[MDL-74654] Add role parameter, phase out moderatorPW and attendeePW from create, and password from join - Moodle Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 4.0.1, 4.0.4
Fix Version/s: 4.0.5
Component/s: BigBlueButton
Labels:
- 4.0
- 4.1
- ci
- mdl

Affected Branches:
MOODLE_400_STABLE
Fixed Branches:
MOODLE_400_STABLE
Epic Link:
BigBlueButton New Features and Improvements for 4.1
Pull from Repository:
https://github.com/ssj365/moodle.git
Pull 4.0 Branch:
~~MDL-74654~~-400
Pull 4.0 Diff URL:
https://github.com/moodle/moodle/compare/MOODLE_400_STABLE...ssj365:MDL-74654-400
Pull Master Branch:
~~MDL-74654~~-master
Pull Master Diff URL:
https://github.com/moodle/moodle/compare/master...ssj365:MDL-74654-master
Testing Instructions:
Hide

Login as admin

Enable BBB activity module in Site administration->Plugins->Manage activities

Create BBB activity B1

Create and enroll User1 as student in B1

Enter BBB session

On BBB activity page check admin has entered session as Moderator

In a private browser, sign in as User1

Enter BBB session

On BBB activity page check User1 has entered session as Viewer
Show
Login as admin Enable BBB activity module in Site administration->Plugins->Manage activities Create BBB activity B1 Create and enroll User1 as student in B1 Enter BBB session On BBB activity page check admin has entered session as Moderator In a private browser, sign in as User1 Enter BBB session On BBB activity page check User1 has entered session as Viewer

Description

Since version 2.4, BBB can use a parameter that defines the role to be used in the BBB session instead of the so called 'password' with is problematic with modern browsers.

To give a bit of context, the so called `password` used in the URL in plain text is not a real password, but a token or identifier to be used to define the role a user should have in a meeting.

The URLs used by BBB are in some way protected by a hash calculated using a shared secret. Therefore, `password` would not (should not and could not) be used for authenticating the user.

The idea is that

create would no longer include modPW nor viewerPW,
join will use instead of password the designated role, such as role=moderator|viewer

See https://github.com/bigbluebutton/bigbluebutton/pull/13589

We will not be removing the password currently, but only adding the role parameter. Phasing out of password use will most likely take place in BBB v2.6

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

master_1_MDL-74654.png
14 kB
19/Oct/22 4:25 PM
master_2_MDL-74654.png
16 kB
19/Oct/22 4:25 PM
v400_1_MDL-74654.png
30 kB
19/Oct/22 4:25 PM
v400_2_MDL-74654.png
22 kB
19/Oct/22 4:25 PM

Issue Links

has a non-specific relationship to

CONTRIB-8870 Replace password with role in joinURL

Closed

has been marked as being related by

CONTRIB-8983 Add role parameter, phase out moderatorPW and attendeePW from create, and password from join

Closed

has to be done before

MDL-75000 BigbluebuttonBN Mock server - Add support for new API

Open

is duplicated by

MDL-74724 Add role parameter, phase out moderatorPW and attendeePW from create, and password from join in 4.0

Closed

Activity

People

Assignee:: Shamiso Jaravaza

Reporter:: Jesus Federico

Peer reviewer:: Laurent DAVID

Integrator:: Ilya Tregubov

Tester:: John Edward Pedregosa

Participants:: CiBoT, Ilya Tregubov, Jesus Federico, John Edward Pedregosa, Laurent DAVID, Shamiso Jaravaza

Component watchers:: Jesus Federico, Laurent DAVID, Amaia Anabitarte, Carlos Escobedo, Laurent David, Mikel Martín Corrales, Sabina Abellan, Sara Arjona (@sarjona)

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 17/Mar/22 2:13 AM

Updated:: 21/Oct/22 9:14 PM

Resolved:: 21/Oct/22 9:14 PM

Fix Release Date:: 14/Nov/22

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

40m