[ https://issues.apache.org/jira/browse/OPENMEETINGS-1411?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maxim Solodovnik resolved OPENMEETINGS-1411. -------------------------------------------- Resolution: Fixed > allowSameURLMultipleTimes parameter for secure hash is broken > ------------------------------------------------------------- > > Key: OPENMEETINGS-1411 > URL: https://issues.apache.org/jira/browse/OPENMEETINGS-1411 > Project: Openmeetings > Issue Type: Bug > Components: SOAP/REST API > Affects Versions: 3.1.1 > Reporter: Maxim Solodovnik > Assignee: Maxim Solodovnik > Fix For: 3.1.2, 3.2.0, 4.0.0 > > > per user list: > Hi, > > I detected an issue related to secureHash url and indirectly with the > allowSameURLMultipleTimes when it's setted as true. > > I'm using a 3.1.2 Snapshot version I donwloaded the 5/5 from the svn branch > and disconnected from the apache svn, so I have no further updates > > SecureHash url is created with an administrator user (swCetir in the case) > for an external user (moderator) > > ExternalUserDTO Json in construction > properties.addProperty("login", 1111L); > properties.addProperty("firstname", "moderator"); > properties.addProperty("lastname", "grabable"); > properties.addProperty("propilePictureUrl", StringUtils.EMPTY); > properties.addProperty("email", "pru...@cetir.com"); > properties.addProperty("externalId", 1111L); > properties.addProperty("externalType", "tipo_cetir"); > > RoomOptionsDTO Json in construction > properties.addProperty("roomId", 11L); > properties.addProperty("moderator", Boolean.TRUE); > properties.addProperty("showAudioVideoTest", Boolean.FALSE); > properties.addProperty("allowSameURLMultipleTimes", Boolean.TRUE); > properties.addProperty("recordingId", 11L); > properties.addProperty("showNickNameDialog", Boolean.FALSE); > properties.addProperty("allowRecording", Boolean.TRUE); > > Resulting in an url like > "http://localhost:5080/openmeetings/?secureHash=dbc154dc-7bb4-4d2d-9993-d3f4e54fbe3f" > > Now, the 1st time the url is called, the traces I added show the user used to > check permission is administrator user (swCetir) > DEBUG 05-26 10:33:10.095 MainService.java 311480 361 > org.apache.openmeetings.core.remote.MainService [RTMPConnectionExecutor-1] - > users_id: 2 > DEBUG 05-26 10:33:10.131 AuthLevelUtil.java 311516 65 > org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-1] - > rights: Dashboard > DEBUG 05-26 10:33:10.146 AuthLevelUtil.java 311531 65 > org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-1] - > rights: Soap > DEBUG 05-26 10:33:10.153 AuthLevelUtil.java 311538 65 > org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-1] - > rights: Login > DEBUG 05-26 10:33:10.157 AuthLevelUtil.java 311542 65 > org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-1] - > rights: Room > DEBUG 05-26 10:33:10.182 AuthLevelUtil.java 311567 36 > org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-1] - > Level Soap :: [GRANTED] > > 2nd and next tries, it uses external user (moderator) > DEBUG 05-26 10:33:29.290 MainService.java 330675 361 > org.apache.openmeetings.core.remote.MainService [RTMPConnectionExecutor-2] - > users_id: 3 > DEBUG 05-26 10:33:29.315 AuthLevelUtil.java 330700 65 > org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-2] - > rights: Dashboard > DEBUG 05-26 10:33:29.319 AuthLevelUtil.java 330704 65 > org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-2] - > rights: Login > DEBUG 05-26 10:33:29.331 AuthLevelUtil.java 330716 65 > org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-2] - > rights: Room > DEBUG 05-26 10:33:29.342 AuthLevelUtil.java 330727 36 > org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-2] - > Level Soap :: [DENIED] > > Resulting in a popup error: "Unknown error. Please report this to the > administrator. [334]" > > If allowSameURLMultipleTimes is setted as false, error shown is: "This > session hash has already been used [787]", but it still checks the rights of > the administrator user > > Best regards. > > > Pablo Vidal Figueiras -- This message was sent by Atlassian JIRA (v6.3.4#6332)