Fix signed token auth not work on join to the videoroom #2810 #2812
Conversation
auth.h
Outdated
| @@ -42,7 +42,7 @@ gboolean janus_auth_check_signature(const char *token, const char *realm); | |||
| * @param[in] token The token to validate | |||
| * @param[in] realm The token realm | |||
| * @param[in] desc The descriptor to search for | |||
| * @returns TRUE if the token is valid, not expired and contains the descriptor, FALSE otherwise */ | |||
| * @returns When the token based authentication enabled: TRUE if the token is valid, not expired and contains the descriptor, FALSE otherwise. When the token based authentication disabled: always TRUE. */ | |||
There was a problem hiding this comment.
I'd say "is enabled", rather than just "enabled", in both additions.
plugins/janus_videoroom.c
Outdated
| @@ -1162,6 +1162,7 @@ room-<unique room ID>: { | |||
|
|
|||
| #include "plugin.h" | |||
|
|
|||
| #include <string.h> | |||
There was a problem hiding this comment.
I don't think this is necessary.
| @@ -2997,10 +2998,13 @@ static int janus_videoroom_access_room(json_t *root, gboolean check_modify, gboo | |||
| /* signed tokens bypass pin validation */ | |||
| json_t *token = json_object_get(root, "token"); | |||
| if(token) { | |||
| char room_descriptor[26]; | |||
| char room_descriptor[100]; | |||
There was a problem hiding this comment.
Was this the actual cause of the issue? A string that was too small, and so was only containing a partial representation of the required token causing comparisons and checks to fail?
There was a problem hiding this comment.
This affects on checking rooms with id in UUID format, the description have to be: room=3edb0cdd-7173-481d-82f0-5eb31937d20f but when it has only 26 characters it's looks like: room=3edb0cdd-7173-481d-82 and when we do strcmp we have not equal result.
plugins/janus_videoroom.c
Outdated
| if(gateway->auth_signature_contains(&janus_videoroom_plugin, json_string_value(token), room_descriptor)) | ||
| return 0; | ||
| if(!gateway->auth_signature_contains(&janus_videoroom_plugin, json_string_value(token), room_descriptor)) { | ||
| g_snprintf(error_cause, error_cause_size, "Unauthorized (wrong token %s)", token); |
There was a problem hiding this comment.
This is missing the if(error_cause) the other error management lines of code have, as error_cause may be NULL.
timsolov
force-pushed
the
fix-signed-token-auth
branch
from
8f1219e
to
661f25a
Compare
|
Thanks for the quick fixes! This looks good to me, so I'll merge 👍 |
Fixes #2810