search

jitsi / jitsi-meet

Jitsi Meet - Secure, Simple and Scalable Video Conferences that you use as a standalone app or embed in your web application.
https://jitsi.org/meet
Apache License 2.0
21.8k stars 6.52k forks source link

Jitsi login fails if config options are given and login is tried #14672

Closed mikkorantalainen closed 3 weeks ago

mikkorantalainen commented 3 weeks ago

Description:

When one uses options in URL hash and meet.jit.si requires user to authenticate to open a new room, the login flow hangs in error Uncaught (in promise) SyntaxError: Expected ',' or '}' after property value in JSON (see details below).

Steps to reproduce:

  1. Open following URL in browser without cookies (e.g. Chrome incognito mode): https://meet.jit.si/b98b8c44-c7a6-40f2-9cf9-d44ff704b999#config.subject=%22Example%20Title%22&userInfo.displayName=%22Test%20User%22
  2. Try to join the room.
  3. Click "Log-in" in the "Waiting for moderator..." dialog.
  4. Login with Google (I didn't try if this problem is specific for login type).
  5. Login hangs in black screen after control is transferred back to jitsi.net.

Expected behavior:

The login should work correctly and I should enter the room successfully.

Actual behavior:

The URL that hangs is as follows: https://web-cdn.jitsi.net/auth-static/meet-jit-si/v10/signin.html?state=%7B%22room%22%3A%22b98b8c44-c7a6-40f2-9cf9-d44ff704b999%22%2C%22roomSafe%22%3A%22b98b8c44-c7a6-40f2-9cf9-d44ff704b999%22%2C%22config.prejoinConfig.enabled%22%3Afalse%2C%22config.subject%22%3A%22%2522Example%2520Title%2522%22%7D#room=b98b8c44-c7a6-40f2-9cf9-d44ff704b999&subdir=

Note the room id in both hash part of the URL and in the state query parameter. Note that the parameter userInfo.displayName has already been lost at this step.

Following error can be see in JavaScript console on the page that hangs:

.../auth-static/meet-ji…ff704b999&subdir=:1 Uncaught (in promise) SyntaxError: Expected ',' or '}' after property value in JSON at position 187 (line 1 column 188)
    at JSON.parse (<anonymous>)
    at redirect (...signin.html?state=%7…le%2522%22%7D:51:30)
    at ...signin.html?state=%7…e%2522%22%7D:133:71

Full text for both the shortened parts in the error message appears to be https://web-cdn.jitsi.net/auth-static/meet-jit-si/v10/signin.html?state={"room":"b98b8c44-c7a6-40f2-9cf9-d44ff704b999","roomSafe":"b98b8c44-c7a6-40f2-9cf9-d44ff704b999","config.prejoinConfig.enabled":false,"config.startWithVideoMuted":true,"config.subject":"%22Example%20Title%22"}

That is, the URL of the hanging page.

Server information:

Client information:

Additional information:

Login can be completed successfully if you remove the hash part from the original URL so this is related to either incorrect encoding or decoding of the hashed data during the OpenID Connect login flow. I was unable to follow the code logic to figure this out by myself.

Partial documentation of the URL address syntax can be found here: https://jitsi.github.io/handbook/docs/dev-guide/dev-guide-iframe

mikkorantalainen commented 3 weeks ago

The stacktrace refers to following code in function redirect():

        // old code will not replace {state} and will fail witgh JSON error if we try to parse
        if (searchParams.get('state') && !searchParams.get('state').includes('{state}')) {
            state = JSON.parse(decodeURIComponent(searchParams.get('state'))); // -- line 51
        }

which is called from

    function initApp() {
        firebase.auth().onAuthStateChanged(function(user) {
            if (!user) {
            // ...
            } else {
                user.getIdTokenResult(true).then(idTokenResult => redirect(idTokenResult)); // -- line 133
            }

The comment at line 49 suggests that there is some legacy behavior here but I would guess unhandled exception is not part of the design here.

asmaloney commented 3 weeks ago

Just ran into this. Even removing the data after the # didn't work for us.

(We are using jisti-meet-electron.)

mikkorantalainen commented 3 weeks ago

https://meet.jit.si/ is still broken. Is this expected and the fix is only applied to source code for now?

damencho commented 3 weeks ago

It is only in the code now, there was no release on meet with this, when this happens I will update the ticket.

damencho commented 2 weeks ago

@mikkorantalainen @asmaloney Can you try now and see is it fixed for you? Thank you

asmaloney commented 2 weeks ago

Seems to work for me again. Thank you so much @damencho!

mikkorantalainen commented 1 week ago

@mikkorantalainen @asmaloney Can you try now and see is it fixed for you? Thank you

I'm confirming that meet.jit.si does work correctly again! Thanks for the fix.