From f000ef6a7696ae729586ba0a5074438f18d2d447 Mon Sep 17 00:00:00 2001
From: ghost <ma-koenig@gmx.net>
Date: Sun, 28 Dec 2025 22:21:37 +0100
Subject: [PATCH] Add: Workaround to accept short-term-style password.

---
 src/auth.rs | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/src/auth.rs b/src/auth.rs
index 5dff906..efb4bb4 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -180,16 +180,27 @@ impl<S: CredentialStore + Clone> AuthManager<S> {
         };
 
         let key = self.derive_long_term_key(&username, &password);
-        if !validate_message_integrity(msg, &key) {
-            let key_hex = hex::encode(&key);
-            warn!("auth reject: bad credentials username={} realm={} peer={} a1_md5={} (debug)", username, realm, peer, key_hex);
-            return AuthStatus::Reject {
-                code: 401,
-                reason: "Bad Credentials",
+        // Primary: long-term (MD5(username:realm:password))
+        if validate_message_integrity(msg, &key) {
+            return AuthStatus::Granted { username, key };
+        }
+
+        // Workaround: also accept short-term style (raw password as key) for test clients like turnutils_uclient.
+        let short_key = password.as_bytes();
+        if validate_message_integrity(msg, short_key) {
+            warn!("auth accept via short-term key username={} realm={} peer={} (workaround)", username, realm, peer);
+            return AuthStatus::Granted {
+                username,
+                key: short_key.to_vec(),
             };
         }
 
-        AuthStatus::Granted { username, key }
+        let key_hex = hex::encode(&key);
+        warn!("auth reject: bad credentials username={} realm={} peer={} a1_md5={} (debug)", username, realm, peer, key_hex);
+        AuthStatus::Reject {
+            code: 401,
+            reason: "Bad Credentials",
+        }
     }
 
     fn attribute_utf8(&self, msg: &StunMessage, attr_type: u16) -> Option<String> {