Implemented authorizeRoomJoin flag. Set this to allow only authenticated users to join rooms.

server.conf.in

@@ -78,6 +78,9 @@ encryptionSecret = tne-default-encryption-block-key
 ; all users will join this room if enabled. If it is disabled then a room join
 ; form will be shown instead.
 ;defaultRoomEnabled = true
+; Whether a user account is required to join a room. This only has an effect
+; if user accounts are enabled. Optional, defaults to false.
+;authorizeRoomJoin = false
 ; Whether a user account is required to create a room. This only has an effect
 ; if user accounts are enabled. Optional, defaults to false.
 ;authorizeRoomCreation = false

src/app/spreed-webrtc-server/config.go

@@ -46,6 +46,7 @@ type Config struct {
 	DefaultRoomEnabled              bool     // Flag if default room ("") is enabled
 	Plugin                          string   // Plugin to load
 	AuthorizeRoomCreation           bool     // Whether a user account is required to create rooms
+	AuthorizeRoomJoin               bool     // Whether a user account is required to join rooms
 	Modules                         []string // List of enabled modules
 	globalRoomID                    string   // Id of the global room (not exported to Javascript)
 	contentSecurityPolicy           string   // HTML content security policy
@@ -112,6 +113,7 @@ func NewConfig(container phoenix.Container, tokens bool) *Config {
 		DefaultRoomEnabled:              container.GetBoolDefault("app", "defaultRoomEnabled", true),
 		Plugin:                          container.GetStringDefault("app", "plugin", ""),
 		AuthorizeRoomCreation:           container.GetBoolDefault("app", "authorizeRoomCreation", false),
+		AuthorizeRoomJoin:               container.GetBoolDefault("app", "authorizeRoomJoin", false),
 		Modules:                         modules,
 		globalRoomID:                    container.GetStringDefault("app", "globalRoom", ""),
 		contentSecurityPolicy:           container.GetStringDefault("app", "contentSecurityPolicy", ""),

src/app/spreed-webrtc-server/room_manager.go

@@ -146,6 +146,10 @@ func (rooms *roomManager) Get(roomID string) (room RoomWorker, ok bool) {
 }
 
 func (rooms *roomManager) GetOrCreate(roomID string, credentials *DataRoomCredentials, sessionAuthenticated bool) (RoomWorker, error) {
+	if rooms.AuthorizeRoomJoin && rooms.UsersEnabled && !sessionAuthenticated {
+		return nil, NewDataError("room_join_requires_account", "Room join requires a user account")
+	}
+
 	if room, ok := rooms.Get(roomID); ok {
 		return room, nil
 	}

src/app/spreed-webrtc-server/room_manager_test.go

@@ -51,6 +51,25 @@ func Test_RoomManager_JoinRoom_ReturnsAnErrorForUnauthenticatedSessionsWhenCreat
 	}
 }
 
+func Test_RoomManager_JoinRoom_ReturnsAnErrorForUnauthenticatedSessionsWhenJoinRequiresAnAccount(t *testing.T) {
+	roomManager, config := NewTestRoomManager()
+	config.UsersEnabled = true
+	config.AuthorizeRoomJoin = true
+
+	unauthenticatedSession := &Session{}
+	_, err := roomManager.JoinRoom("foo", nil, unauthenticatedSession, false, nil)
+	assertDataError(t, err, "room_join_requires_account")
+
+	authenticatedSession := &Session{userid: "9870457"}
+	_, err = roomManager.JoinRoom("foo", nil, authenticatedSession, true, nil)
+	if err != nil {
+		t.Fatalf("Unexpected error %v joining room while authenticated", err)
+	}
+
+	_, err = roomManager.JoinRoom("foo", nil, unauthenticatedSession, false, nil)
+	assertDataError(t, err, "room_join_requires_account")
+}
+
 func Test_RoomManager_UpdateRoom_ReturnsAnErrorIfNoRoomHasBeenJoined(t *testing.T) {
 	roomManager, _ := NewTestRoomManager()
 	_, err := roomManager.UpdateRoom(&Session{}, nil)