mirror of
https://github.com/dani/vroom.git
synced 2024-06-01 05:01:41 +02:00
Store join paswword hashed
Do not trade security and privacy for convenience
This commit is contained in:
parent
e394b8d911
commit
cea2189774
|
@ -18,7 +18,6 @@ our %Lexicon = (
|
|||
"A_WEBCAM" => "A webcam",
|
||||
"A_MIC" => "A microphone",
|
||||
"WHEN_YOU_ARE_READY" => "When you are ready, go to this address to join the conference",
|
||||
"YOU_WILL_NEED_THIS_PASSWORD" => "The following password is needed to join the room",
|
||||
"HAVE_A_NICE_MEETING" => "Have a nice meeting :-)",
|
||||
"EMAIL_SIGN" => "VROOM! And video conferencing becomes free, simple and safe",
|
||||
"FEEDBACK" => "Feedback",
|
||||
|
|
|
@ -20,7 +20,6 @@ our %Lexicon = (
|
|||
"A_WEBCAM" => "Une webcam",
|
||||
"A_MIC" => "Un micro",
|
||||
"WHEN_YOU_ARE_READY" => "Quand vous êtes prêt, rendez-vous sur cette adresse pour joindre la conférence",
|
||||
"YOU_WILL_NEED_THIS_PASSWORD" => "Le mot de passe suivant est nécessaire pour rejoindre le salon",
|
||||
"HAVE_A_NICE_MEETING" => "Bonne réunion :-)",
|
||||
"EMAIL_SIGN" => "VROOM! Et la visio conférence devient libre, simple et sûr",
|
||||
"FEEDBACK" => "Retour d'expérience",
|
||||
|
|
|
@ -244,6 +244,7 @@ helper set_join_pass => sub {
|
|||
my ($room,$pass) = @_;
|
||||
return undef unless ( %{ $self->get_room($room) });
|
||||
my $sth = eval { $self->db->prepare("UPDATE rooms SET join_password=? where name=?;") } || return undef;
|
||||
$pass = ($pass) ? Crypt::SaltedHash->new(algorithm => 'SHA-256')->add($pass)->generate : undef;
|
||||
$sth->execute($pass,$room) || return undef;
|
||||
if ($pass){
|
||||
$self->app->log->debug($self->session('name') . " has set a password on room $room");
|
||||
|
@ -261,9 +262,8 @@ helper set_owner_pass => sub {
|
|||
return undef unless ( %{ $self->get_room($room) });
|
||||
if ($pass){
|
||||
my $sth = eval { $self->db->prepare("UPDATE rooms SET owner_password=?,persistent='1' where name=?;") } || return undef;
|
||||
my $csh = Crypt::SaltedHash->new(algorithm => 'SHA-256');
|
||||
$csh->add($pass);
|
||||
$sth->execute($csh->generate,$room) || return undef;
|
||||
my $pass = Crypt::SaltedHash->new(algorithm => 'SHA-256')->add($pass)->generate;
|
||||
$sth->execute($pass,$room) || return undef;
|
||||
$self->app->log->debug($self->session('name') . " has set an owner password on room $room, which is now persistent");
|
||||
}
|
||||
else{
|
||||
|
@ -380,7 +380,7 @@ post '/password/(:room)' => sub {
|
|||
$self->session($room => {role => 'owner'});
|
||||
$self->redirect_to($self->url_for('/') . $room);
|
||||
}
|
||||
elsif ($pass eq $data->{join_password}){
|
||||
elsif ($data->{join_password} && Crypt::SaltedHash->validate($data->{join_password}, $pass)){
|
||||
$self->session($room => {role => 'participant'});
|
||||
$self->redirect_to($self->url_for('/') . $room);
|
||||
}
|
||||
|
@ -479,7 +479,6 @@ post '/action' => sub {
|
|||
data => [
|
||||
template => 'invite',
|
||||
room => $room,
|
||||
joinPassword => $data->{join_password}
|
||||
],
|
||||
) ||
|
||||
return $self->render(
|
||||
|
|
|
@ -26,11 +26,6 @@
|
|||
</h1>
|
||||
</center>
|
||||
</p>
|
||||
<% if ($joinPassword && $joinPassword ne ''){ %>
|
||||
<p>
|
||||
<%=l 'YOU_WILL_NEED_THIS_PASSWORD' %>: <%= $joinPassword %>
|
||||
</p>
|
||||
<% } %>
|
||||
<br>
|
||||
<p>
|
||||
<%=l 'HAVE_A_NICE_MEETING' %>
|
||||
|
|
|
@ -12,10 +12,6 @@
|
|||
|
||||
<%= $url . $room %>
|
||||
|
||||
<% if ($joinPassword && $joinPassword ne ''){ %>
|
||||
<%=l 'YOU_WILL_NEED_THIS_PASSWORD' %>: <%== $joinPassword %>
|
||||
<% } %>
|
||||
|
||||
<%=l 'HAVE_A_NICE_MEETING' %>
|
||||
--
|
||||
<%=l 'EMAIL_SIGN' %>
|
||||
|
|
Loading…
Reference in New Issue
Block a user