We have an enterprise installation of QuickBlox (which implements XMPP), and would like to create mirrored accounts for all of our users on our QuickBlox server install. We also want to sync the networks our system's users have created using relationships (eg, "client and provider") that have been built on our system.
In a nutshell, we want to export whitelists that limit chat "opponents" to only those users with whom each of our users already have relationships. If User1 has an existing relationship in our system with User2 and User3 but not User4 through User40, we want to be able to use the QuickBlox API to enforce that within chat by creating a whitelist through the QuickBlox API.
EDIT: We can't use an "honor system" whitelist. That is, the enforcement must be server-side using a method the client cannot circumvent. There must be a hard, unavoidable block between users for privacy concerns.
Use case:
A QuickBlox (or XMPP) server has User1 through User40, inclusive.
User1's whitelist is comprised of [User2, User3] only.
If User1 attempts to contact User15, we want QuickBlox/XMPP to note that User15 is not on User1's whitelist and block that communication as if User1 had bidirectionally blocked that user.
Privacy lists, aka blacklists
I have found places in QB's docs that refer to the XMPP specification docs, and have found the concept of privacy lists, which seem to operate as blacklists:
https://quickblox.com/developers/Web_XMPP_Chat_Sample#Privacy_lists
https://xmpp.org/extensions/xep-0016.html#protocol-syntax
These only provide two styles of blacklist privacy:
You can choose a type of blocked logic (Privacy List). There are 2
types:
Block in one way. You are blocked, but you can write to
blocked user.
Block in two ways. You are blocked and you also can't
write to blocked user.
Server Whitelist (dialog-level, not user)
I've also found documentation on whitelists for servers, which appear to operate at a dialog/jid, not user, level:
https://xmpp.org/extensions/xep-0133.html#edit-whitelist
An entity added to a whitelist MAY be a JID of any form as specified in RFC 6120... a whitelist may prevent inbound communications, outbound communications, or both...
Rosters -- "presence" detail only?
There are also rosters, which are close to whitelists, but they do not seem in my testing to restrict communication between any two users that might not be on each other's roster.
https://quickblox.com/developers/Web_XMPP_Chat_Sample#Get_the_roster
That is to say, I haven't set up a roster in my testing application, and users are able to create group and 1-on-1 chat dialogs in spite of not having explicitly accepted any roster requests. In the Android docs, I found the following on rosters: "[A roster] is the collection of users a person receives presence updates for." That's not blocking in any way outside of presence alerts, I don't believe.
Question
Is there a suggested way to create a pessimistic whitelist for each user, which only contain those users with whom communication is allowed? Or are we forced to create and maintain "inverse blacklists", where we automate the creation of privacy lists for every new user blocking every other user and then use the API to remove those with which each user should be able to communicate?
If we do have to use "inverse blacklists", is there a way to have a default blacklist apply to every new user that initially blocks communication with every other user already in our QuickBlox system?
(Again, we can't use "honor system" lists. If the client must request a whitelist to be active before it can be used, can freely discover and then change active whitelists, or if the client can decline to use a list, that's not secure enough.)
XMPP Clients
XMPP clients will need a way to ask another clients if they support receiving pushes via a relay. Since pushes can be sent from anywhere, clients will also be able to send pushes directly to other clients through the relay as long as they have their friend’s whitelist token. They will also need to respond to XMPP server inquiries for whitelist tokens to allow pushes to be sent by the server if a message is sent by a client not supporting direct push.
XMPP Servers
XMPP servers can ask their connected clients if they support push relays and, if so, forward messages they receive to the push relay server when the client is offline. This will require the XMPP server to obtain a whitelist token from the user as well.
Help:see this link
If we are talking about XMPP protocol - there is an ability to block any communications from/to (see example 48)
So, by default, you can set it for each user for example.
Then, if we need to allow to communicate with someone specific,
then you can add this user to your privacy list with action=allow and order greater than 'full block'. Here is actually a good example of whitelist implementation via Privacy Lists, see example 8:
and (3) 'special', which allows communications only with three
specific entities.
Related
We are developing a consumer hardware product. Each device is registered on a central webserver and the owner also have a user account to which the device is linked. The owner may also choose to share the device with other users.
Now, to solve the problem of getting through firewalls etc we are using XMPP: the user access his/her devices using an iOS/Android app. The app connects to the XMPP-server and so does the hardware devices. So the app can access the devices by sending custom XMPP stanzas.
Currently the device and the mobile app use the same JID, so the device will allow messages only from the same bare JID as itself uses. To allow for sharing devices we are planning to use the roster instead: the device will get its own JID ("hw381983829#thexmppserver.com") and will accept stanzas from all JID's in its roster.
The problem I'm having is that the users, devices and device-sharing data are stored on the webserver. I would like to use this same information on the XMPP-server: all users and devices on the webserver are allowed to login to XMPP and the roster of a device is the same as the users that may access it. This information can be accessed through a JSON API.
One way would be to mirror changes as they happen, but I don't like that idea since there are too many steps that could go wrong.
The best solution I can think of is to let the XMPP server use the JSON API instead of its builtin database. It would be read-only, but that is not a problem since all registration and sharing should be done on the webserver.
Any ideas on how to proceed? The functionality described above is more or less all that we need: we don't need S2S, offline messages, etc. We are currently using Ejabberd, but Prosody or Openfire are perhaps better alternatives?
For authentication, it looks like this ejabberd contribution does exactly what you need:
https://github.com/processone/ejabberd-contrib/tree/master/ejabberd_auth_http
For roster, it is easy to write a custom roster module that will be hitting your HTTP backend instead of query the database thanks to ejabberd API.
You can have a look at mod_roster as a guide to implement the methods: https://github.com/processone/ejabberd/blob/master/src/mod_roster.erl
Generally in messenger services, user adds or deletes contacts and let knows server about it. Server then takes necessary actions.
However, our requirement is "server decides contacts list, makes roster changes accordingly and clients receives updates about the same". How can we achieve this in Tigase?
There is a dedicated API in the Tigase just for that. It is called a DynamicRoster. Maybe the name is the most accurate. Dynamic because it is managed by the server and it can change any time user requests the roster.
Anyway, there are code examples in the Tigase main code repository. You can have multiple dynamic rosters active at the same time and they can retrieve contacts from different locations.
There is also a roster protocol extension which allows you to keep extra information for the contacts in the dynamic roster such as phone numbers, etc... More info about this o the Tigase.org website in the devel guide section.
Hope this helps.
a customer wants enable a chat/instant messenger for his application webside. He is using Lync Server internally to Chat in-house. Now, he requires the following:
A external user (which will not be an AD user) logs into the webside is able to chat with a person inside the company. The internal user will receive those messages via his lync client.
What's the best way to achieve this?
i thought about bot that delegates messages from the webside to the lync server that does the rest. But how can i send a message as an external user?
The usual way to approach this is with the following components:
A bot that connects to the internal Lync infrastructure as an ApplicationEndpoint, and manages conversations with external/internal users
A Web or WCF service that exposes methods over http to external users - this could be built into the bot, or could be a separate service that communicates with the bot in some way
The web UI for presenting a users presence, allowing click-to-call, initiating and displaying a conversation etc
As an example, the WCF service could expose a few methods:
GetPresence(targetSipUri) - returns a presence value for the given uri
SendIM(targetSipUri, message) - sends an IM to the given uri
GetReplies() - polls for any responses
When you get into the detail you might need more methods - e.g. it may be an idea to generate a conversation token and pass this around
The web UI could present a list of contacts with a presence status (GetPresence), then allow the user to click a presence contact to initiate a new conversation window and send the inital message (SendIM), then poll the service for any replies from the contact (GetReplies) - note, the bot will have to queue replies internally until GetReplies is called.
There are commercial products that might meet your needs - a quick search for Lync webchat should turn up a few. Also, it may be worth looking into the Lync Web App, to see if this works for your customer
Edit: In answer to the comment below - yes, your internal users will see a conversation from "Our Lync Bot". If you don't know who your users are (e.g. random potential customers browsing a shopping site), you can grab some info from them (name, product to discuss etc) and have the bot display this to the internal user, either as part of the IM conversation, or as conversation context displayed in a Conversation Window Extension.
If your external users are known in advance (e.g. registered customers), and the internal user MUST see the conversation as being from them, then you will need to create a UserEndpoint for each conversation - but this would rely on having the user in AD.
I am working on a social network that should allow members to chat with visitors on the site. The concept is simple.
Users who have registered signup get their own account with rosters
When a visitor comes to the home page of the social network, he can see some of the online members of the community
Now he should be able to initiate a chat with them, by clicking on their name.
I have already got members to chat with their roster mates. My question is, how can I get an anonymous user to chat with a member and exchange presence info with him?
I have successfully managed to create anonymous accounts, members accounts and even send messages from an anonymous user to other members. But I cant get presence information from anonymous-user to member or vice versa?
BTW, the chat is JS based.
You're trying to break the XMPP model. Presence is an opt-in permission based system. You ask me if you can see my presence, I say yes. Generally my client will then automatically ask you if I can see your presence, and your client says yes. That's what the roster is -- yes's and no's to presence subscription requests.
You can make chat rooms (MUC, multi user chat) that are anonymous, as well as do presence in them. It's not a roster, though. It's the closest to what you're describing without going into crazy-land with pubsub, and I don't know if you could even bend that tool far enough to have anonymous roster entries.
I have got an Openfire Jabber server with in excess of 75,000 users listed. Of those, 150 or more can be online at any one time.
Is there anywhere that I can collect the JIDs (usernames) of the currently logged in users? I have full database access to the underlying data, but the server does not appear to write the current status back to the DB. Because of the number of users, rosters are not being used.
A very useful set of data being returned would be from a simple (password protected) webpage with one JID per line, optionally with the login time, and maybe also the last time that account performed an action [like send a message]. The latter two are not as essential, but would be useful if the data is available, as well as any other information that was available regarding the user session.
dont know if this will help but I ran into it looking for similar functionality. As defined in XEP-0045 http://xmpp.org/extensions/xep-0045.html#disco-roominfo :
An implementation MAY return a list of existing occupants if that information is publicly
available, or return no list at all if this information is kept private. Implementations
and deployments are advised to turn off such information sharing by default.
So you would need to ensure it works as advertised on Openfire (all xmpp servers ive come across have a bug or two in them), and I imagine you would need to code some logic to get the results.
Good luck.
Not a perfect answer, but the query you want is probably embedded in the session-summary.jsp page. I got to it on a locally hosted server at http://localhost:9090/session-summary.jsp. What I don't know is if that is then stored in the database where it is query-able, or if it is stored internally to the client. The latter is more likely.
The data that page displays is Name, Resource, Status, Presence, Priority, Client IP, and Close Connection.