Room passwords

[nickvergessen]

Fix #36

• Add password field to room table
• Allow to set the password via API
• Require the field when joining a public call
• UI to set the password
• UI for entering the password
• Adjust docs
• Only allow participant list after entering the password
• Make "self joined users" leave the participant list when they leave the room
• Integration tests

[leonklingele-work]

Use hash_equals instead of !== to compare secret with user-provided value.

[nickvergessen]

Well we don't compare hashes yet. Also see the note in docs:
http://php.net/manual/en/function.hash-equals.php

Both arguments must be of the same length to be compared successfully. When arguments of differing length are supplied, FALSE is returned immediately and the length of the known string may be leaked in case of a timing attack.

Also I'm pretty sure you can not do timing attacks against nextcloud apis 🙈

[leonklingele-work]

hash_equals can be used to compare any kind of strings, be it hashes or PINs.
Leaking the length of the secret is fine, it is specified in this open source code after all.

Also I'm pretty sure you can not do timing attacks against nextcloud apis

I wouldn't bet on that.

[nickvergessen]

Leaking the length of the secret is fine, it is specified in this open source code after all.

1. There is no secret neither PINs, we have a room password here
2. The length is unknown, since it will be provided by the owner of the room
3. It's not specified in any code Oo?

Don't get me wrong, we will do our best to make this more secure in the end after the basic functionality works, but there seem to be a couple of misunderstandings here.

[nickvergessen]

It's now using OCP\Security\IHasher

[leonklingele-work]

hash_equals

[leonklingele-work]

Where is this value ever read from the database?

[nickvergessen]

In the manager

[codecov]

Codecov Report

Merging #402 into master will decrease coverage by 0.47%.
The diff coverage is 0%.

@@             Coverage Diff              @@
##             master     #402      +/-   ##
============================================
- Coverage     11.02%   10.55%   -0.48%     
- Complexity      388      406      +18     
============================================
  Files            24       25       +1     
  Lines          1832     1914      +82     
============================================
  Hits            202      202              
- Misses         1630     1712      +82

Impacted Files	Coverage Δ	Complexity Δ
lib/Manager.php	0% <0%> (ø)	56 <1> (ø)	⬇️
appinfo/routes.php	0% <0%> (ø)	0 <0> (ø)	⬇️
lib/Controller/CallController.php	0% <0%> (ø)	22 <5> (+8)	⬆️
lib/Controller/RoomController.php	0% <0%> (ø)	112 <23> (+2)	⬆️
lib/Migration/Version2001Date20170921145301.php	0% <0%> (ø)	1 <1> (?)
lib/Room.php	0% <0%> (ø)	55 <13> (+7)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 07f425d...9257615. Read the comment docs.

[nickvergessen]

@Ivansss seems like signaling is going crazy with this:

The thing is, joinCall() returns 403 Forbidden so the user is not joining any call.
But the signaling already starts polling all the time and is kicked out (because there is no session) and restarts...

So signaling should only start on success of InternalSignaling.prototype.joinCall but not on error. any idea where I can find it and how to do it?

[nickvergessen]

@fancycode as per above, we are adding room passwords which need to be passed in while joining a room (as guest or internal user which follows a public link and was not added as a participant before)
This should extend the InternalSignaling.prototype.joinCall method to take an additional password argument which is then send to the server.

Please also see the commit above: 14e79c5

can you confirm this will also work on your signaling?

(and btw little offtopic, is signaling written with 2 L or 1 L, until now we had 2 everywhere, but your new JS class is single L?) => 39fe6f1

[nickvergessen]

Ready for first functional testing

Remaining todos:

• decide which information is available for guests without entering the password
  Currently participant list is callable without having a valid session (password confirmed)

[nickvergessen]

Actually it would be nice to have the room object in here so we can show the name, if that is okay to leak...

[nickvergessen]

Ready for testing now

[Ivansss]

Tested and works 👍