Skip to content

[stable32] fix(signaling): allow SIP bridge to access getSettings without a user session#18117

Open
backportbot[bot] wants to merge 1 commit into
stable32from
backport/18115/stable32
Open

[stable32] fix(signaling): allow SIP bridge to access getSettings without a user session#18117
backportbot[bot] wants to merge 1 commit into
stable32from
backport/18115/stable32

Conversation

@backportbot
Copy link
Copy Markdown

@backportbot backportbot Bot commented May 27, 2026
edited by miaulalala
Loading

Backport of #18115

Warning, This backport's changes differ from the original and might be incomplete ⚠️

Todo

  • Review and resolve any conflicts
  • Review and verify the backported changes
  • Amend HEAD commit to remove the line stating to skip CI

Learn more about backports at https://docs.nextcloud.com/server/stable/go.php?to=developer-backports.

@backportbot backportbot Bot requested review from fancycode and miaulalala May 27, 2026 10:43
@backportbot backportbot Bot added bug regression feature: api 🛠️ OCS API for conversations, chats and participants feature: SFU & SIP ☎️ labels May 27, 2026
@backportbot backportbot Bot added this to the 🪺 Next Patch (32) milestone May 27, 2026
@miaulalala miaulalala force-pushed the backport/18115/stable32 branch from b1d5d38 to ec0da09 Compare May 27, 2026 11:28
@miaulalala
fix(signaling): allow SIP bridge to access getSettings without a user…
b905f14 
… session

The security fix in #17576 tightened unauthenticated access to
getSettings(), breaking SIP bridge connections. The SIP bridge is a
headless service with no userId that authenticates via HMAC headers
(talk-sipbridge-random / talk-sipbridge-checksum), which getSettings()
was never taught to recognise.

Mirror the existing recording-backend detection block: validate the SIP
bridge headers when present, return 401 + brute-force throttle on failure,
and allow the no-token neutral-point path when the request is authenticated.

AI-Assisted-By: claude-sonnet-4-6 <noreply@anthropic.com>
Signed-off-by: Anna Larch <anna@nextcloud.com>
@miaulalala miaulalala force-pushed the backport/18115/stable32 branch from 8d2dd01 to b905f14 Compare May 27, 2026 12:29
@miaulalala miaulalala marked this pull request as ready for review May 27, 2026 13:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@miaulalala miaulalala miaulalala approved these changes

@fancycode fancycode Awaiting requested review from fancycode

Assignees

@miaulalala miaulalala

Labels

bug feature: api 🛠️ OCS API for conversations, chats and participants feature: SFU & SIP ☎️ regression

Projects

None yet

Milestone

🪺 Next Patch (32)

Development

Successfully merging this pull request may close these issues.

1 participant

@miaulalala