Static numeric usernames are rejected / interpreted as TURN REST credentials

[fouille]

Description

I am migrating an existing TURN service to Eturnal and need to keep existing static usernames.

Static credentials work when the username is non-numeric, for example:

eturnal:
  credentials:
    "00002063954332": "password"

But authentication fails when the static username is numeric.

The client sends the expected username, as shown in the logs:

Failed long-term STUN/TURN authentication [UDP, session ..., user 00002063954332, client ...]

If I change only the username from 00002063954332 to u00002063954332, using the same password and client, authentication succeeds.

Expected behavior

Static credentials should allow numeric usernames, especially when no secret is configured.

If both credentials and secret are configured, static credentials should probably take precedence over TURN REST / temporary credential handling when the username is explicitly listed in credentials.

Actual behavior

A static numeric username appears to be rejected, or possibly interpreted as a TURN REST username / expiration timestamp.

Why this matters

This blocks migration from an existing TURN server where client usernames are already provisioned and cannot be changed.

[weiss]

Yes that behavior was meant to be a small optimization. Initially, static credentials weren't supported at all, shared secret authentication is kinda the first-class citizen. So I wanted to avoid checking for static credentials on each and every authentication.

But that's a non-issue in practice. The resulting behavior is unexpected and too ugly to keep it that way. I'll fix it.

[fouille]

Hello @weiss

To participate in the project, I'm submitting this PR : #107
I don't know if I did the right thing, but my heart is in it :-)