Store join paswword hashed

Do not trade security and privacy for convenience

lib/Vroom/I18N/en.pm

@@ -18,7 +18,6 @@ our %Lexicon = (
   "A_WEBCAM"                             => "A webcam",
   "A_MIC"                                => "A microphone",
   "WHEN_YOU_ARE_READY"                   => "When you are ready, go to this address to join the conference",
-  "YOU_WILL_NEED_THIS_PASSWORD"          => "The following password is needed to join the room",
   "HAVE_A_NICE_MEETING"                  => "Have a nice meeting :-)",
   "EMAIL_SIGN"                           => "VROOM! And video conferencing becomes free, simple and safe",
   "FEEDBACK"                             => "Feedback",

lib/Vroom/I18N/fr.pm

@@ -20,7 +20,6 @@ our %Lexicon = (
     "A_WEBCAM"                                  => "Une webcam",
     "A_MIC"                                     => "Un micro",
     "WHEN_YOU_ARE_READY"                        => "Quand vous êtes prêt, rendez-vous sur cette adresse pour joindre la conférence",
-    "YOU_WILL_NEED_THIS_PASSWORD"               => "Le mot de passe suivant est nécessaire pour rejoindre le salon",
     "HAVE_A_NICE_MEETING"                       => "Bonne réunion :-)",
     "EMAIL_SIGN"                                => "VROOM! Et la visio conférence devient libre, simple et sûr",
     "FEEDBACK"                                  => "Retour d'expérience",

public/vroom.pl

@@ -244,6 +244,7 @@ helper set_join_pass => sub {
   my ($room,$pass) = @_;
   return undef unless ( %{ $self->get_room($room) });
   my $sth = eval { $self->db->prepare("UPDATE rooms SET join_password=? where name=?;") } || return undef;
+  $pass = ($pass) ? Crypt::SaltedHash->new(algorithm => 'SHA-256')->add($pass)->generate : undef;
   $sth->execute($pass,$room) || return undef;
   if ($pass){
     $self->app->log->debug($self->session('name') . " has set a password on room $room");
@@ -261,9 +262,8 @@ helper set_owner_pass => sub {
   return undef unless ( %{ $self->get_room($room) });
   if ($pass){
     my $sth = eval { $self->db->prepare("UPDATE rooms SET owner_password=?,persistent='1' where name=?;") } || return undef;
-    my $csh = Crypt::SaltedHash->new(algorithm => 'SHA-256');
-    $csh->add($pass);
-    $sth->execute($csh->generate,$room) || return undef;
+    my $pass = Crypt::SaltedHash->new(algorithm => 'SHA-256')->add($pass)->generate;
+    $sth->execute($pass,$room) || return undef;
     $self->app->log->debug($self->session('name') . " has set an owner password on room $room, which is now persistent");
   }
   else{
@@ -380,7 +380,7 @@ post '/password/(:room)' => sub {
     $self->session($room => {role => 'owner'});
     $self->redirect_to($self->url_for('/') . $room);
   }
-  elsif ($pass eq $data->{join_password}){
+  elsif ($data->{join_password} && Crypt::SaltedHash->validate($data->{join_password}, $pass)){
     $self->session($room => {role => 'participant'});
     $self->redirect_to($self->url_for('/') . $room);
   }
@@ -479,7 +479,6 @@ post '/action' => sub {
       data => [
         template => 'invite',
         room => $room,
-        joinPassword => $data->{join_password}
       ],
     ) ||
     return $self->render(

templates/default/invite.email_html.ep

@@ -26,11 +26,6 @@
     </h1>
   </center>
 </p>
-<% if ($joinPassword && $joinPassword ne ''){ %>
-<p>
-  <%=l 'YOU_WILL_NEED_THIS_PASSWORD' %>: <%= $joinPassword %>
-</p>
-<% } %>
 <br>
 <p>
   <%=l 'HAVE_A_NICE_MEETING' %>

templates/default/invite.email_text.ep

@@ -12,10 +12,6 @@
 
 <%= $url . $room %>
 
-<% if ($joinPassword && $joinPassword ne ''){ %>
-<%=l 'YOU_WILL_NEED_THIS_PASSWORD' %>: <%== $joinPassword %>
-<% } %>
-
 <%=l 'HAVE_A_NICE_MEETING' %>
 -- 
 <%=l 'EMAIL_SIGN' %>