search

jech / galene

The Galène videoconference server
https://galene.org
MIT License
899 stars 119 forks source link

Same user can login twice/ thrice/ ecc.. #189

Closed nikto1 closed 1 month ago

nikto1 commented 2 months ago

As per title, a user can login as many times as he wants on multiple windows, multiple browsers, from multiple locations, ecc. Shouldn't there be a check if a user is already logged in?

jech commented 2 months ago

a user can login as many times as he wants

It's a useful feature, we often simultaneously use a smartphone for video and a laptop for the slides.

Shouldn't there be a check if a user is already logged in?

No, why?

nikto1 commented 2 months ago

It's a useful feature

oh ok, true, it could also be a feature.

No, why?

Other people can impersonate you. IMO at least there should be a message that you're already logged in from another device/ ip/ browser.

jech commented 2 months ago

Other people can impersonate you.

Only if they have your password.

IMO at least there should be a message that you're already logged in from another device/ip/ browser.

Sure, I'd be willing to accept a patch for that. You'll want to check in onJoined, and call displayWarning if the username is a duplicate.

nikto1 commented 2 months ago

if the username is a duplicate.

Username alone is not enough as there can be 2 users with the same name. Check should be done on same username/ password/ token. I think that's possible, right?

jech commented 2 months ago

There is no notion of user identity in Galene. "Two distinct users" is not a notion that is well defined in Galene: if two clients use the same username, Galene does not know whether it's two distinct users or the same user that connected twice.

On the other hand, the notion of "the same username" is well defined. Be aware, however, that the username that a client uses is not necessarily identical to the username that it used to login (a token can change the username).

nikto1 commented 2 months ago

oh ok, so i don't think it's possible to display any message to fit it into the general galene instance. As soon as i have some time i'll try to implement the duplicate message for token logins, because i only use tokens for authentication (faster for users to click on a link). Furthermore, tokens are always unique for 1 meeting. Please let me know if you're interested so i'll provide the patch once done.

jech commented 2 months ago

I'll be glad to have a look at your patch. I don't know if I'll merge it, since we usually use a single token for all the students at a given lecture.

jech commented 1 month ago

This is working as designed, it's just a minor disagreement on how Galene should work.