a46d-82c12cfa48c6 has 0 out of 1 requests open
Aug 30 10:13:31 mod_bosh        debug   and there are 0 things in the send_buffer:
Aug 30 10:13:31 http.server     debug   Firing event: POST my.domain.com/http-bind/
Aug 30 10:13:31 mod_bosh        debug   Handling new request table: 0x27f3bd0: <body rid='122237650' xmlns='http://jabber.org/protocol/httpbind' sid='1929425a-a666-4eb5-a46d-82c12cfa48c6'><auth xmlns='ur$
----------
Aug 30 10:13:31 mod_bosh        debug   BOSH body open (sid: 1929425a-a666-4eb5-a46d-82c12cfa48c6)
Aug 30 10:13:31 mod_bosh        debug   BOSH stanza received: <auth mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>

Aug 30 10:13:31 bosh1929425a-a666-4eb5-a46d-82c12cfa48c6        debug   Received[c2s_unauthed]: <auth mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
Aug 30 10:13:31 mod_bosh        error   Traceback[bosh]: /opt/xmpp-cloud-auth/prosody-modules/mod_auth_external.lua:64: attempt to index local 'pty' (a nil value)
stack traceback:
        /opt/xmpp-cloud-auth/prosody-modules/mod_auth_external.lua:64: in function 'send_query'
        /opt/xmpp-cloud-auth/prosody-modules/mod_auth_external.lua:118: in function </opt/xmpp-cloud-auth/prosody-modules/mod_auth_external.lua:103>
        (tail call): ?
        (tail call): ?
        /opt/xmpp-cloud-auth/prosody-modules/mod_auth_external.lua:154: in function 'plain_test'
        /usr/lib64/prosody/util/sasl/plain.lua:72: in function </usr/lib64/prosody/util/sasl/plain.lua:38>
        (tail call): ?
        /usr/lib64/prosody/modules/mod_saslauth.lua:77: in function </usr/lib64/prosody/modules/mod_saslauth.lua:66>
        (tail call): ?
        /usr/lib64/prosody/util/events.lua:67: in function 'fire_event'
        ...
        /usr/lib64/prosody/net/http/server.lua:109: in function 'process_next'
        /usr/lib64/prosody/net/http/server.lua:125: in function 'success_cb'
        /usr/lib64/prosody/net/http/parser.lua:173: in function 'feed'
        /usr/lib64/prosody/net/http/server.lua:154: in function </usr/lib64/prosody/net/http/server.lua:153>
        (tail call): ?
        /usr/lib64/prosody/net/server_select.lua:868: in function </usr/lib64/prosody/net/server_select.lua:850>
        [C]: in function 'xpcall'
        /usr/lib64/prosody/../../bin/prosody:376: in function 'loop'
		/usr/lib64/prosody/../../bin/prosody:407: in main chunk
        [C]: ?
Aug 30 10:13:31 mod_bosh        debug   Session 1929425a-a666-4eb5-a46d-82c12cfa48c6 has 1 out of 1 requests open
Aug 30 10:13:31 mod_bosh        debug   and there are 0 things in the send_buffer:
Aug 30 10:13:31 mod_bosh        debug   Have nothing to say, so leaving request unanswered for now

Nothing is outputted in xcauth.log or xcauth.err.
I am using prosody.cfg.lua from the wiki guide but with the proper authentication script name. The following modes are enabled:

modules_enabled = {

        -- Generally required
                "roster";
                "saslauth";
                "tls";
                "dialback";
                "disco";

        -- Not essential, but recommended
                "private";
                "vcard";

        -- Nice to have
                "version";
                "uptime";
                "time";
                "ping";
                "pep";

        -- Admin interfaces
                "admin_adhoc";

        -- HTTP modules
                "bosh";

        -- Other specific functionality
                "posix";
                "groups";
                "carbons";
                "mam";
                "smacks";
};

And here are my proxy settings in Apache:

        ProxyVia On
        ProxyPreserveHost On
        ProxyRequests Off
        SSLProxyEngine On
        SSLProxyVerify none
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off

    ProxyPass /http-bind/ https://localhost:5281/http-bind/
    ProxyPassReverse /http-bind/ https://localhost:5281/http-bind/

Authentication was working just fine until last week for both Nextcloud JSXC and external clients. No updates were done on the server OS. Nextcloud was updated to the latest stable version (12.0.2).

Any ideas?

client denied by server configuration: proxy:https

Sorry wrong board ....

Bosh error

I just install Nextcloud on Ubuntu 16, i pass all the issues i found, but now i get this in apache log: AH00898: Error reading from remote server returned by /http-bind/
My vhost configuration is:
ProxyPass /http-bind/ http://localhost:5280/http-bind/
ProxyPassReverse /http-bind/ http://localhost:5280/http-bind/
ProxyPreserveHost On
When i try by browser i get:
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /http-bind/.
Reason: Error reading from remote server

When i try to configure javascript xmpp chat in nextcloud, i type the domain and url bosh and get this:
BOSH server NOT reachable or misconfigured.
502 Proxy Error

Please, help me!

APIURL and APISECRET

The wiki states:

You will find the values for APIURL and APISECRET on your Nextcloud/Owncloud admin page.

I don't see these anywhere. Can you be more specific?

Thanks

External Authentication doesn't work with Nextcloud 12 JSXC 3.2.0

Hi,
I try to deploy the chat in my nextcloud.

When I try to log my user I can't pass the logging windows and I have no error on the webpage.

in Nextcloud Log:
Error Use of undefined constant script - assumed 'script' at /var/www/nextcloud/apps/ojsxc/templates/settings/admin.php#5

Warning ExAPI: Abort with message: HTTP header "X-JSXC-Signature" is missing.

in /var/log/prosody/extauth.log :
2017-05-29 09:55:48,103 WARNING: An error occured during the request

Can you help me ?

Thanks.

Auth failure with Nextcloud 13 & ejabberd

I am using ejabberd 16.09 with the latest stable xmpp-cloud-auth and Nextcloud 13.0.3. In the past few days, when I try to log in to ejabberd via pidgin, I get the following error:

ejabberd | 13:10:42.064 [error] extauth call '[<<"auth">>,<<"**********">>,<<"cloud.example.com">>,<<"***********">>]' didn't receive response
ejabberd | 13:10:42.065 [info] ({socket_state,fast_tls,{tlssock,#Port<0.9473>,#Port<0.9474>},<0.597.0>}) Failed authentication for **********@cloud.example.com from ::FFFF:172.18.0.1

This same configuration worked fine before pulling the latest xmpp-cloud-auth code. I see that there was a recent migration to python 3, so I've installed the proper libraries. Have these recent changes been tested against Nextcloud and ejabberd specifically?

Any tips on where to start troubleshooting?

Thanks

ejabberd, xcauth.py -d -A shows SUCCESS value/True, nextcloud/xabber/gajim unable to login, extauth script has exitted abruptly

Everything is a fresh install with current/latest software: Ubuntu 18.04, ejabberd 18.04, Nextcloud 13, NGINX
all info posted below, my actual domain was replaced with example.com

The ejabberd log is getting flooded with extauth script has exitted abruptly messages.

tail -n 58 /opt/ejabberd/logs/ejabberd.log

2018-05-10 12:19:30.092 [critical] <0.11824.2>@extauth:loop:137 extauth script has exitted abruptly with reason 'normal'
2018-05-10 12:19:30.093 [critical] <0.11825.2>@extauth:loop:137 extauth script has exitted abruptly with reason 'normal'
2018-05-10 12:19:30.094 [critical] <0.11826.2>@extauth:loop:137 extauth script has exitted abruptly with reason 'normal'
2018-05-10 12:19:30.095 [critical] <0.11827.2>@extauth:loop:137 extauth script has exitted abruptly with reason 'normal'
2018-05-10 12:19:30.096 [critical] <0.11828.2>@extauth:loop:137 extauth script has exitted abruptly with reason 'normal'

nextcloud settings, I get the green check box: BOSH Server reachable. (this took a little bit of figuring out, nginx config posted at bottom)

xcauth command shows success:

sudo /opt/xmpp-cloud-auth/xcauth.py -d -A xekon example.com password1234

2018-05-10 12:15:41,798 DEBUG: Start external auth script 1.0.0 for ejabberd with endpoint: https://cloud.example.com/apps/ojsxc/ajax/externalApi.php
2018-05-10 12:15:41,798 DEBUG: Token is too short: 14 != 23 (maybe not a token?)
2018-05-10 12:15:41,801 DEBUG: Starting new HTTPS connection (1): cloud.example.com
2018-05-10 12:15:42,044 DEBUG: https://cloud.example.com:443 "POST /apps/ojsxc/ajax/externalApi.php HTTP/1.1" 200 44
2018-05-10 12:15:42,046 INFO: SUCCESS: Cloud says password for [email protected] is valid
True

The Fact that the xcauth.py logs in seemingly correct, and the ejabberd external auth is spamming the log,
has me believing I simply missed a setting or permission, however I have read over both
https://github.com/jsxc/xmpp-cloud-auth/blob/master/doc/Installation.md and https://github.com/jsxc/xmpp-cloud-auth/wiki

at the moment, I keep searching google for clues, and re reading the guides over and over. I have spent the last 3 days (~25 hours) trying to get this working.
at first I installed with Prosody, and using Prosody I could not even get success from xcauth.py
with ejabberd I have gotten success, but no users can login.

I feel as though I need another way to debug this, its difficult to know how to fix this when I am not sure what the problem is. at the moment all I know is that the script is exitting abruptly, but I do not know why.
Are there any Other Debug procedures I can use? or any vital file permissions that should be checked?

if I modify back to using internal, then xabber/pidgin/gajim can login again, but obviously nextcloud wouldnt be integrated
I only mention this because it shows that ejabberd config appears to still be working with the exception of the external auth:

sudo nano /opt/ejabberd/conf/ejabberd.yml
auth_method: internal
#auth_method: external

here is my NGINX config that made the BOSH server reachable:

upstream php-handler {
    #server 127.0.0.1:9000;
    server unix:/var/run/php/php7.2-fpm.sock;
}

# Redirect all HTTP traffic to HTTPS
server {
    listen 80;
    listen [::]:80;
    server_name www.example.com cloud.example.com example.com;

    # Path to the root of your installation
    root /var/www/html/;
    index index.html;

    return 301 https://$host$request_uri;
}

#xmpp BOSH
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name xmpp.example.com example.com;

    ssl_certificate /etc/ssl/nginx/cert.pem;
    ssl_certificate_key /etc/ssl/nginx/key.pem;
    ssl_protocols TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 1d;
    ssl_session_tickets off;

    root /srv/xmpp.example.com;
    index index.html;
    location ~ ^/([a-zA-Z0-9]+)$ {
        rewrite ^/(.*)$ / break;
    }

    # BOSH
    location /http-bind {
        proxy_pass http://localhost:5280/http-bind;
        proxy_set_header Host $host;
        proxy_buffering off;
        tcp_nodelay on;
    }

    # xmpp websockets
    location /xmpp-websocket {
        proxy_pass http://localhost:5280;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        tcp_nodelay on;
    }
}

#nextcloud
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name cloud.example.com;

    ssl_certificate /etc/ssl/nginx/cert.pem;
    ssl_certificate_key /etc/ssl/nginx/key.pem;
    ssl_protocols TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 1d;
    ssl_session_tickets off;

    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    # Path to the root of your installation
    root /var/www/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /.well-known/carddav {
      return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host/remote.php/dav;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    location / {
        rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~ \.(?:css|js|woff|svg|gif)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=15778463";
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        # Optional: Don't log access to other assets
        access_log off;
    }
}

Nextcloud username capitalization issue

Using ejabber and Nextcloud the following issue occurs.
If the user logs into Nextcloud with a username that is not all lower caps, a different user is created/used with the same name for use in jsxc. This user cannot add any other users and it has no valid user icon whereas the lower caps user would have the usericon used in Nextcloud.

This does not happen if you login after logging out when using jsxc. Any capitalization in the username results in the correct username/user being used for jsxc/ejabber

API-Code Issue

Hello there,

i configured everything like its mentioned in the Documentation.
My Bosh URL is working and i can reach it in my browser and its also available in Nextcloud.
But i cant login to the XMPP Server in Nextcloud.
When i try to do a Test-Login via commandline, im getting the following output:

2018-02-14 11:08:41,679 DEBUG: Start external auth script 1.0.0 for prosody with endpoint: https://cloud.sise-it.com/index.php/apps/ojsxc/ajax/externalApi.php
2018-02-14 11:08:41,680 DEBUG: Token is too short: 5 != 23 (maybe not a token?)
2018-02-14 11:08:41,684 DEBUG: Starting new HTTPS connection (1): cloud.sise-it.com
2018-02-14 11:08:46,949 DEBUG: https://cloud.sise-it.com:443 "POST /index.php/apps/ojsxc/ajax/externalApi.php HTTP/1.1" 200 44
2018-02-14 11:08:46,951 INFO: SUCCESS: Cloud says password for [email protected] is valid
True

So it seems like the passwort is correct, but its not getting the correct API Key?
But i checked the secret key mutliple times.
I've got the xcauth.conf at /etc/ and also at /opt/xmpp-cloud-auth/ (i thought maybe it doesnt get the location of the .conf file in /etc/.

What else do i need to check?
Could it be an issue with the API-Secret Codes?
PS: I am running Nextcloud 13 Stable with the newest Version of JSXC.

Greetings

Finding API URL

I'm having trouble finding the API URL I'm supposed to use. Admin web pages have come up empty. I found the secret in config.php. Can you point me in the right direction? Thanks.

documentation incorrect - external_cloud.sh - no such thing

Hello Marcel,

I think you forgot to update wiki on https://github.com/jsxc/xmpp-cloud-auth/wiki/ejabberd which shows wrong config when compared to another of your wiki of the actual git repository:

extauth_program: "/opt/xmpp-cloud-auth/external_cloud.sh"

should be, according to this:

extauth_program: "/opt/xmpp-cloud-auth/xcauth.sh"

Compatibility with user_saml & app passwords?

I am currently thinking of ways to transition to a SAML based SSO, but I would really like to keep this XMPP integration working.

Thinking about how the user_saml plugin works (and the reasons why the cloud_auth was created) lets me believe that enabling user_saml will for sure break this? Maybe there could be an option in the setting to add an Nextcloud provided "app password" per user as a work-around?

using chat app in nextcloud with external server on hosted server

Hi,
I have an installation of nextcloud on a hosted server and would like to use the chat app to communicate with other xmpp servers. Is that possible? For example I would like to use the service of jabber.hot-chilli.net.

Of course I do not have access to a terminal on the server.

VERSION 0.2.1+ with configargparse

$ ./external_cloud.py -h
  File "./external_cloud.py", line 46
    logging.warn('An unknown error occured during the request, probably an SSL error. Try updating your "requests" and "urllib" libraries.")

Q: what about the rosters / contacts

This script looks interesting and moves authentication to NC/OC where it is a good place.
What about the rosters / contact lists: Will they be fed from the user's personal address book (fine) or from NC/OC group memberships (even better) or from the xmpp server (not so easy, only openfire has a good way to extract group information from LDAP, but I don't see a possibility to add this script to openfire)?

Update wiki tutorial

Or at least put a notice that it is severely outdated and you should rather use the installation.md

Also: for time limited tokens I need to uncomment that user.db line? is that directory writeable by the xcauth user by default?

Troubleshooting time limited tokens?

I am trying to set up time limited tokens with my ejabberd 17-11 installation, but even though everything works great without it activated in my Nextcloud 12.0.4 installation, I can't seem to figure out why it doesn't with.

I followed the installation.md and the configured "cache-db=/var/cache/xcauth/user-cache.db" file gets created fine.

But when I check the "time limited token" box in Nextcloud and logout and in the JSXC doesn't show up any more.

In the console I get the following messages:

State changed to INITIATING
Try to relogin
I am not able to relogin
State changed to TRYTOINTERCEPT
State changed to INTERCEPTED
State changed to ESTABLISHING
New connection
CONNECTING: null
AUTHFAIL: null

and a bit later:

State changed to INITIATING
Try to relogin
I am currently busy and will try again later. Please be patient.

But that's it...

Help much apprechiated.

jsxc / xmpp-cloud-auth Goto Github PK

xmpp-cloud-auth's Introduction

JavaScript XMPP Client

😍 Features

📷 Screenshots

🚀 Installation

👏 Contribution

xmpp-cloud-auth's People

Contributors

Stargazers

Watchers

Forkers

xmpp-cloud-auth's Issues

Recommend Projects

Recommend Topics

Recommend Org