search

ringcentral / ringcentral-web-phone

RingCentral WebPhone Library for JavaScript WebRTC
https://ringcentral.github.io/ringcentral-web-phone
108 stars 76 forks source link

WebRTC SDK cannot properly handle SIP Invite with "auto-answer" header #239

Open igorfry opened 4 years ago

igorfry commented 4 years ago

Initiate sip:INVITE with auto-answer header to webRTC RC endpoint

Expected: webRTC Client accepts invite and shows in-progress call (like User clicked "Answer" button). Actual: pre-call control popup is displayed during 3 seconds and disappears.

auto-answer header Actually we send both recommended for Polycom and Cisco formats, but better to use Polycom one (Alert-Info)

Alert-Info: Auto Answer Call-Info: ;Answer-After=0

Reproduced on the following Clients: RingCentral for Google Version 4.2.3, RC App (dThor)

List of APIs initiating sip:Ivite with auto-answer: Call Out https://developers.ringcentral.com/api-reference/Call-Control/createCallOutCallSession Supervise https://developers.ringcentral.com/api-reference/Call-Control/superviseCallSession Answer https://developers.ringcentral.com/api-reference/Call-Control/answerCallParty Pickup https://developers.ringcentral.com/api-reference/Call-Control/pickupCallParty

Call Out request example: 

POST ../restapi/v1.0/account/~/telephony/call-out

{
  "from": {
    "deviceId": "803872000020"
  },
  "to": {
    "phoneNumber": "+79817891689"
  }
}

sip:INVITE examples for RC Phone app desktop:

Via: SIP/2.0/TCP 104.245.57.189:5091;branch=z9hG4bK542s9n00b0rh3ledtf60.1
Max-Forwards: 69
User-Agent: RC_SIPWRP_22.253
From: <sip:+79817891689@104.245.57.189>;tag=10.13.22.253-5070-c77776e383424a
To: <sip:18885287464*66666-asfgqjl88jl28@193.104.181.232;ob>
Contact: <sip:+79817891689@104.245.57.189:5091;transport=tcp>
Call-ID: 98783f120bf9407c8247992014351b20
CSeq: 14690 INVITE
p-rc-api-ids: party-id=p-825017b2bf9e4c02922f62495add279b-1;
Alert-Info: Auto Answer
Call-Info: \;Answer-After=0
Allow: SUBSCRIBE, NOTIFY, REFER, INVITE, ACK, BYE, CANCEL, UPDATE, INFO
Supported: replaces, timer, diversion
Session-Expires: 14400;refresher=uac
Min-SE: 90
Content-Type: application/sdp
Content-Length: 533
P-Acme-VSA: 200:
v=0
o=- 1108421697657585064 5635218107487338474 IN IP4 104.245.57.189
s=SmcSip
c=IN IP4 104.245.57.189
t=0 0
m=audio 54748 RTP/AVP 9 0 18 96 8 109 111 101
a=rtpmap:9 g722/8000
a=rtpmap:0 pcmu/8000
a=rtpmap:18 g729/8000
a=fmtp:18 annexb=no
a=rtpmap:96 ilbc/8000
a=fmtp:96 mode=20
a=rtpmap:8 pcma/8000
a=rtpmap:109 OPUS/16000
a=fmtp:109 useinbandfec=1
a=rtcp-fb:109 ccm tmmbr
a=rtpmap:111 OPUS/48000/2
a=fmtp:111 useinbandfec=1
a=rtcp-fb:111 ccm tmmbr
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
tylerlong commented 4 years ago

Won't this bring security issues? Let's say a hacker knows your web phone app supports auto-answer feature. He just sends a SIP invite with auto answer header to your app. Your app auto answers it and he starts spying you by listening to the voice from your side.

igorfry commented 4 years ago

Not sure I understand how the hacker can send such invite to my app. Auto-answer feature is generic signalling feature and wildly used in Polycom, Cisco, etc. So there should be no security issues.

vyshakhbabji commented 4 years ago

Added auto answer support at the app level. I will bring this into the SDK in my next release