Group Password mechanism appears broken: allows any user with any password to login

jech / galene

The Galène videoconference server

https://galene.org

MIT License

944 stars 130 forks source link

Group Password mechanism appears broken: allows any user with any password to login #123

Closed cvmiller closed 2 years ago

cvmiller commented 2 years ago

Running version 0.4.2 (from the Changes Doc)

I have followed the example of the most basic group:

$ cat name.json 
{
    "op": [{"username": "fred", "password": "mypass"}],
    "presenter": [{}]
}

Yet any user with any password can log into this group. Perhaps I don't understand the authentication mechanism, but I expected that only "fred" would be allowed to login

jech commented 2 years ago

This is the expected behaviour: [{}] means any user with any password, which is useful for lectures. If you want only fred to be able to login, say just

{
    "op": [{"username": "fred", "password": "mypass"}]
}

cvmiller commented 2 years ago

Thank you for the clarification. I have it working now.