From 0a0b0a760e7be3dbbf9b24b6c36e9909d256e968 Mon Sep 17 00:00:00 2001
From: damencho <damencho@jitsi.org>
Date: Wed, 31 Jan 2024 16:24:28 -0600
Subject: [PATCH] fix: Fixes promoting the only moderator in a non vpass
 meeting.

---
 resources/prosody-plugins/mod_fmuc.lua               |  6 ++++++
 .../prosody-plugins/mod_measure_message_count.lua    |  9 +++++++++
 resources/prosody-plugins/mod_visitors_component.lua | 12 ++++++++----
 resources/prosody-plugins/token/util.lib.lua         | 10 ++++++++++
 4 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/resources/prosody-plugins/mod_fmuc.lua b/resources/prosody-plugins/mod_fmuc.lua
index 5b8e4fed31..177583ecb0 100644
--- a/resources/prosody-plugins/mod_fmuc.lua
+++ b/resources/prosody-plugins/mod_fmuc.lua
@@ -244,6 +244,12 @@ module:hook('muc-broadcast-presence', function (event)
             -- so we can be auto promoted
             if identity and identity.id then
                 user_id = session.jitsi_meet_context_user.id;
+
+                -- non-vpass and having a token in correct tenant is considered a moderator
+                if session.jitsi_meet_str_tenant
+                    and session.jitsi_web_query_prefix == string.lower(session.jitsi_meet_str_tenant) then
+                    is_moderator = true;
+                end
             end
         end
 
diff --git a/resources/prosody-plugins/mod_measure_message_count.lua b/resources/prosody-plugins/mod_measure_message_count.lua
index 51b06d9dd5..8d3d672911 100644
--- a/resources/prosody-plugins/mod_measure_message_count.lua
+++ b/resources/prosody-plugins/mod_measure_message_count.lua
@@ -62,6 +62,7 @@ function send_event(room)
     local event_properties = {
         messages_count = room._muc_messages_count or 0;
         polls_count = room._muc_polls_count or 0;
+        tenant_mismatch = room.jitsi_meet_tenant_mismatch or false;
     };
 
     if room.created_timestamp then
@@ -153,5 +154,13 @@ module:hook('message/full', on_message); -- private messages
 module:hook('message/bare', on_message); -- room messages
 
 module:hook('muc-room-destroyed', room_destroyed, -1);
+module:hook("muc-occupant-left", function(event)
+    local occupant, room = event.occupant, event.room;
+    local session = event.origin;
+
+    if session.jitsi_meet_tenant_mismatch then
+        room.jitsi_meet_tenant_mismatch = true;
+    end
+end);
 
 module:hook('poll-created', poll_created);
diff --git a/resources/prosody-plugins/mod_visitors_component.lua b/resources/prosody-plugins/mod_visitors_component.lua
index f25dcd42c3..b95aeb4d3e 100644
--- a/resources/prosody-plugins/mod_visitors_component.lua
+++ b/resources/prosody-plugins/mod_visitors_component.lua
@@ -131,7 +131,7 @@ local function request_promotion_received(room, from_jid, from_vnode, nick, time
 
             -- let's send a notification to every moderator
             for _, occupant in room:each_occupant() do
-                if occupant.role == 'moderator' then
+                if occupant.role == 'moderator' and not is_admin(occupant.bare_jid) then
                     send_json_message(occupant.jid, msg_to_send);
                 end
             end
@@ -217,9 +217,13 @@ local function stanza_handler(event)
 
         local force_promote = request_promotion.attr.forcePromote;
         if force_promote == 'true' and not is_vpaas(room) then
-            module:log('warn', 'Received promotion request for non vpaas room (%s) with forced promotion: ',
-                                room.jid, stanza);
-            return true; -- stop processing
+            -- allow force promote only in case there are no moderators in the room
+            for _, occupant in room:each_occupant() do
+                if occupant.role == 'moderator' and not is_admin(occupant.bare_jid) then
+                    force_promote = false;
+                    break;
+                end
+            end
         end
 
         local display_name = visitors_iq:get_child_text('nick', 'http://jabber.org/protocol/nick');
diff --git a/resources/prosody-plugins/token/util.lib.lua b/resources/prosody-plugins/token/util.lib.lua
index e2859bd00a..68b847c50c 100644
--- a/resources/prosody-plugins/token/util.lib.lua
+++ b/resources/prosody-plugins/token/util.lib.lua
@@ -283,6 +283,8 @@ function Util:process_and_verify_token(session, acceptedIssuers)
 
         -- Binds the user details to the session if available
         if claims["context"] ~= nil then
+          session.jitsi_meet_str_tenant = claims["context"]["tenant"];
+
           if claims["context"]["user"] ~= nil then
             session.jitsi_meet_context_user = claims["context"]["user"];
           end
@@ -408,6 +410,14 @@ function Util:verify_room(session, room_address)
         end
     end
 
+    if session.jitsi_meet_str_tenant
+        and string.lower(session.jitsi_meet_str_tenant) ~= session.jitsi_web_query_prefix then
+        module:log('warn', 'Tenant differs for user:%s group:%s url_tenant:%s token_tenant:%s',
+            inspect(session.jitsi_meet_context_user), session.jitsi_meet_context_group,
+            session.jitsi_web_query_prefix, session.jitsi_meet_str_tenant);
+        session.jitsi_meet_tenant_mismatch = true;
+    end
+
     local auth_domain = string.lower(session.jitsi_meet_domain);
     local subdomain_to_check;
     if target_subdomain then