Add OpenFire plugin to authenticate users against a token generated by TikiWiki CMS

Author: fabiomontefuscolo

src/plugins/tikitoken/README.md

@@ -0,0 +1,20 @@
+# Openfire TikiToken plugin
+
+This project is a plugin for the [Openfire Realtime Collaboration Server](http://www.igniterealtime.org/projects/openfire/).
+
+This plugin adds a SASL mechanism that allows users to authenticate against a token that is generated by an instance of [Tiki Wiki CMS GroupWare](https://tiki.org/).
+
+## Building the source
+To create an Openfire plugin from the source code in this project:
+
+- Download a copy of the sources of this project into `PLUGINDIR`
+- Download a copy of the [Openfire sources](https://github.com/igniterealtime/Openfire) into `OPENFIRE_SOURCE_DIR`
+- From within `OPENFIRE_SOURCE_DIR` execute: `ant -f build/build.xml -Dplugin.src.dir=PLUGINDIR/.. -Dplugin=tikitoken openfire plugin`
+
+## Installing the plugin
+
+After a plugin JAR file has been created, place that file in the plugin directory of a running Openfire instance.
+Openfire will automatically detect and activate the plugin.
+
+More detailed usage instructions are available in the [readme](readme.html) file that is available as part of the source
+code of this project.

src/plugins/tikitoken/changelog.html

@@ -0,0 +1,54 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+
+<html>
+<head>
+    <title>TikiToken Plugin Changelog</title>
+    <style type="text/css">
+        BODY {
+            font-size : 100%;
+        }
+        BODY, TD, TH {
+            font-family : tahoma, verdana, arial, helvetica, sans-serif;
+            font-size : 0.8em;
+        }
+        H2 {
+            font-size : 10pt;
+            font-weight : bold;
+        }
+        A:hover {
+            text-decoration : none;
+        }
+        H1 {
+            font-family : tahoma, arial, helvetica, sans-serif;
+            font-size : 1.4em;
+            font-weight: bold;
+            border-bottom : 1px #ccc solid;
+            padding-bottom : 2px;
+        }
+        TT {
+            font-family : courier new;
+            font-weight : bold;
+            color : #060;
+        }
+        PRE {
+            font-family : courier new;
+            font-size : 100%;
+        }
+    </style>
+</head>
+<body>
+
+<h1>TikiToken Plugin Changelog</h1>
+
+<p><b>0.2</b> -- March 21, 2017</p>
+<ul>
+    <li>Replaced AuthProvider-based approach by a SASL mechanism-based approach.</li>
+</ul>
+
+<p><b>0.1</b> -- March 19, 2017</p>
+<ul>
+    <li>Initial release</li>
+</ul>
+
+</body>
+</html>

src/plugins/tikitoken/lib/genson-1.4.jar

@@ -0,0 +1,11 @@
+<plugin>
+    <class>org.tiki.tikitoken.TikiTokenPlugin</class>
+    <name>TikiToken</name>
+    <description>Allows users to authenticate with a Tiki token.</description>
+    <author>Tiki Wiki CMS GroupWare</author>
+    <version>0.2</version>
+    <date>04/24/2017</date>
+    <url>https://dev.tiki.org/OpenFire</url>
+    <minServerVersion>4.1.3</minServerVersion>
+    <licenseType>gpl</licenseType>
+</plugin>

src/plugins/tikitoken/logo_large.png

@@ -0,0 +1,77 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+
+<html>
+<head>
+    <title>TikiToken Plugin Readme</title>
+    <style type="text/css">
+        BODY {
+            font-size : 100%;
+        }
+
+        BODY, TD, TH {
+            font-family : tahoma, verdana, arial, helvetica, sans-serif;
+            font-size : 0.8em;
+        }
+
+        H2 {
+            font-size : 10pt;
+            font-weight : bold;
+        }
+
+        A:hover {
+            text-decoration : none;
+        }
+
+        H1 {
+            font-family : tahoma, arial, helvetica, sans-serif;
+            font-size : 1.4em;
+            font-weight: bold;
+            border-bottom : 1px #ccc solid;
+            padding-bottom : 2px;
+        }
+
+        TT {
+            font-family : courier new;
+            font-weight : bold;
+            color : #060;
+        }
+
+        PRE {
+            font-family : courier new;
+            font-size : 100%;
+        }
+    </style>
+</head>
+<body>
+
+<h1>
+    TikiToken Plugin Readme
+</h1>
+
+<h2>Overview</h2>
+<p>
+    This plugin adds a SASL mechanism to Openfire that allows users to authenticate with a Tiki-generated access token.
+</p>
+
+<h2>Installation</h2>
+<p>
+    Copy the plugin JAR file into the plugins directory of your Openfire installation. The plugin will then be
+    automatically deployed.
+</p>
+
+<h2>Upgrade</h2>
+<p>
+    To upgrade to a new version, copy the new plugin JAR file into the plugins directory of your Openfire installation,
+    overwriting the JAR file from the previous version. Within a minute or so, Openfire will detect the new plugin,
+    unload the previous version and load the new version. You can verify that the new version has been loaded by
+    observing the plugin version number in the Openfire Admin Console.
+</p>
+
+<h2>Configuration</h2>
+<p>
+    The base URL of the Tiki suite against which authentication is performed needs to be defined in a property named
+    <tt>org.tiki.tikitoken.baseUrl</tt>
+</p>
+
+</body>
+</html>

src/plugins/tikitoken/logo_small.png

@@ -0,0 +1,28 @@
+package org.tiki.tikitoken;
+
+import org.jivesoftware.openfire.container.Plugin;
+import org.jivesoftware.openfire.container.PluginManager;
+import org.jivesoftware.openfire.net.SASLAuthentication;
+
+import java.io.File;
+import java.security.Security;
+
+/**
+ * An Openfire plugin that adds the TikiToken SASL mechanism.
+ */
+public class TikiTokenPlugin implements Plugin
+{
+    @Override
+    public void initializePlugin( PluginManager manager, File pluginDirectory )
+    {
+        Security.addProvider( new TikiTokenSaslProvider() );
+        SASLAuthentication.addSupportedMechanism( TikiTokenSaslServer.MECHANISM_NAME );
+    }
+
+    @Override
+    public void destroyPlugin()
+    {
+        SASLAuthentication.removeSupportedMechanism( TikiTokenSaslServer.MECHANISM_NAME );
+        Security.removeProvider( TikiTokenSaslProvider.NAME );
+    }
+}

src/plugins/tikitoken/plugin.xml

@@ -0,0 +1,57 @@
+package org.tiki.tikitoken;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URISyntaxException;
+import java.net.URL;
+import java.util.Map;
+import java.util.Scanner;
+
+import org.jivesoftware.util.JiveGlobals;
+
+import com.owlike.genson.Genson;
+
+
+public class TikiTokenQuery {
+	private final String DEFAULT_BASE_URL = "http://tikiconverse.docker/";
+	private String username;
+	private String token;
+	
+	public TikiTokenQuery(String username, String token) {
+		this.username = username;
+		this.token = token;
+	}
+	
+	public URL getUrl() throws MalformedURLException, URISyntaxException {
+		String baseAddress = JiveGlobals.getProperty("org.tiki.tikitoken.baseUrl", this.DEFAULT_BASE_URL);
+		String script = String.format("tiki-ajax_services.php?controller=xmpp&action=check_token&user=%s&token=%s", this.username, this.token);
+		
+		URL baseUrl = new URL(baseAddress);
+		URL fullUrl = new URL(baseUrl, script);
+		
+		return fullUrl;
+		
+	}
+	
+	public boolean isValid() {
+		String content = this.fetch();
+		Genson genson = new Genson();
+		Map<String, Boolean> root = genson.deserialize(content, Map.class);
+		return root.get("valid");
+	}
+	
+	public String fetch() {
+		try {
+			URL url = this.getUrl();
+			InputStream stream = url.openStream();
+			Scanner s = new java.util.Scanner( stream ).useDelimiter( "\\A" );
+			String result = s.hasNext() ? s.next() : "";
+			s.close();
+			return result;
+		} catch (IOException | URISyntaxException e) {
+			e.printStackTrace();
+		}
+		return null;
+	}
+}

src/plugins/tikitoken/readme.html

@@ -0,0 +1,35 @@
+package org.tiki.tikitoken;
+
+import java.security.Provider;
+
+/**
+ * A Provider implementation for a SASL mechanism that uses a Tiki token.
+ *
+ * This implementation makes use of a Tiki server for token validation.
+ *
+ * @see <a href="https://tools.ietf.org/html/rfc7628">RFC 7628</a>
+ */
+public class TikiTokenSaslProvider extends Provider
+{
+    /**
+     * The provider name.
+     */
+    public static final String NAME = "TikiSasl";
+
+    /**
+     * The provider version number.
+     */
+    public static final double VERSION = 1.0;
+
+    /**
+     * A description of the provider and its services.
+     */
+    public static final String INFO = "Provides a SASL mechanism that uses a Tiki instance to verify authentication tokens.";
+
+    public TikiTokenSaslProvider()
+    {
+        super( NAME, VERSION, INFO );
+
+        put( "SaslServerFactory." + TikiTokenSaslServer.MECHANISM_NAME, TikiTokenSaslServerFactory.class.getCanonicalName() );
+    }
+}