diff options
| -rw-r--r-- | css/authenticate.css | 26 | ||||
| -rw-r--r-- | js/authenticate.js | 9 | ||||
| -rw-r--r-- | js/signaling.js | 3 | ||||
| -rw-r--r-- | lib/Controller/CallController.php | 6 | ||||
| -rw-r--r-- | lib/Controller/PageController.php | 48 | ||||
| -rw-r--r-- | lib/Room.php | 18 | ||||
| -rw-r--r-- | templates/authenticate.php | 25 |
7 files changed, 123 insertions, 12 deletions
diff --git a/css/authenticate.css b/css/authenticate.css new file mode 100644 index 000000000..9b2d67692 --- /dev/null +++ b/css/authenticate.css @@ -0,0 +1,26 @@ +form fieldset { + display: flex !important; + flex-direction: column; +} + +#password { + margin-right: 0 !important; + border-top-right-radius: 0; + border-bottom-right-radius: 0; + height: 45px; + flex: 1 1 auto; + width: 100% !important; + min-width: 0; /* FF hack for to override default value */ +} + +input[type='submit'] { + width: 45px; + height: 45px; + margin-left: 0 !important; + border-top-left-radius: 0; + border-bottom-left-radius: 0; +} + +fieldset > p { + display: inline-flex; +} diff --git a/js/authenticate.js b/js/authenticate.js new file mode 100644 index 000000000..7f3f0d0a7 --- /dev/null +++ b/js/authenticate.js @@ -0,0 +1,9 @@ +$(document).ready(function(){ + $('#password').on('keyup input change', function() { + if ($('#password').val().length > 0) { + $('#password-submit').prop('disabled', false); + } else { + $('#password-submit').prop('disabled', true); + } + }); +}); diff --git a/js/signaling.js b/js/signaling.js index 914fcd41a..8804e2b88 100644 --- a/js/signaling.js +++ b/js/signaling.js @@ -207,7 +207,8 @@ } if (result.status === 403) { - // Invalid password + // This should not happen anymore since we ask for the password before + // even trying to join the call, but let's keep it for now. OC.dialogs.prompt( t('spreed', 'Please enter the password for this call'), t('spreed','Password required'), diff --git a/lib/Controller/CallController.php b/lib/Controller/CallController.php index 224510de4..00f5b3630 100644 --- a/lib/Controller/CallController.php +++ b/lib/Controller/CallController.php @@ -29,7 +29,6 @@ use OCA\Spreed\Exceptions\InvalidPasswordException; use OCA\Spreed\Exceptions\ParticipantNotFoundException; use OCA\Spreed\Exceptions\RoomNotFoundException; use OCA\Spreed\Manager; -use OCA\Spreed\Participant; use OCA\Spreed\Signaling\Messages; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataResponse; @@ -150,18 +149,19 @@ class CallController extends OCSController { try { if ($this->userId !== null) { $sessionIds = $this->manager->getSessionIdsForUser($this->userId); - $newSessionId = $room->enterRoomAsUser($this->userId, $password); + $newSessionId = $room->enterRoomAsUser($this->userId, $password, $this->session->get('spreed-password') === $room->getToken()); if (!empty($sessionIds)) { $this->messages->deleteMessages($sessionIds); } } else { - $newSessionId = $room->enterRoomAsGuest($password); + $newSessionId = $room->enterRoomAsGuest($password, $this->session->get('spreed-password') === $room->getToken()); } } catch (InvalidPasswordException $e) { return new DataResponse([], Http::STATUS_FORBIDDEN); } + $this->session->remove('spreed-password'); $this->session->set('spreed-session', $newSessionId); $room->ping($this->userId, $newSessionId, time()); diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php index 12171edb8..884500552 100644 --- a/lib/Controller/PageController.php +++ b/lib/Controller/PageController.php @@ -24,8 +24,10 @@ namespace OCA\Spreed\Controller; use OC\HintException; +use OCA\Spreed\Exceptions\ParticipantNotFoundException; use OCA\Spreed\Exceptions\RoomNotFoundException; use OCA\Spreed\Manager; +use OCA\Spreed\Participant; use OCA\Spreed\Room; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; @@ -34,6 +36,7 @@ use OCP\AppFramework\Http\RedirectResponse; use OCP\AppFramework\Http\TemplateResponse; use OCP\ILogger; use OCP\IRequest; +use OCP\ISession; use OCP\IURLGenerator; use OCP\Notification\IManager; @@ -42,6 +45,8 @@ class PageController extends Controller { private $userId; /** @var RoomController */ private $api; + /** @var ISession */ + private $session; /** @var ILogger */ private $logger; /** @var Manager */ @@ -55,6 +60,7 @@ class PageController extends Controller { * @param string $appName * @param IRequest $request * @param RoomController $api + * @param ISession $session * @param string $UserId * @param ILogger $logger * @param Manager $manager @@ -64,14 +70,16 @@ class PageController extends Controller { public function __construct($appName, IRequest $request, RoomController $api, + ISession $session, $UserId, ILogger $logger, Manager $manager, IURLGenerator $url, IManager $notificationManager) { parent::__construct($appName, $request); - $this->userId = $UserId; $this->api = $api; + $this->session = $session; + $this->userId = $UserId; $this->logger = $logger; $this->manager = $manager; $this->url = $url; @@ -81,15 +89,17 @@ class PageController extends Controller { /** * @PublicPage * @NoCSRFRequired + * @UseSession * * @param string $token * @param string $callUser + * @param string $password * @return TemplateResponse|RedirectResponse * @throws HintException */ - public function index($token = '', $callUser = '') { + public function index($token = '', $callUser = '', $password = '') { if ($this->userId === null) { - return $this->guestEnterRoom($token); + return $this->guestEnterRoom($token, $password); } if ($token !== '') { @@ -116,6 +126,26 @@ class PageController extends Controller { // Room not found, redirect to main page $token = ''; } + + $this->session->remove('spreed-password'); + + if ($room->hasPassword()) { + // If the user joined themselves or is not found, they need the password. + try { + $participant = $room->getParticipant($this->userId); + $requirePassword = $participant->getParticipantType() === Participant::USER_SELF_JOINED; + } catch (ParticipantNotFoundException $e) { + $requirePassword = true; + } + + if ($requirePassword) { + if ($password !== '' && $room->verifyPassword($password)) { + $this->session->set('spreed-password', $token); + } else { + return new TemplateResponse($this->appName, 'authenticate', [], 'guest'); + } + } + } } else { $response = $this->api->createRoom(Room::ONE_TO_ONE_CALL, $callUser); if ($response->getStatus() !== Http::STATUS_NOT_FOUND) { @@ -137,10 +167,11 @@ class PageController extends Controller { /** * @param string $token + * @param string $password * @return TemplateResponse|RedirectResponse * @throws HintException */ - protected function guestEnterRoom($token) { + protected function guestEnterRoom($token, $password) { try { $room = $this->manager->getRoomByToken($token); if ($room->getType() !== Room::PUBLIC_CALL) { @@ -152,6 +183,15 @@ class PageController extends Controller { ])); } + $this->session->remove('spreed-password'); + if ($room->hasPassword()) { + if ($password !== '' && $room->verifyPassword($password)) { + $this->session->set('spreed-password', $token); + } else { + return new TemplateResponse($this->appName, 'authenticate', [], 'guest'); + } + } + $params = [ 'token' => $token, ]; diff --git a/lib/Room.php b/lib/Room.php index e6f06ad5d..841114570 100644 --- a/lib/Room.php +++ b/lib/Room.php @@ -419,10 +419,11 @@ class Room { /** * @param string $userId * @param string $password + * @param bool $passedPasswordProtection * @return string * @throws InvalidPasswordException */ - public function enterRoomAsUser($userId, $password) { + public function enterRoomAsUser($userId, $password, $passedPasswordProtection = false) { $this->dispatcher->dispatch(self::class . '::preUserEnterRoom', new GenericEvent($this)); $this->disconnectUserFromAllRooms($userId); @@ -438,7 +439,7 @@ class Room { $result = $query->execute(); if ($result === 0) { - if ($this->hasPassword() && !$this->hasher->verify($password, $this->password)) { + if (!$passedPasswordProtection && !$this->verifyPassword($password)) { throw new InvalidPasswordException(); } @@ -487,13 +488,14 @@ class Room { /** * @param string $password + * @param bool $passedPasswordProtection * @return string * @throws InvalidPasswordException */ - public function enterRoomAsGuest($password) { + public function enterRoomAsGuest($password, $passedPasswordProtection = false) { $this->dispatcher->dispatch(self::class . '::preGuestEnterRoom', new GenericEvent($this)); - if ($this->hasPassword() && !$this->hasher->verify($password, $this->password)) { + if (!$passedPasswordProtection && !$this->verifyPassword($password)) { throw new InvalidPasswordException(); } @@ -514,6 +516,14 @@ class Room { } /** + * @param string $password + * @return bool + */ + public function verifyPassword($password) { + return !$this->hasPassword() || $this->hasher->verify($password, $this->password); + } + + /** * @param string $sessionId * @return bool */ diff --git a/templates/authenticate.php b/templates/authenticate.php new file mode 100644 index 000000000..334b3f5b7 --- /dev/null +++ b/templates/authenticate.php @@ -0,0 +1,25 @@ +<?php + /** @var $_ array */ + /** @var $l \OCP\IL10N */ + style('spreed', 'authenticate'); + script('spreed', 'authenticate'); +?> +<form method="post"> + <fieldset class="warning"> + <?php if (!isset($_['wrongpw'])){ ?> + <div class="warning-info"><?php p($l->t('This call is password-protected')); ?></div> + <?php } else { ?> + <div class="warning"><?php p($l->t('The password is wrong. Try again.')); ?></div> + <?php } ?> + <p> + <label for="password" class="infield"><?php p($l->t('Password')); ?></label> + <input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" /> + <input type="password" name="password" id="password" + placeholder="<?php p($l->t('Password')); ?>" value="" + autocomplete="off" autocapitalize="off" autocorrect="off" + autofocus /> + <input type="submit" id="password-submit" + class="svg icon-confirm input-button-inline" value="" disabled="disabled" /> + </p> + </fieldset> +</form> |