====== How to restrict calls to only registered users ======


There are a couple of ways to authenticate INVITEs.

Using membership in the grp table you can try the following:

  if (!is_user_in("From", "active")) {
    exit;
  };

You need to insert a username, domain and grp="active" into the grp table for the above test to pass.

If you would like to use AVP's, the following example might work for you:

  if (avp_db_load("$from/username", "s:active")) {
    if (!avp_check("s:active", "eq/y/i")) {
    exit;
    };
  };

You need to insert a username, domain, attribute="active", value="y" in the usr_preferences for the above test to pass.

Another (or additional) test would be to execute the following logic:

  if (is_method("INVITE") && !allow_trusted()) {
    if (!proxy_authorize("", "subscriber")) {
      proxy_challenge("", "0");
      exit;
    } else if (!check_from()) {
      sl_send_reply("403", "Unauthorized: From username does not match digest credentials");
      exit;
    } else {
      append_rpid_hf();
    };
      consume_credentials();
  };

It is possible to use all three methods above at the same time to provide granular control over INVITEs.