[jitsi-dev] Possible bug with authentication from Firefox ESR


#1

Hi all!

I think to have found a bug with the button for sending authentication
data in Firefox ESR. I opened a bug in Github:

https://github.com/jitsi/jicofo/issues/155

somebody can confirm?

Kind regards,
Daniel


#2

Hi again,

I think to have found a bug with the button for sending authentication
data in Firefox ESR. I opened a bug in Github:

https://github.com/jitsi/jicofo/issues/155

somebody can confirm?

Here an update that I have added also in Github:

I have tested with Firefox 50 on Windows Server 2012 and here I had no
problems, so this seems to be a problem with Firefox ESR.

I'm going to add some more context information that I had not mentioned
in my initial post. In my configuration I was not using a "guest"
domain. So I was using authentication for everyone. I noticed (doing
tests between two users using Chromium, given the existence of this
problem with Firefox ESR) that all users in a conference become
moderators. I had thought that adding an authentication layer would not
change the previous behavior and that the moderator would be the person
who created the room.

After some tests I think I've figured out how this works. Jitsi Meet
considers that every authenticated user with Prosody + Jicofo is the
owner (moderator) of the conference. So if I do not use a "guest"
domain, all conference participants become moderators.

I have now created a "guest" domain. If the conference room does not
exist, Jitsi Meet shows to the user a window notifying him/her that the
moderator has not yet created the room. It also shows a button asking if
s/he is the moderator. If the user presses the button, then in a new
window s/he can enter username and password. I do not know why, but
after having added the domain "guest", the button to send the
credentials worked with Firefox ESR.

In this scenario, any user who subsequently attempts to enter the room,
would do so as anonymous and would not have moderator privileges. But I
have found an unexpected effect here con Firefox ESR y Chromium.

If a user who is considered a moderator enters their credentials, they
are saved without the browser asking for that action. This eventually
causes that in the future a user can become a moderator of a room that
was created by another user. This happens in both Firefox ESR and
Chromium. Clearing the cache seems to avoid this. But the strange thing
is that both browsers do not display a window asking if the user wants
to save the password and, if the user saves them, this could generate
the mentioned side effect that I think we should try to avoid.

So I think we have two issues:

1) Unexpected cache of credentials, which could cause a conference to
have more than one moderator.

2) The credentials submission button does not work in Firefox ESR if
there is no "guest" domain (although this domain may be expected to
exist when using authentication. If so, we could rule this issue out).

I would like to know if anyone else is experiencing this behavior.

Thanks in advance.

Kind regards,
Daniel

ยทยทยท

On 14/01/17 09:20, Daniel Bareiro wrote: