I'm new to Prosody XMPP server. i have setup the server and can create chat rooms. Now I wonder how to restrict particular chat room to given set of users.
Suggestions are welcome...
I don't know Prosody but I can help in XMPP specs to find (just search for namespaces in Prosody code).
However you are asking for 3/4 differents task
1) Restrict to "given set of users": if Prosody has Groups, you can add any number of groups to your groupchat
2) About password: while creating a groupchat you can set as configuration:
"muc#roomconfig_passwordprotectedroom" -> true
"muc#roomconfig_roomsecret" -> "mypassword"
3) About restricted join: while creating (or updating of course) a groupchat configuration, you have to set:
"muc#roomconfig_membersonly" -> true;
and while you are inviting an user you have to:
1) grantVoice (it's optional but some implementations can require it)
2) grantMembership or something you like in "XEP-0045: Multi-User-Chat - 5.1 Roles"
Not all specs are supported by servers so you need to check what Prosody supports and how, but searching for namespaces make search shorter ;)
Docs:
http://xmpp.org/extensions/xep-0045.html
No need to use passwords, just make room "members only" - only people who get invite can access that room
Related
We have an enterprise installation of QuickBlox (which implements XMPP), and would like to create mirrored accounts for all of our users on our QuickBlox server install. We also want to sync the networks our system's users have created using relationships (eg, "client and provider") that have been built on our system.
In a nutshell, we want to export whitelists that limit chat "opponents" to only those users with whom each of our users already have relationships. If User1 has an existing relationship in our system with User2 and User3 but not User4 through User40, we want to be able to use the QuickBlox API to enforce that within chat by creating a whitelist through the QuickBlox API.
EDIT: We can't use an "honor system" whitelist. That is, the enforcement must be server-side using a method the client cannot circumvent. There must be a hard, unavoidable block between users for privacy concerns.
Use case:
A QuickBlox (or XMPP) server has User1 through User40, inclusive.
User1's whitelist is comprised of [User2, User3] only.
If User1 attempts to contact User15, we want QuickBlox/XMPP to note that User15 is not on User1's whitelist and block that communication as if User1 had bidirectionally blocked that user.
Privacy lists, aka blacklists
I have found places in QB's docs that refer to the XMPP specification docs, and have found the concept of privacy lists, which seem to operate as blacklists:
https://quickblox.com/developers/Web_XMPP_Chat_Sample#Privacy_lists
https://xmpp.org/extensions/xep-0016.html#protocol-syntax
These only provide two styles of blacklist privacy:
You can choose a type of blocked logic (Privacy List). There are 2
types:
Block in one way. You are blocked, but you can write to
blocked user.
Block in two ways. You are blocked and you also can't
write to blocked user.
Server Whitelist (dialog-level, not user)
I've also found documentation on whitelists for servers, which appear to operate at a dialog/jid, not user, level:
https://xmpp.org/extensions/xep-0133.html#edit-whitelist
An entity added to a whitelist MAY be a JID of any form as specified in RFC 6120... a whitelist may prevent inbound communications, outbound communications, or both...
Rosters -- "presence" detail only?
There are also rosters, which are close to whitelists, but they do not seem in my testing to restrict communication between any two users that might not be on each other's roster.
https://quickblox.com/developers/Web_XMPP_Chat_Sample#Get_the_roster
That is to say, I haven't set up a roster in my testing application, and users are able to create group and 1-on-1 chat dialogs in spite of not having explicitly accepted any roster requests. In the Android docs, I found the following on rosters: "[A roster] is the collection of users a person receives presence updates for." That's not blocking in any way outside of presence alerts, I don't believe.
Question
Is there a suggested way to create a pessimistic whitelist for each user, which only contain those users with whom communication is allowed? Or are we forced to create and maintain "inverse blacklists", where we automate the creation of privacy lists for every new user blocking every other user and then use the API to remove those with which each user should be able to communicate?
If we do have to use "inverse blacklists", is there a way to have a default blacklist apply to every new user that initially blocks communication with every other user already in our QuickBlox system?
(Again, we can't use "honor system" lists. If the client must request a whitelist to be active before it can be used, can freely discover and then change active whitelists, or if the client can decline to use a list, that's not secure enough.)
XMPP Clients
XMPP clients will need a way to ask another clients if they support receiving pushes via a relay. Since pushes can be sent from anywhere, clients will also be able to send pushes directly to other clients through the relay as long as they have their friend’s whitelist token. They will also need to respond to XMPP server inquiries for whitelist tokens to allow pushes to be sent by the server if a message is sent by a client not supporting direct push.
XMPP Servers
XMPP servers can ask their connected clients if they support push relays and, if so, forward messages they receive to the push relay server when the client is offline. This will require the XMPP server to obtain a whitelist token from the user as well.
Help:see this link
If we are talking about XMPP protocol - there is an ability to block any communications from/to (see example 48)
So, by default, you can set it for each user for example.
Then, if we need to allow to communicate with someone specific,
then you can add this user to your privacy list with action=allow and order greater than 'full block'. Here is actually a good example of whitelist implementation via Privacy Lists, see example 8:
and (3) 'special', which allows communications only with three
specific entities.
I'm creating (yet another) mobile chat app, using Smack and ejabberd. I'm trying to ascertain the best way to implement user avatars for use in multi-user chat rooms, and also of course for roster members. Looking at possible solutions, I can see:
XEP-0008 IQ based avatars - avatars are limited to 64 by 64 pixels, too small.
XEP-0153 vCard based avatars - Easy to implement for both users in the roster and MUC rooms, however (a) sources such as this seem to indicate that one's own vcard needs to be downloaded on every login (is this strictly true? I can't see this in the specs), and (b) should be less than 96 by 96 pixels (still pretty small)
XEP-0084 User Avatar based on Personal Eventing Protocol - I'm not clear how I can retrieve avatars for all users in a multi-user chat room based on this protocol. After joining the chat room, I would need to subscribe to the metadata node of all users, and any subsequently joining users? And also unsubscribe when they leave the room? I figure this would be pretty ugly and clumsy to implement.
Can someone kindly point me in the right direction, or indicate where I may have misunderstood? Thanks.
I guess the best way to address this issue may be to store/load the images Out of band via a HTTP server. Images could be stored with a filename such as "username_imagehash.xxx". For users not in one's roster (eg strangers in a multi-user chat), we pull their avatar via a URI retrieved from their vCard PHOTO field. Each time a stranger is re/encountered, we reload their vCard, and can identify the need to redownload their photo via a change in the URI in the vCard.
Once the user is added to one's roster, we subscribe to their avatar updates via XEP-0084, publishing the same URI (see example 4. in XEP-0084).
I think this addresses all requirements, I will find out once I've implemented. I can understand that it is not done this way in standard XMPP clients as it depends on an HTTP server separate to the XMPP service (and need to handle HTTP server security - user authorization/authentication).
Feedback welcome!
I'm developing a client jabberd application for mobile(android) using (a)Smack.
Since, in my application, the users are registered by their phone numbers, the application should be able to recognize which contact has a jabber account on the server and suggest him/her for chatting.
After googlling the web I found that there is a jabber user directory (JUD) which I can use to check there is an account for a specific mobile number or not. (I'm using UserSearchManager).
My questions:
1- It seems that there is no record in JUD for a user who has not updated his vCard yet, so I cannot find him. Is there any solution to check the existence of this kind of users?
2- It seems that by using JUD, everyone outside of my application can fetch some important information of users such as mobile numbers, emails, etc. Is there any solution to limit JUD search engine? (for example, getting only "user field" as a input and returning only "full name field" of existing accounts or other useful limitation).
So by this way, I can recognize which person from the contact list has an account on the server and also other people cannot fetch important information of the exiting users.
Any command or advice is appreciated. Thank you.
I do not think it is possible as default, without customizing ejabberd application code.
I want to create GROUP in openfire using xmpp programmatically
see the image....
there are two groups in image I wish to add new groups in openfire using xmpp stanzas. If success then I wish to add members in particular groups.
I know how to create chat rooms (MUC) but groups are different than chatrooms. in groups rosters are persistent but in chatroom any user can enter and can at leave any time. so I want to create groups not like chatrooms.
I tried lot but it creates chatrooms only not the groups.
See this post for instance, if it can help you a little bit. Look for the addgroup in the java docs on the openfire.
I have set up the Openfire xmpp server and it's running good from a client, but i want to use candy with it to create a chatroom (muc), my settings in openfire work and so there is a conference.blabla.nl, that conference server i can connect with Pandion and Tkabber, i log in and ask what rooms are there or if i want to create one myself, that all go well.
When i connect with candy it only connects as i use a proper login name and pass, but i want it to join or create a chatroom on the muc.
When i login with proper username and pass my screen gets grey, but when i type something to the user logged in at candy there will appear that there are messages but only then, i can't read them in candy...
So to go short, i have candy up and running but shows only information when someone sends something.
Anyone knows about it or have some good tips what could work.
I just want a webclient that people can use with a own chosen name like "guest" or something and then log in to the chatroom.
Any help appreciated.
There are three possible options:
On initialization of Candy, specify autojoin with "true" and in the openfire server specify autojoin bookmarks.
On initialization of Candy, specify autojoin with an array of rooms to autojoin
use the roomPanel Plugin to discover existing rooms and be able to join them.
Btw. we have a support mailinglist as well