From 4984bd630e7c08dc00d66ecb2203827f174bdb25 Mon Sep 17 00:00:00 2001 From: David Baker Date: Thu, 5 Oct 2023 16:13:56 +0100 Subject: [PATCH] Keep the password in the URL We changed our minds: people do copy the URL from the bar and give that to people and expect it to work: it doesn't make sense to prioritise shorter URLs over this. There's no security advantage unless we think there's a risk someone might steal your key by taking a photo of your monitor over your shoulder and decrypting the calls they can't already hear by standing behind you. --- src/e2ee/sharedKeyManagement.ts | 17 +---------------- src/home/CallList.tsx | 8 +++++--- src/home/RegisteredView.tsx | 6 ++++-- src/home/UnauthenticatedView.tsx | 5 +++-- 4 files changed, 13 insertions(+), 23 deletions(-) diff --git a/src/e2ee/sharedKeyManagement.ts b/src/e2ee/sharedKeyManagement.ts index b83212c1..786727c2 100644 --- a/src/e2ee/sharedKeyManagement.ts +++ b/src/e2ee/sharedKeyManagement.ts @@ -19,7 +19,7 @@ import { useEffect, useMemo } from "react"; import { useEnableE2EE } from "../settings/useSetting"; import { useLocalStorage } from "../useLocalStorage"; import { useClient } from "../ClientContext"; -import { PASSWORD_STRING, useUrlParams } from "../UrlParams"; +import { useUrlParams } from "../UrlParams"; import { widget } from "../widget"; export const getRoomSharedKeyLocalStorageKey = (roomId: string): string => @@ -61,25 +61,10 @@ export const useRoomSharedKey = (roomId: string): string | null => { }; export const useManageRoomSharedKey = (roomId: string): string | null => { - const urlParams = useUrlParams(); - const urlPassword = useKeyFromUrl(roomId); const [e2eeSharedKey] = useInternalRoomSharedKey(roomId); - useEffect(() => { - const hash = location.hash; - - if (!hash.includes("?")) return; - if (!hash.includes(PASSWORD_STRING)) return; - if (urlParams.password !== e2eeSharedKey) return; - - const [hashStart, passwordStart] = hash.split(PASSWORD_STRING); - const hashEnd = passwordStart.split("&").slice(1).join("&"); - - location.replace((hashStart ?? "") + (hashEnd ?? "")); - }, [urlParams, e2eeSharedKey]); - return e2eeSharedKey ?? urlPassword; }; diff --git a/src/home/CallList.tsx b/src/home/CallList.tsx index ac501e41..8bd3778d 100644 --- a/src/home/CallList.tsx +++ b/src/home/CallList.tsx @@ -68,9 +68,11 @@ function CallTile({ name, avatarUrl, room }: CallTileProps) { return (
diff --git a/src/home/RegisteredView.tsx b/src/home/RegisteredView.tsx index 4bba6e43..779072bb 100644 --- a/src/home/RegisteredView.tsx +++ b/src/home/RegisteredView.tsx @@ -81,14 +81,16 @@ export function RegisteredView({ client }: Props) { await createRoom(client, roomName, e2eeEnabled ?? false) )[1]; + const roomPassword = randomString(32); + if (e2eeEnabled) { setLocalStorageItem( getRoomSharedKeyLocalStorageKey(roomId), - randomString(32) + roomPassword ); } - history.push(getRelativeRoomUrl(roomId, roomName)); + history.push(getRelativeRoomUrl(roomId, roomName, roomPassword)); } submit().catch((error) => { diff --git a/src/home/UnauthenticatedView.tsx b/src/home/UnauthenticatedView.tsx index ad44536b..376e4944 100644 --- a/src/home/UnauthenticatedView.tsx +++ b/src/home/UnauthenticatedView.tsx @@ -88,6 +88,7 @@ export const UnauthenticatedView: FC = () => { ); let roomId: string; + const roomPassword = randomString(32); try { roomId = ( await createRoom(client, roomName, e2eeEnabled ?? false) @@ -96,7 +97,7 @@ export const UnauthenticatedView: FC = () => { if (e2eeEnabled) { setLocalStorageItem( getRoomSharedKeyLocalStorageKey(roomId), - randomString(32) + roomPassword ); } } catch (error) { @@ -127,7 +128,7 @@ export const UnauthenticatedView: FC = () => { } setClient({ client, session }); - history.push(getRelativeRoomUrl(roomId, roomName)); + history.push(getRelativeRoomUrl(roomId, roomName, roomPassword)); } submit().catch((error) => {