dani
/
vroom
mirror of https://github.com/dani/vroom.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Store join paswword hashed

Browse Source 
Do not trade security and privacy for convenience
master
Daniel Berteaud 11 years ago
parent e394b8d911
commit cea2189774
5 changed files with 4 additions and 16 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      lib/Vroom/I18N/en.pm
  2. 1
      lib/Vroom/I18N/fr.pm
  3. 9
      public/vroom.pl
  4. 5
      templates/default/invite.email_html.ep
  5. 4
      templates/default/invite.email_text.ep

1
lib/Vroom/I18N/en.pm
Unescape View File

@ -18,7 +18,6 @@ our %Lexicon = (
"A_WEBCAM" => "A webcam", "A_WEBCAM" => "A webcam",
"A_MIC" => "A microphone", "A_MIC" => "A microphone",
"WHEN_YOU_ARE_READY" => "When you are ready, go to this address to join the conference", "WHEN_YOU_ARE_READY" => "When you are ready, go to this address to join the conference",
"YOU_WILL_NEED_THIS_PASSWORD" => "The following password is needed to join the room",
"HAVE_A_NICE_MEETING" => "Have a nice meeting :-)", "HAVE_A_NICE_MEETING" => "Have a nice meeting :-)",
"EMAIL_SIGN" => "VROOM! And video conferencing becomes free, simple and safe", "EMAIL_SIGN" => "VROOM! And video conferencing becomes free, simple and safe",
"FEEDBACK" => "Feedback", "FEEDBACK" => "Feedback",

1
lib/Vroom/I18N/fr.pm
Unescape View File

@ -20,7 +20,6 @@ our %Lexicon = (
"A_WEBCAM" => "Une webcam", "A_WEBCAM" => "Une webcam",
"A_MIC" => "Un micro", "A_MIC" => "Un micro",
"WHEN_YOU_ARE_READY" => "Quand vous êtes prêt, rendez-vous sur cette adresse pour joindre la conférence", "WHEN_YOU_ARE_READY" => "Quand vous êtes prêt, rendez-vous sur cette adresse pour joindre la conférence",
"YOU_WILL_NEED_THIS_PASSWORD" => "Le mot de passe suivant est nécessaire pour rejoindre le salon",
"HAVE_A_NICE_MEETING" => "Bonne réunion :-)", "HAVE_A_NICE_MEETING" => "Bonne réunion :-)",
"EMAIL_SIGN" => "VROOM! Et la visio conférence devient libre, simple et sûr", "EMAIL_SIGN" => "VROOM! Et la visio conférence devient libre, simple et sûr",
"FEEDBACK" => "Retour d'expérience", "FEEDBACK" => "Retour d'expérience",

9
public/vroom.pl
Unescape View File

@ -244,6 +244,7 @@ helper set_join_pass => sub {
my ($room,$pass) = @_; my ($room,$pass) = @_;
return undef unless ( %{ $self->get_room($room) }); return undef unless ( %{ $self->get_room($room) });
my $sth = eval { $self->db->prepare("UPDATE rooms SET join_password=? where name=?;") } || return undef; my $sth = eval { $self->db->prepare("UPDATE rooms SET join_password=? where name=?;") } || return undef;
$pass = ($pass) ? Crypt::SaltedHash->new(algorithm => 'SHA-256')->add($pass)->generate : undef;
$sth->execute($pass,$room) || return undef; $sth->execute($pass,$room) || return undef;
if ($pass){ if ($pass){
$self->app->log->debug($self->session('name') . " has set a password on room $room"); $self->app->log->debug($self->session('name') . " has set a password on room $room");
@ -261,9 +262,8 @@ helper set_owner_pass => sub {
return undef unless ( %{ $self->get_room($room) }); return undef unless ( %{ $self->get_room($room) });
if ($pass){ if ($pass){
my $sth = eval { $self->db->prepare("UPDATE rooms SET owner_password=?,persistent='1' where name=?;") } || return undef; my $sth = eval { $self->db->prepare("UPDATE rooms SET owner_password=?,persistent='1' where name=?;") } || return undef;
my $csh = Crypt::SaltedHash->new(algorithm => 'SHA-256'); my $pass = Crypt::SaltedHash->new(algorithm => 'SHA-256')->add($pass)->generate;
$csh->add($pass); $sth->execute($pass,$room) || return undef;
$sth->execute($csh->generate,$room) || return undef;
$self->app->log->debug($self->session('name') . " has set an owner password on room $room, which is now persistent"); $self->app->log->debug($self->session('name') . " has set an owner password on room $room, which is now persistent");
} }
else{ else{
@ -380,7 +380,7 @@ post '/password/(:room)' => sub {
$self->session($room => {role => 'owner'}); $self->session($room => {role => 'owner'});
$self->redirect_to($self->url_for('/') . $room); $self->redirect_to($self->url_for('/') . $room);
} }
elsif ($pass eq $data->{join_password}){ elsif ($data->{join_password} && Crypt::SaltedHash->validate($data->{join_password}, $pass)){
$self->session($room => {role => 'participant'}); $self->session($room => {role => 'participant'});
$self->redirect_to($self->url_for('/') . $room); $self->redirect_to($self->url_for('/') . $room);
} }
@ -479,7 +479,6 @@ post '/action' => sub {
data => [ data => [
template => 'invite', template => 'invite',
room => $room, room => $room,
joinPassword => $data->{join_password}
], ],
) || ) ||
return $self->render( return $self->render(

5
templates/default/invite.email_html.ep
Unescape View File

@ -26,11 +26,6 @@
</h1> </h1>
</center> </center>
</p> </p>
<% if ($joinPassword && $joinPassword ne ''){ %>
<p>
<%=l 'YOU_WILL_NEED_THIS_PASSWORD' %>: <%= $joinPassword %>
</p>
<% } %>
<br> <br>
<p> <p>
<%=l 'HAVE_A_NICE_MEETING' %> <%=l 'HAVE_A_NICE_MEETING' %>

4
templates/default/invite.email_text.ep
Unescape View File

@ -12,10 +12,6 @@
<%= $url . $room %> <%= $url . $room %>
<% if ($joinPassword && $joinPassword ne ''){ %>
<%=l 'YOU_WILL_NEED_THIS_PASSWORD' %>: <%== $joinPassword %>
<% } %>
<%=l 'HAVE_A_NICE_MEETING' %> <%=l 'HAVE_A_NICE_MEETING' %>
-- --
<%=l 'EMAIL_SIGN' %> <%=l 'EMAIL_SIGN' %>

Write Preview
Loading…
Cancel
Save