Feature Request - Enhance Guest Access Security and Automation in Nextcloud Talk

[Air35]

How to use GitHub

• Please use the 👍 reaction to show that you are interested into the same feature.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

---

Feature request

Which Nextcloud Version are you currently using: (see administration page)
30.0.4
Is your feature request related to a problem? Please describe.

Yes, it is.

In the default configuration, when we share a conversation via email or link, Nextcloud Talk only enables guest access for it and sends an email with the direct access link, without setting an appropriate password for access, even if the conversation configuration allows it. Additionally, there are no options in the app's admin settings to enforce the use of random passwords for conversations shared with guests.

This means that users need to take responsibility for setting access passwords for all conversations, which can pose a security risk. Users may not always be willing or remember to properly create passwords for conversations. If access links are leaked, unauthorized individuals could gain access to sensitive data.

Describe the solution you'd like
Add a global setting in the app's administration settings that allows:

• Enforcing that all conversations shared with guests, via link or email, must, by default, have a password set;
• Enabling the automatic generation of random passwords for such sharing;
• Automating the inclusion of the password in the conversation invitation emails.

Describe alternatives you've considered
Currently, the file-sharing settings allow features similar to those requested for sharing files via link or email. It would be interesting if these settings could be applied to or replicated directly in Talk.

Additional context
Currently, we use Talk in our work environment, and many employees need to make calls with clients who do not have user accounts in our environment. As a result, they need to access as guests. However, since password settings need to be configured manually, it has been difficult to control the sharing done by our users.

[nickvergessen]

Enforcing that all conversations shared with guests, via link or email, must, by default, have a password set
Enabling the automatic generation of random passwords for such sharing;

We added that in the last version:
https://github.com/nextcloud/spreed/blob/main/docs/settings.md?plain=1#L118
But there is no UI option on the admin page yet. But you can enable it via OCC:

sudo -u www-data occ config:app:set spreed force_passwords --type=boolean --value=1

Automating the inclusion of the password in the conversation invitation emails.

We have the email invitation feature which is looking exactly into that. We just miss the last step which allows such conversations to even be "non-public", so you can only join with a email invitation access token. But we didn't find the time to finish it yet.