Merge pull request #433 from nextcloud/ask-for-password-in-plain-mode

Don't use popup to ask for the password but the "blue screen"

css/authenticate.css

@@ -0,0 +1,26 @@
+form fieldset {
+	display: flex !important;
+	flex-direction: column;
+}
+
+#password {
+	margin-right: 0 !important;
+	border-top-right-radius: 0;
+	border-bottom-right-radius: 0;
+	height: 45px;
+	flex: 1 1 auto;
+	width: 100% !important;
+	min-width: 0; /* FF hack for to override default value */
+}
+
+input[type='submit'] {
+	width: 45px;
+	height: 45px;
+	margin-left: 0 !important;
+	border-top-left-radius: 0;
+	border-bottom-left-radius: 0;
+}
+
+fieldset > p {
+	display: inline-flex;
+}

js/authenticate.js

@@ -0,0 +1,9 @@
+$(document).ready(function(){
+	$('#password').on('keyup input change', function() {
+		if ($('#password').val().length > 0) {
+			$('#password-submit').prop('disabled', false);
+		} else {
+			$('#password-submit').prop('disabled', true);
+		}
+	});
+});

js/signaling.js

@@ -207,7 +207,8 @@
 				}
 
 				if (result.status === 403) {
-					// Invalid password
+					// This should not happen anymore since we ask for the password before
+					// even trying to join the call, but let's keep it for now.
 					OC.dialogs.prompt(
 						t('spreed', 'Please enter the password for this call'),
 						t('spreed','Password required'),

lib/Controller/CallController.php

@@ -29,7 +29,6 @@ use OCA\Spreed\Exceptions\InvalidPasswordException;
 use OCA\Spreed\Exceptions\ParticipantNotFoundException;
 use OCA\Spreed\Exceptions\RoomNotFoundException;
 use OCA\Spreed\Manager;
-use OCA\Spreed\Participant;
 use OCA\Spreed\Signaling\Messages;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\DataResponse;
@@ -150,18 +149,19 @@ class CallController extends OCSController {
 		try {
 			if ($this->userId !== null) {
 				$sessionIds = $this->manager->getSessionIdsForUser($this->userId);
-				$newSessionId = $room->enterRoomAsUser($this->userId, $password);
+				$newSessionId = $room->enterRoomAsUser($this->userId, $password, $this->session->get('spreed-password') === $room->getToken());
 
 				if (!empty($sessionIds)) {
 					$this->messages->deleteMessages($sessionIds);
 				}
 			} else {
-				$newSessionId = $room->enterRoomAsGuest($password);
+				$newSessionId = $room->enterRoomAsGuest($password, $this->session->get('spreed-password') === $room->getToken());
 			}
 		} catch (InvalidPasswordException $e) {
 			return new DataResponse([], Http::STATUS_FORBIDDEN);
 		}
 
+		$this->session->remove('spreed-password');
 		$this->session->set('spreed-session', $newSessionId);
 		$room->ping($this->userId, $newSessionId, time());
 

lib/Controller/PageController.php

@@ -24,8 +24,10 @@
 namespace OCA\Spreed\Controller;
 
 use OC\HintException;
+use OCA\Spreed\Exceptions\ParticipantNotFoundException;
 use OCA\Spreed\Exceptions\RoomNotFoundException;
 use OCA\Spreed\Manager;
+use OCA\Spreed\Participant;
 use OCA\Spreed\Room;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
@@ -34,6 +36,7 @@ use OCP\AppFramework\Http\RedirectResponse;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\ILogger;
 use OCP\IRequest;
+use OCP\ISession;
 use OCP\IURLGenerator;
 use OCP\Notification\IManager;
 
@@ -42,6 +45,8 @@ class PageController extends Controller {
 	private $userId;
 	/** @var RoomController */
 	private $api;
+	/** @var ISession */
+	private $session;
 	/** @var ILogger */
 	private $logger;
 	/** @var Manager */
@@ -55,6 +60,7 @@ class PageController extends Controller {
 	 * @param string $appName
 	 * @param IRequest $request
 	 * @param RoomController $api
+	 * @param ISession $session
 	 * @param string $UserId
 	 * @param ILogger $logger
 	 * @param Manager $manager
@@ -64,14 +70,16 @@ class PageController extends Controller {
 	public function __construct($appName,
 								IRequest $request,
 								RoomController $api,
+								ISession $session,
 								$UserId,
 								ILogger $logger,
 								Manager $manager,
 								IURLGenerator $url,
 								IManager $notificationManager) {
 		parent::__construct($appName, $request);
-		$this->userId = $UserId;
 		$this->api = $api;
+		$this->session = $session;
+		$this->userId = $UserId;
 		$this->logger = $logger;
 		$this->manager = $manager;
 		$this->url = $url;
@@ -81,15 +89,17 @@ class PageController extends Controller {
 	/**
 	 * @PublicPage
 	 * @NoCSRFRequired
+	 * @UseSession
 	 *
 	 * @param string $token
 	 * @param string $callUser
+	 * @param string $password
 	 * @return TemplateResponse|RedirectResponse
 	 * @throws HintException
 	 */
-	public function index($token = '', $callUser = '') {
+	public function index($token = '', $callUser = '', $password = '') {
 		if ($this->userId === null) {
-			return $this->guestEnterRoom($token);
+			return $this->guestEnterRoom($token, $password);
 		}
 
 		if ($token !== '') {
@@ -116,6 +126,26 @@ class PageController extends Controller {
 				// Room not found, redirect to main page
 				$token = '';
 			}
+
+			$this->session->remove('spreed-password');
+
+			if ($room->hasPassword()) {
+				// If the user joined themselves or is not found, they need the password.
+				try {
+					$participant = $room->getParticipant($this->userId);
+					$requirePassword = $participant->getParticipantType() === Participant::USER_SELF_JOINED;
+				} catch (ParticipantNotFoundException $e) {
+					$requirePassword = true;
+				}
+
+				if ($requirePassword) {
+					if ($password !== '' && $room->verifyPassword($password)) {
+						$this->session->set('spreed-password', $token);
+					} else {
+						return new TemplateResponse($this->appName, 'authenticate', [], 'guest');
+					}
+				}
+			}
 		} else {
 			$response = $this->api->createRoom(Room::ONE_TO_ONE_CALL, $callUser);
 			if ($response->getStatus() !== Http::STATUS_NOT_FOUND) {
@@ -137,10 +167,11 @@ class PageController extends Controller {
 
 	/**
 	 * @param string $token
+	 * @param string $password
 	 * @return TemplateResponse|RedirectResponse
 	 * @throws HintException
 	 */
-	protected function guestEnterRoom($token) {
+	protected function guestEnterRoom($token, $password) {
 		try {
 			$room = $this->manager->getRoomByToken($token);
 			if ($room->getType() !== Room::PUBLIC_CALL) {
@@ -152,6 +183,15 @@ class PageController extends Controller {
 			]));
 		}
 
+		$this->session->remove('spreed-password');
+		if ($room->hasPassword()) {
+			if ($password !== '' && $room->verifyPassword($password)) {
+				$this->session->set('spreed-password', $token);
+			} else {
+				return new TemplateResponse($this->appName, 'authenticate', [], 'guest');
+			}
+		}
+
 		$params = [
 			'token' => $token,
 		];

lib/Room.php

@@ -419,10 +419,11 @@ class Room {
 	/**
 	 * @param string $userId
 	 * @param string $password
+	 * @param bool $passedPasswordProtection
 	 * @return string
 	 * @throws InvalidPasswordException
 	 */
-	public function enterRoomAsUser($userId, $password) {
+	public function enterRoomAsUser($userId, $password, $passedPasswordProtection = false) {
 		$this->dispatcher->dispatch(self::class . '::preUserEnterRoom', new GenericEvent($this));
 
 		$this->disconnectUserFromAllRooms($userId);
@@ -438,7 +439,7 @@ class Room {
 		$result = $query->execute();
 
 		if ($result === 0) {
-			if ($this->hasPassword() && !$this->hasher->verify($password, $this->password)) {
+			if (!$passedPasswordProtection && !$this->verifyPassword($password)) {
 				throw new InvalidPasswordException();
 			}
 
@@ -487,13 +488,14 @@ class Room {
 
 	/**
 	 * @param string $password
+	 * @param bool $passedPasswordProtection
 	 * @return string
 	 * @throws InvalidPasswordException
 	 */
-	public function enterRoomAsGuest($password) {
+	public function enterRoomAsGuest($password, $passedPasswordProtection = false) {
 		$this->dispatcher->dispatch(self::class . '::preGuestEnterRoom', new GenericEvent($this));
 
-		if ($this->hasPassword() && !$this->hasher->verify($password, $this->password)) {
+		if (!$passedPasswordProtection && !$this->verifyPassword($password)) {
 			throw new InvalidPasswordException();
 		}
 
@@ -513,6 +515,14 @@ class Room {
 		return $sessionId;
 	}
 
+	/**
+	 * @param string $password
+	 * @return bool
+	 */
+	public function verifyPassword($password) {
+		return !$this->hasPassword() || $this->hasher->verify($password, $this->password);
+	}
+
 	/**
 	 * @param string $sessionId
 	 * @return bool

templates/authenticate.php

@@ -0,0 +1,25 @@
+<?php
+	/** @var $_ array */
+	/** @var $l \OCP\IL10N */
+	style('spreed', 'authenticate');
+	script('spreed', 'authenticate');
+?>
+<form method="post">
+	<fieldset class="warning">
+		<?php if (!isset($_['wrongpw'])){ ?>
+			<div class="warning-info"><?php p($l->t('This call is password-protected')); ?></div>
+		<?php } else { ?>
+			<div class="warning"><?php p($l->t('The password is wrong. Try again.')); ?></div>
+		<?php } ?>
+		<p>
+			<label for="password" class="infield"><?php p($l->t('Password')); ?></label>
+			<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" />
+			<input type="password" name="password" id="password"
+				placeholder="<?php p($l->t('Password')); ?>" value=""
+				autocomplete="off" autocapitalize="off" autocorrect="off"
+				autofocus />
+			<input type="submit" id="password-submit" 
+				class="svg icon-confirm input-button-inline" value="" disabled="disabled" />
+		</p>
+	</fieldset>
+</form>