Enables core functionality for XMPP-enabled Plone add-ons.
Project description
Introduction
collective.xmpp.core is a fork/merge of jarn.xmpp.twisted and jarn.xmpp.core both written by Yiorgis Gozadinos (@ggozad).
It removes the PubSub and Messaging features from the jarn.xmpp.core and is intended to instead serve only as a base on which Plone add-ons with XMPP-enabled features can depend.
Currently it provides the following features:
Extensions to the wokkel package by implementing parts of the following XMPP extensions:
A Twisted reactor that runs side-by-side with the Zope instance.
Utilities that provide XMPP clients of two sorts, a deferred client that initially connects, executes a task and disconnects as soon as it is done, as well as a normal client that remains connected and can respond to XMPP events.
An XMPP component base class for writing custom components.
Integration of plone user accounts with XMPP accounts and authentication.
Installation
Before setting up the package you need to have a working XMPP server and access to the administration account on the server. The package has only been tested with ejabberd version 2.1.5 and above which is recommended. In any case the following XMPP extensions need to be supported by the server you are going to use:
XEP-0144 Roster Item Exchange.
XEP-0133 Service Administration.
XEP-0124 Bidirectional-streams Over Synchronous HTTP (BOSH)
XEP-0206 XMPP over BOSH
Buildout
A sample buildout you can use as a starting point can be found at collective.xmpp.buildout.
Setting up ejabberd (>=2.1.5)
Automatic configuration
Use the recipe provided in collective.xmpp.buildout (in which case you will need to have erlang installed, erlang-nox on Debian) or download the ejabberd installer.
A minimal configuration for ejabberd can be generated for convenience by the ejabberd.cfg part of collective.xmpp.buildout. You will need to copy the templates directory and modify the recipe configuration accordingly:
[ejabberd.cfg] recipe = collective.recipe.template input = templates/ejabberd.cfg.in output = ${buildout:directory}/etc/ejabberd.cfg xmppdomain = localhost admin_userid = admin collaboration_allowed_subnet = 0,0,0,0 collaboration_port = 5347 component_password = secret
where xmppdomain is the domain (or virtual host) running on your XMPP server and admin_userid is the id the the administrator account that Plone is going to use to interact with the server. The rest of the options are used by collective.xmpp.collaboration for the collaborative editing component connecting to the XMPP server. Here, collaboration_allowed_subnet specifies from which IPs the XMPP server is going to accept connections and should match the IPs your Plone instances are going to be using. Leaving it to 0,0,0,0 will allow all IPs, 127,0,0,1 will allow only localhost. Finally collaboration_port is the port to which the collaboration component is going to connect to and component_password is the shared password between the component and the XMPP server.
Manual configuration
If you already run an XMPP server here are some hints on how to set it up:
We assume that your xmpp domain is localhost. There should exist an administrator account admin@localhost. In addition if you intend to run some of the tests in any of the collective.xmpp.* packages you will need to be running an additional XMPP node on localhost if you use some other domain for production. You can safely remove any references to localhost if you are not interested in doing that.
Make sure you have enabled the http_bind module, as this is what the javascript clients will use to connect. You should have something like this in your ejabberd.cfg:
{5280, ejabberd_http, [ http_bind, web_admin ]}
In order to test and run custom XMPP components (for instance the collaborative editing component provided by collective.xmpp.collaboration) you will need to allow them to connect. This means you should have something similar to this configuration:
{5347, ejabberd_service, [ {access, all}, {shaper_rule, fast}, {ip, {127, 0, 0, 1}}, {hosts, ["collaboration.localhost"], [{password, "secret"}] } ]},
The rest of the standard options should be fine.
Administrator account
If you have not done so during installation you might need to create manually the administrator account. In the ejabberd folder execute:
./bin/ejabberdctl register admin localhost your_password
Test that you can access your ejabberd by logging to the admin interface (typically http://localhost:5280/admin). You should also be able to access the http-bind interface at http://localhost:5280/http-bind.
Setting up your front-end proxy
On the client-side every authenticated user will be connected to your jabber server through an emulated bidirectional stream through HTTP. To allow for this you need a proxy in front of Plone that will be redirecting the XMPP stream to your XMPP server. It is possible to do without one using the inferior solution of Flash plugins but this is not going to be supported.
Assuming you run your webserver as a proxy at port 8080 for the domain localhost, Zope listens on 8081, there exists a Plone site with id Plone and your ejabberd has the http_bind configured for port 5280, your nginx or apache configuration will look as follows:
Nginx
http { server { listen 8080; server_name localhost; location ~ ^/http-bind/ { proxy_pass http://localhost:5280; } location / { proxy_pass http://localhost:8081/VirtualHostBase/http/localhost:8080/Plone/VirtualHostRoot/; } } }
Apache
<VirtualHost *:8080> ServerName localhost RewriteEngine On RewriteRule ^/http-bind(.*) http://localhost:5280/http-bind$1 [P,L] RewriteRule ^/(.*) http://localhost:8081/VirtualHostBase/http/%{HTTP_HOST}:8080/Plone/VirtualHostRoot/$1 [P,L] </VirtualHost>
Setting up your Plone instances
Your instances will need to maintain a connection to the administrator account of your XMPP server. This is accomplished through Twisted and you will need to run a Twisted reactor on each of them. To do so include this in your instance section of your buildout:
zcml-additional = <configure xmlns="http://namespaces.zope.org/zope"> <include package="collective.xmpp.core" file="reactor.zcml" /> </configure>
Moreover, if your Plone buildout is not using plone.dexterity and you want to avoid this dependency being brought just add the bellow line to your CFG file:
[versions] Products.UserAndGroupSelectionWidget = 2.0.4
Again, it will help you to have a look at the sample buildout provided in collective.xmpp.buildout.
Setting up a new Plone site
Start ejabberd (if you used the recipe to build ejabberd, bin/ejabberd will do the job).
Start the Nginx frontend. bin/frontend start
Start your zope instance.
Access Zope directly at http://localhost:8081/manage and create a new Plone site with collective.xmpp.core.
Go to the Plone control panel and click on the XMPP Integration link under Plone Configuration. Make sure the XMPP settings reflect your installation.
Restart your Plone instance.
Upon the first request the administrator will log to his account. You should see things happening in the logs and if there are any errors something might be wrong with your installation.
When you create a new Plone user, they will automatically be registered on the XMPP server. Your existing users can also be registered by going back to the XMPP Integration configlet in the control panel, and then clicking on the User Registration tab. Keep an eye on your instance.log traceback in the console to make sure there aren’t any errors. You can see the registered users by going to the XMPP admin interface at localhost:5280/admin.
Making sure things work ;)
This is a complex infrastructure so it can be hard to know what goes wrong sometimes. Do not despair, here are a few things to try:
Make sure your ejabberd is running. Connect to it normal client as the admin user.
Verify that http-binding is setup properly on ejabberd. Visiting http://localhost:5280/http-bind should tell you it’s working.
Verify that XMPP requests will get properly through your proxy. Visiting http://localhost:8080/http-bind/ should give you the same result as above.
When you start your Zope instance in foreground you can verify the Twisted reactor is running fine:
2011-09-01 14:37:38 INFO collective.xmpp.core Starting Twisted reactor... 2011-09-01 14:37:38 INFO collective.xmpp.core Twisted reactor started 2011-09-01 14:37:38 INFO Zope Ready to handle requests
After the first request to the site, you should also see in the logs:
2011-09-01 14:45:48 INFO collective.xmpp.core XMPP admin client has authenticated succesfully.
If your Plone user was succesfully registered on the XMPP server, logging-in to the Plone site with a user should also authenticate him with the XMPP server. This is indicated in the logs by:
2011-09-01 14:45:50 INFO collective.xmpp.core Pre-binded ggozad@localhost/auto-QravOoyEeE
Experimenting
Usage
Add a few users.
Login as one of them, and in a different browser as some other. Use the frontend to access the site, if you used the settings above this should be http://localhost:8080.
All actions are performed through the viewlet on the top right: Online users will display the users currently logged in. Clicking it will give you the list of users. You can message them directly or look at their personal feed.
Try posting an entry to your feed. Links will be transformed automatically. As soon as you submit other logged-in users will receive a notification in real-time. Using a recent browser that supports geolocation will allow you also share your location at the time of the post.
Try commenting on a feed post.
By clicking on the “Following” user action you can select which users you want to follow, or follow them all.
You can see all posts by clicking on Site feed on the viewlet.
Security
Included is an implementation of an authenticating client over BOSH according to XEP-0206. This practically means that the javascript client never needs to know the password of the XMPP user. Instead, the user is authenticated directly between the XMPP server and the Plone instance. A pair of secret tokens are exchanged, valid for a short time (~2 minutes). It is this pair that is given to the javascript client and not the password.
When a Plone user is registered on the XMPP server, a random password is generated and stored in the ZODB in a persistent utility.
If you do not need to access the XMPP accounts outside of the Plone instance you can additionally hide the entire XMPP service behind a firewall and only allow connections to it from the Plone instances. This in combination with HTTPS should be enough for the paranoid among us.
Testing
Some of the included tests are functional tests that require a XMPP server running on localhost as well as an administrator account setup up on this server with JID admin@localhost and password admin. If you wish to run those you have to specify a level 2 on your testrunner, i.e.:
./bin/test -a 2 -s collective.xmpp.core
You’ll also have to configure ejabberd to listen on port 5347 for external components.
The minimum requirement would be to add the following entry to the listen keyword::
{listen, [ % Add only the line below {{5347, {0,0,0,0} }, ejabberd_service, []} ] }
Tips for production deployment
Don’t cache @@xmpp-loader:
Make sure the ${site_url}/@@xmpp-loader URL isn’t cached. This view returns an authentication token which has to be different each time you reload your page.
If you cache this, the token won’t change and you won’t be able to communicate with the XMPP server.
Credits
Thanks goes Yiorgis Gozadinos (@ggozad) for writing jarn.xmpp.core and being the first to integrate XMPP into Plone.
Changelog
0.3 (2013-06-28)
Feature: Remove password from storage if jabber server returns not-authorized in order to try to create the user again as this error comes up when the password is still present but the jabber server doesn’t have the user anymore [ichim-david]
Feature: Log response from the jabber server when trying to bind client and it fails [ichim-david]
Bugfix: Could not get portrait data for users with custom profile pictures. [jcbrand]
Feature: Add a new controlpanel option to update all user’s vCards. [jcbrand]
Bugfix: When pre-binding, fetch admin user’s password from IXMPPSettings. [jcbrand]
0.2 (2013-03-20)
Feature: Include the user’s portrait in their vCard. [jcbrand]
Feature: Update the user’s vCard when they change their personal preferences. [jcbrand]
Bugfix: Last user’s roster suggestions ignored by XMPP server. [jcbrand]
0.1 (2013-03-15)
Released. [jcbrand]
0.1b8 (2013-03-09)
Bugfix. All xmpp passwords were cleared when deregistering a subset of users. [jcbrand]
0.1b7 (2013-03-05)
Previous release was broken. Didn’t include ZCML files. [jcbrand]
0.1b6 (2013-03-04)
Fixed rst issues when read by pypi which combines readme.rst and history.txt [ichim-david]
0.1b5 (2013-03-04)
Feature: “Completely wipe password storage” action is now traced under zope log. [alecghica]
Bugfix: ‘ComponentLookupError’ error when adding a local user. [alecghica]
Feature: added error image and ‘Unable to communicate with chat server’ message when unable to bind the user to jabber server [alecghica]
Feature: Add a VCard when registering a user on the XMPP server. [jcbrand]
Feature: Make manual user registration idempotent (ignore already registered users). [jcbrand]
Users are no longer registered upon creation. They must either be registered manually, or upon next logged in visit. [jcbrand]
0.1b4 (2013-02-02)
Bugfix for “Deregister All” in @@xmpp-user-setup page. Site root was not set in callback method. [jcbrand]
0.1b3 (2013-01-17)
Add option to completely clear the XMPP password utility. [jcbrand]
Add upgrade step to make sure the registry is reloaded so that the “auto-register on login” entry is added. [jcbrand]
Bugfix. Always get the XMPP virtual host from the registry. [jcbrand]
Bugfix. When auto-subscribing, LDAP users’ fullnames weren’t being shown. [jcbrand]
0.1b2 (2013-01-17)
Add a configuration setting to turn auto-register on login on. It’s disabled by default. [jcbrand]
0.1b1 (2013-01-16)
Feature: if not already registered, Plone users get registered on jabber server on login [alecghica]
Bugfix: no need to refresh browser for users registered on login, they are binded on the fly [alecghica]
Bugfix: “Deregister ALL Users” function, credentials were left un-deleted under IXMPPPasswordStorage resulting in various errors when registering/deregistering users [alecghica]
Bugfix: fixed subscribing when a new plone user is added [alecghica]
Bugfix: users were only being auto-subscribed to other users added in that current session [alecghica]
Bugfix: new users are now auto-subscribed only to existing XMPP users [alecghica]
0.1a8 (2012-12-13)
Bugfix. Check for GS profile version in dbconfig.py to avoid the instance not starting without having run the GS upgrade step. [jcbrand]
0.1a7 (2012-12-13)
Documentation updated with Apache config example. [alecghica]
Cleaned up dependencies that already ship with Plone [alecghica]
Made Products.UserAndGroupSelectionWidget package optional. Products.UserAndGroupSelectionWidget will be imported only if package version is greater then 2.0.4 as it brings dependencies like plone.dexterity witch conflict with other packages found in the current Plone release. [alecghica]
Fixed register users form to work for the case when Products.UserAndGroupSelectionWidget is not installed/used [alecghica]
Added info on how to make plone.dexterity optional [alecghica]
Explicitly store XMPP server’s hostname instead of only using the XMPP domain. Also store the port number instead of only using the default. [jcbrand]
Allow the configuration of the registry settings via buildout. See dbconfig.py [jcbrand]
0.1a6 (2012-11-22)
Added Spanish translation. [macagua]
Added improvements about i18n support. [macagua]
Bugfix. Prevent getAllMemberIds from returning duplicates. [jcbrand]
0.1a5 (2012-11-19)
Fixed RST formatting bugs. [jcbrand]
0.1a4 (2012-11-19)
Documentation updated [jcbrand]
Fixed HISTORY.txt markup [alecghica]
Fixed version used for Products.UserAndGroupSelectionWidget to >2.04 as earlier version will crash due to API changes [alecghica]
Bugfix. Password utility forgets user passwords when a user is registered. [jcbrand]
0.1a3 (2012-11-09)
Bugfix for RuntimeError that might occur when upgrading from 0.1a1 to 0.1a2 [jcbrand]
0.1a2 (2012-11-09)
Add control panel configlet for configuration and registering XMPP users. [jcbrand]
Add support for PAS plugins (such as LDAP). [jcbrand]
0.1a1 (2012-10-18)
Forked from jarn.xmpp.core 0.34 [jcbrand]
Merged in jarn.xmpp.twisted 0.1 [jcbrand]
Removed all PubSub and Messaging related features. [jcbrand]
Add browserlayer and check for it when handling events. [jcbrand]
Fixed the @@setup-xmpp script to only register the next user once the previous one has finished. [jcbrand]
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file collective.xmpp.core-0.3.zip
.
File metadata
- Download URL: collective.xmpp.core-0.3.zip
- Upload date:
- Size: 161.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | e1f0ccfcb3f35cb23aa5e681961c3b8d573b3ac86878d3034236ecdc423901fd |
|
MD5 | 9242dd6eec2d8a1cbae9bb63b341817d |
|
BLAKE2b-256 | a8f567b70f52e83e57ca0a7cd6894c5f9974d39af0eceb30eb0ec3bccdbf63ae |