Keep the password in the URL

We changed our minds: people do copy the URL from the bar and give that to people and expect it to work: it doesn't make sense to prioritise shorter URLs over this. There's no security advantage unless we think there's a risk someone might steal your key by taking a photo of your monitor over your shoulder and decrypting the calls they can't already hear by standing behind you.
2023-10-05 16:13:56 +01:00
parent d1cb6ee889
commit 4984bd630e
4 changed files with 13 additions and 23 deletions
--- a/src/home/CallList.tsx
+++ b/src/home/CallList.tsx
@@ -68,9 +68,11 @@ function CallTile({ name, avatarUrl, room }: CallTileProps) {
  return (
    <div className={styles.callTile}>
      <Link
-        // note we explicitly omit the password here as we don't want it on this link because
-        // it's just for the user to navigate around and not for sharing
-        to={getRelativeRoomUrl(room.roomId, room.name)}
+        to={getRelativeRoomUrl(
+          room.roomId,
+          room.name,
+          roomSharedKey ?? undefined
+        )}
        className={styles.callTileLink}
      >
        <Avatar id={room.roomId} name={name} size={Size.LG} src={avatarUrl} />
--- a/src/home/RegisteredView.tsx
+++ b/src/home/RegisteredView.tsx
@@ -81,14 +81,16 @@ export function RegisteredView({ client }: Props) {
          await createRoom(client, roomName, e2eeEnabled ?? false)
        )[1];

+        const roomPassword = randomString(32);
+
        if (e2eeEnabled) {
          setLocalStorageItem(
            getRoomSharedKeyLocalStorageKey(roomId),
-            randomString(32)
+            roomPassword
          );
        }

-        history.push(getRelativeRoomUrl(roomId, roomName));
+        history.push(getRelativeRoomUrl(roomId, roomName, roomPassword));
      }

      submit().catch((error) => {
--- a/src/home/UnauthenticatedView.tsx
+++ b/src/home/UnauthenticatedView.tsx
@@ -88,6 +88,7 @@ export const UnauthenticatedView: FC = () => {
        );

        let roomId: string;
+        const roomPassword = randomString(32);
        try {
          roomId = (
            await createRoom(client, roomName, e2eeEnabled ?? false)
@@ -96,7 +97,7 @@ export const UnauthenticatedView: FC = () => {
          if (e2eeEnabled) {
            setLocalStorageItem(
              getRoomSharedKeyLocalStorageKey(roomId),
-              randomString(32)
+              roomPassword
            );
          }
        } catch (error) {
@@ -127,7 +128,7 @@ export const UnauthenticatedView: FC = () => {
        }

        setClient({ client, session });
-        history.push(getRelativeRoomUrl(roomId, roomName));
+        history.push(getRelativeRoomUrl(roomId, roomName, roomPassword));
      }

      submit().catch((error) => {