Merge pull request #2121 from nextcloud/get-password-from-session-if-…

…not-given-when-joining-room Get password from session if not given when joining room
nextcloud · Aug 28, 2019 · c9f390d · c9f390d
2 parents 9101726 + bff5d29
commit c9f390d
Show file tree

Hide file tree

Showing 3 changed files with 87 additions and 8 deletions.
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php
@@ -160,8 +160,6 @@ public function index(string $token = '', string $callUser = '', string $passwor
 				$token = '';
 			}
 
-			$this->talkSession->removePasswordForRoom($token);
-
 			if ($room instanceof Room && $room->hasPassword()) {
 				// If the user joined themselves or is not found, they need the password.
 				try {
@@ -172,12 +170,14 @@ public function index(string $token = '', string $callUser = '', string $passwor
 				}
 
 				if ($requirePassword) {
+					$password = $password !== '' ? $password : (string) $this->talkSession->getPasswordForRoom($token);
 
 					$passwordVerification = $room->verifyPassword($password);
 
 					if ($passwordVerification['result']) {
-						$this->talkSession->setPasswordForRoom($token, $token);
+						$this->talkSession->setPasswordForRoom($token, $password);
 					} else {
+						$this->talkSession->removePasswordForRoom($token);
 						if ($passwordVerification['url'] === '') {
 							return new TemplateResponse($this->appName, 'authenticate', [
 								'wrongpw' => $password !== '',
@@ -226,13 +226,14 @@ protected function guestEnterRoom(string $token, string $password): Response {
 			]));
 		}
 
-		$this->talkSession->removePasswordForRoom($token);
 		if ($room->hasPassword()) {
-			$passwordVerification = $room->verifyPassword($password);
+			$password = $password !== '' ? $password : (string) $this->talkSession->getPasswordForRoom($token);
 
+			$passwordVerification = $room->verifyPassword($password);
 			if ($passwordVerification['result']) {
-				$this->talkSession->setPasswordForRoom($token, $token);
+				$this->talkSession->setPasswordForRoom($token, $password);
 			} else {
+				$this->talkSession->removePasswordForRoom($token);
 				if ($passwordVerification['url'] === '') {
 					return new TemplateResponse($this->appName, 'authenticate', [
 						'wrongpw' => $password !== '',

diff --git a/lib/Controller/RoomController.php b/lib/Controller/RoomController.php
@@ -879,10 +879,11 @@ public function joinRoom(string $token, string $password = ''): DataResponse {
 
 		$user = $this->userManager->get($this->userId);
 		try {
+			$result = $room->verifyPassword((string) $this->session->getPasswordForRoom($token));
 			if ($user instanceof IUser) {
-				$newSessionId = $room->joinRoom($user, $password, $this->session->getPasswordForRoom($token) === $room->getToken());
+				$newSessionId = $room->joinRoom($user, $password, $result['result']);
 			} else {
-				$newSessionId = $room->joinRoomGuest($password, $this->session->getPasswordForRoom($token) === $room->getToken());
+				$newSessionId = $room->joinRoomGuest($password, $result['result']);
 			}
 		} catch (InvalidPasswordException $e) {
 			return new DataResponse([], Http::STATUS_FORBIDDEN);

diff --git a/tests/acceptance/features/conversation-public.feature b/tests/acceptance/features/conversation-public.feature
@@ -33,6 +33,8 @@ Feature: conversation
     And I see that the current page is the Authenticate page for the public conversation link I wrote down
     And I authenticate with password "abcdef" in public conversation
     Then I see that the current page is the public conversation link I wrote down
+    And I see that the chat is shown in the main view
+    And I see that the sidebar is open
 
   Scenario: join a public conversation protected by password with an invalid password
     Given I act as John
@@ -47,3 +49,78 @@ Feature: conversation
     And I see that the current page is the Authenticate page for the public conversation link I wrote down
     And I authenticate with password "fedcba" in public conversation
     Then I see that the current page is the Wrong password page for the public conversation link I wrote down
+
+  Scenario: join again a public conversation protected by password
+    Given I act as John
+    And I am logged in
+    And I have opened the Talk app
+    And I create a public conversation named "Public"
+    And I protect the conversation with the password "abcdef"
+    And I see that the conversation is password protected
+    And I write down the public conversation link
+    And I act as Jane
+    And I visit the public conversation link I wrote down
+    And I see that the current page is the Authenticate page for the public conversation link I wrote down
+    And I authenticate with password "abcdef" in public conversation
+    And I see that the current page is the public conversation link I wrote down
+    And I see that the chat is shown in the main view
+    And I see that the sidebar is open
+    When I visit the Home page
+    And I visit the public conversation link I wrote down
+    Then I see that the current page is the Authenticate page for the public conversation link I wrote down
+
+  Scenario: join a public conversation protected by password with a valid password as a user
+    Given I act as John
+    And I am logged in
+    And I have opened the Talk app
+    And I create a public conversation named "Public"
+    And I protect the conversation with the password "abcdef"
+    And I see that the conversation is password protected
+    And I write down the public conversation link
+    When I act as Jane
+    And I am logged in as the admin
+    And I visit the public conversation link I wrote down
+    And I see that the current page is the Authenticate page for the public conversation link I wrote down
+    And I authenticate with password "abcdef" in public conversation
+    Then I see that the current page is the public conversation link I wrote down
+    And I see that the "Public" conversation is active
+    And I see that the chat is shown in the main view
+    And I see that the sidebar is open
+    And I see that the number of participants shown in the list is "2"
+
+  Scenario: join a public conversation protected by password with an invalid password as a user
+    Given I act as John
+    And I am logged in
+    And I have opened the Talk app
+    And I create a public conversation named "Public"
+    And I protect the conversation with the password "abcdef"
+    And I see that the conversation is password protected
+    And I write down the public conversation link
+    When I act as Jane
+    And I am logged in as the admin
+    And I visit the public conversation link I wrote down
+    And I see that the current page is the Authenticate page for the public conversation link I wrote down
+    And I authenticate with password "fedcba" in public conversation
+    Then I see that the current page is the Wrong password page for the public conversation link I wrote down
+
+  Scenario: join again a public conversation protected by password as a user
+    Given I act as John
+    And I am logged in
+    And I have opened the Talk app
+    And I create a public conversation named "Public"
+    And I protect the conversation with the password "abcdef"
+    And I see that the conversation is password protected
+    And I write down the public conversation link
+    And I act as Jane
+    And I am logged in as the admin
+    And I visit the public conversation link I wrote down
+    And I see that the current page is the Authenticate page for the public conversation link I wrote down
+    And I authenticate with password "abcdef" in public conversation
+    And I see that the current page is the public conversation link I wrote down
+    And I see that the "Public" conversation is active
+    And I see that the chat is shown in the main view
+    And I see that the sidebar is open
+    And I see that the number of participants shown in the list is "2"
+    When I visit the Home page
+    And I visit the public conversation link I wrote down
+    Then I see that the current page is the Authenticate page for the public conversation link I wrote down